Why Switch to HTTPS?
And now – what you should really expect if you decide to switch to HTTPS. And what advantages and disadvantages does it bring?
Perhaps the biggest hurdle that may discourage you from switching to HTTPS is time.
When switching to HTTPS you have to take into account that the actual processing of the information will take some time (figuring out what certificates are out there, which one to choose and where to buy it). You also need to consider the time spent on the actual implementation (you simply have know where to put what, how to check it, and ensure smooth operation of your HTTPS). Finally you will also spend time fixing bugs, which you cannot avoid.
The following section is going to give you a bit of a picture of what is ahead of you if decide to switch to HTTPS. Of course this is usual routine for an experienced web hosting company or a web integrator. However, if you do not have anyone of that sort to hand you may be in a bit of trouble.
You will need to redirect your whole web to the new URL, which will be used now by the new HTTPS instead of HTTP.
And why do we have to redirect? Websites running on HTTPS constitute a separate web system, different to the one that previously ran on HTTP. You actually have two identical websites from the perspective of search engines.
If you want to avoid duplicating your site (which is not a desirable state from SEO perspective), you have to redirect the old HTTP web to the new HTTPS version.
You need to redirect all the unsecured URLs to secured ones through status code 301 (Moved Permanently - which means that it is permanent, not just temporary).
Now imagine that this whole process has to be done, say, for a website that is used by thousands of people every day; and everything must be done smoothly, ideally without your end user being aware of it.
Again, of course, if your site uses a platform that is ready for changes of this sort (such as CMS LARS Vivo ), the whole process is much easier and less time-consuming.
Some More Worries with Redirecting
Subsequently, you have to verify that the redirection works on all subdomains of the site.
Furthermore, it is necessary to reset all the URL export links (e.g. Feeds for heureka.cz or zboží.cz where you have to change the URLs of https feeds).
You will need to modify all URLs on the web so that they lead to your HTTPS site (either use an absolute URL with HTTPS, a relative URL, or protocol relative URL „://“)
The redirection settings need to be done so that looping doesn’t occur (the user might be redirected to another URL and back again, and so forth, and instead of viewing the site s/he would see a constantly changing URL).
You should adjust hreflang URL, if applicable.
You should modify URL of RSS, if you use RSS feed for e-books.
You need to modify URL to Facebook, Twitter and other interactive buttons, the same applies to meta tags OG: URL.
You should create new robots.txt.
You need to switch the location of sitemap.xml files to https: // and edit the sitemap link in robots.txt.
You should change URL in sitemap.xml file to https: //.
For large sites you need to, for smaller sites (up to a few dozen pages) you should keep the original redirect chain.
MYou have to redirect URL with_escaped_fragment_ = to their alternatives 1: 1 (i.e. from http://www.s.cz/?_escaped_fragment_= -> 301 -> https://www.s.cz/?_escaped_fragment_= ) to preserve information about the real source of visits.
Changes in Google Analytics, Google Webmaster Tools, Adwords, Sklik and other tools – the next necessary step after transition to HTTPS is to reset the URLs in Google Analytics. If not, Google Analytics will not be measuring.
Fig. 1 - Google Analytics/i>
You should add the HTTPS version of the site in Google Webmaster Tools (because of HTTPS statistics).
You should change the URL of the web wherever you have been using it, e.g .: PPC campaigns (Sklik, Adwords, Facebook etc.), banner and other campaigns, affiliate links, opensearch.xml.
Then you should probably change the URL in your email signatures, automatic emails, etc. These URLs may be redirected on the server side.
Do you still feel like switching to HTTPS?
To make matters worse, until recently, Seznam, in particular, had problem with indexing the transferred web sites, which resulted in noticeable drop in their traffic (this situation lasted nearly a year). Seznam allegedly resolved the situation in April.
Although Seznam says that everything is alright now, it should still be borne in mind that Seznam does not guarantee smooth transition to HTTPS: "Sadly, in individual cases short drops may still occur (the bigger the site, the more prone to the problem)."
This, however, is true for any massive changes in links. In short, you never know how it can shake up your web.
As an HTTPS operator you have to keep in mind when the certificate expires, and thus in time generate and deploy a new certificate.
Otherwise, your visitors may end up viewing an ugly red warning message saying that the site does not have a valid certificate. Of course, SSL certificate renewal can be automated, but again - it will cost you extra time to figure how to do it. And time is money...
And then you want to keep in mind there is a need for testing during migration to HTTPS and fixing bugs that always occur during transition to HTTPS. You will definitely forget about something or set up something wrong.
Finally, also note that search engines can take a while processing that some change associated with the transfer to HTTPS took place, which can result in temporary (or steady decline) in your ranking (especially on Seznam) and therefore lower traffic.
Now we get to the main arguments for switching to HTTPS. Although, there are not so many, but after all they are not the reason why you are doing it.
In essence, this should be the main reason to switch to HTTPS. Transmitted data is not so easy to capture; therefore we significantly eliminate the risk of the possible data leakage problem.
Using HTTPS is considerably more complicated than using HTTP, using SPDY protocol can noticeably increase the speed of web loading thanks to linking of requests for individual files. If the page loads a large number of objects (typically images that cannot be combined into one) HTTP takes considerable time to process the request creation. SPDY can group requests for files, and thus achieve a significant increase in acceleration in loading sites.
This will save you time in the future – so you will not have to make the change later. As sooner or later HTTPS protocol will probably be a standard. As a result you will be slightly ahead, and can make this change now.
As the expert on security Michal Špaček says: "The next version of HTTP counts only with encrypted traffic, simply put, HTTP 2.0, will be only HTTPS. While one day GooAnd you will get that one extra point in SEO already now, while Google still officially favours sites that have switched to HTTPS :-). As was stated above - you shouldn’t be switching to HTTPS just for this one point.
So When Does it Make Sense to Look into HTTPS?
If you manage transactions or users’ sensitive data, and want to increase the credibility of your website and data security.
If you are launching a new Web / e-shop (so in essence you are creating everything from scratch and don’t need to do any migration from HTTP to HTTPS)
If you don’t want to be dealing with the transition HTTPS later, when you have to (as HTTPS will be a standard on the majority of sites).
Migration to HTTPS only because of SEO makes no sense, which is also confirmed directly by Seznam and Dušan Janovský: "We get many questions asking if it is a good idea to move sites to https: protocol. Apparently, Google said they want it. I say that changing your URL for no reason is stupid. "