Pitfalls to Avoid When Switching to Secure HTTPs

If you’re like me, “website security” is one of the few digital topics where you doze off a bit. So unless you read Site Security And Encryption Aficionado with your morning coffee, you may need to learn a bit about the marketing impact of moving to a secure site.

Take a look at these potential problems and their solutions to avoid losing traffic or revenue (“That topic is boring to me” isn’t really a good excuse for losing revenue).

Blocking the Site From Organic Traffic

Without realizing it, your site may be blocking the HTTPs site from search engines. Before you switch, make sure your robots.txt file allows crawling of both HTTP and HTTPs sites.

Not Telling Google That You’ve Moved

Moving from HTTP to HTTPs means you’ll have a temporary organic traffic dip before Google figures it out. You can speed up that process with these steps:

1. Set up Google Webmaster Tools for your HTTPs and HTTP sites
2. Use the Move feature to tell them you’ve switched
3. Send them an updated XML sitemap with your secure URLs

Duplicate Content Party at Your House!

Even if you intend for everyone to use the new secure site, often both are actually live. This means visitors may still land on unsecure pages. You’ve also duplicated all the URLs on the site which scatters organic search value.

1. Set up redirects so that any HTTP page does a 301 redirect to the HTTPs version.
2. Update internal links and CSS/JavaScript files so they don’t reference HTTP anymore.
3. Update meta tags such as rel=canonical, rel=alternate, and Open Graph tags to not use HTTP either.

Secure, Or Kinda Secure?

Not every site’s security is the same. Google for one is taking note of the level of security, which may impact organic traffic a bit (in the future especially).

1. Use a 2048-bit key certificate
2. Test your certificate’s quality with QualSSL tool

…And Now Your Site Is Slow

Security can impact page loading, so take these steps before driving away users with a slower site:

1. Test to effects of making the whole site secure to see if there’s a significant slow down.
2. Use the HTST Strict Transport Security header to speed the site up. Browsers and search engines will skip the HTTP redirect & remember that this site is always secure.

* Photo credit to Kris Krüg under CC BY-SA 2.0 license