This week we’ve received confirmation (or as close as we get with Google) that sites on HTTPS have now sneaked over 30% of page 1 results. When put into context, that’s a rather big chunk of search results; it would seem Google has been aiming at the bigger boys, and with much success. Wikipedia’s swap to HTTPS can be considered the flagship success of Google’s campaign towards a more secure web.
With this in mind, we’ve put together a ‘how-to’ guide for getting your site across to HTTPS safely and securely, giving you a bit of insight into the future of HTTPS in search.
Make sure your HTTPS certificate is from a recognised provider
First and foremost, make sure you have a certificate and that the provider is a recognised and trustworthy source.
Make sure all variants of your domain are covered
An issue seen time and time again has been that sites have migrated over to HTTPS, but not all variants of their domain are covered by the certificate. For example, http://www.domain.co.uk and http://domain.co.uk should all be covered by your SSL certificate. Your provider should be able to tell you what is being covered within the certificate.
Have your technical team produce the relevant redirects and make required site changes
Your technical team should then implement the HTTPS certificate and look at constructing and implementing the relevant 301 redirects for all forms of your HTTP domain; this 301 will save a lot of the authority on the current domain when you’re transferring over.
For example, once HTTPS is implemented:
http://www.domain.co.uk should redirect to https://www.domain.co.uk
http://domain.co.uk should redirect to https://www.domain.co.uk
http://sub.domain.co.uk should redirect to https://sub.domain.co.uk
Also, all sub-domains should perform in the same way. However, if your domain is set up in any way differently, ensuring all variants redirect to one secure version is the important thing.
It’s also important to have your technical team check the website for mentions of HTTP on internal links, and that they change these to the new HTTPS domain.
Set yourself up in Google Search Console and amend your analytics
The next thing to do is set up your Google search console or relevant Webmaster tools with the new HTTPS variants of your domain. Your SEO team / agency should be able to help you with this.
You will then want to change your analytics to target the HTTPS version of your site. We recommend changing the targeted domain (website URL) in your view settings and your default URL in property settings; it’s also worth adding an annotation to your data to mark the day you made the switch. Again, your SEO team or agency can help you set this up.
Test, test, test
Take time to run through your site checking links. Search your domain in a couple of different search engines, and just click through and check you can get to your site. If you have an ecommerce site test, your payment gateway is working thoroughly.
Monitoring and outreach
Once the initial work is out of the way and you’ve tested your site (to within an inch of its bandwidth), it’s important to keep monitoring Search Console and other Webmaster platforms for errors.
It’s also worth reaching out to any links you may have and see if those can be changed to HTTPS. Although 301 redirects will save the most part of the value of a link, a direct step for Google is always preferable.
What’s coming up?
With the adoption rate currently sitting (potentially) above 30% and taking into account the trend of adoption, we can expect that within the next year and a half we’ll see it hitting around 50%. If achieved Google can issue bigger benefits (than currently available) for adoptees, or a punishment for those who haven’t, we’ll have to wait and see.