Google and HTTPS – What you need to know now

Sep 8, 2017 | Google, SEO

Google To Show Warning on Web Forms Without HTTPS

On August 17,2017, Google caused a lot of excitement with a warning mail sent via the GSC (Google Search Console). What you need to know now, if you have received this mail.

Background and facts

For several years now, Google has been pushing the use of HTTPS on the World Wide Web. The reason for this: Google wants to make the web safer. The importance of the widespread use of HTTPS by Google was demonstrated in August 2014. At the time, Google announced that HTTPS is a ranking factor. In December 2015, the Google Webmaster’s central blog announced that the HTTPS variant of a website was preferred as the default indexing method.

The change in Chrome announced by e-mail is thus just another step on Google’s way to the completely encrypted WWW.

What to do now

The most important thing now is to keep calm. The announced changes will not take effect until October. However, it is still advantageous to make the switch to HTTPS right now. It may take some time before a website’s conversion from HTTP to HTTPS has reached Google’s index. And since there are currently many websites in the annual traffic summer hole, now is the best time for such “conversions”.

If website operators waive the conversion, Google’s browser Chrome will display the note shown in Figure 2 from October onwards, if data can be entered on a subpage using a form or if an unencrypted website is called up in incognito mode.

 

The warning message in Google Chrome

 

This is already the case today, for example on login pages. Chrome has been showing the emergency-secure warning there for some time now.

How do I change my website to HTTPS?

The first step is to purchase an SSL certificate for your website. There are different types of certificates, the CA Security Council gives a clear overview in this info graphic. A “Basic” certificate is sufficient to avoid the warning in chrome. With this type of certificate, only the ownership of the domain is confirmed, in addition to the encryption of the data. This certificate is also called DV (Domain Validation) certificate. You can obtain a DV certificate free of charge at https://letsencrypt.org. There you will also find detailed instructions for implementation. For example, if you are using WordPress, you can use the Really Simple SSL plugin recommended by many SEOs to install the certificate.

After you have installed the certificate on your server, you should test whether all URLs of your site are available in the HTTPS version. If this is the case, the next step is to forward the HTTP URLs to HTTPS. This redirection ensures that users and search engines can only access the HTTPS version of your website and sends a clear signal to Google that your content can only be accessed under HTTPS. All you have to do is add a small addition to the. htaccess file on your web server:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301, L]

 

The best thing to do is to list all HTTP URLs of your website before the conversion, so that you can check whether all URLs are forwarding correctly after the conversion.

Next, you should check the internal links on your website. If you use relative links, there should be no problems. However, if you use absolute links, you must now switch each internal link to HTTPS to avoid internal redirects. Also pay attention to links that are not directly visible on the pages, such as Canonical Tags. If the Canonical tags of your HTTPS URL still refer to the HTTP variant, Google may not index the new URLs. If your CMS does not automatically update the Sitemap. xml, you should make sure that the HTTP URLs are also replaced by the HTTPS variant.

Don’t forget to switch external links to your website, for example in Facebook or Google AdWords, to the new URLs. Links from other websites to your website cannot be changed by you, but it is worthwhile to ask the operators of the links for an adjustment of the links.

Because Google’s encrypted and unencrypted versions of a website are two different websites, you also need to create and verify the HTTPS variant of your website in Google Search Console. Add your new sitemap to the GSC on this occasion. Important: It may be tempting to request a change of address in the Google Search Console to switch from HTTP to HTTPS – but this function is not intended for this purpose, so it’s better not to use it.

In addition to the GSC conversion, you should also check whether your Google Analytics implementation is working properly on the HTTPS version of your website.

Conclusion

HTTPS is becoming more and more important for website operators through Google’s SSL promotion. The recent announcement about the Google Search Console is ultimately just another step in a development that Google began several years ago. In order to remain competitive and search engine compliant, website operators should switch to HTTPS by now at the latest. However, as there is a lot of technical information to consider, the conversion should be well prepared and checked to avoid any damage to rankings or accessibility.