Last chance before you get penalized by Google – switch to HTTPS

Since 2014 Google has provided a ranking boost to sites that use HTTPS making it clear that that’s now one of many ranking factors it uses. In an effort to move to a more secure web Google is making significant changes to Chrome in January 2017 that make switching sites to HTTPS a pure necessity. If you’re not using HTTPS, this is your last chance not to lose visitors, conversions and ultimately money.

What exactly is going on?

At the moment Chrome is not explicitly labeling HTTP sites as non-secure. However, with version 56 (coming out in January 2017) it will mark sites that collect passwords or credit cards as non-secure if they use HTTP. The picture below will explain everything better.

Chrome v56 HTTP sites

I don’t care! I don’t have any password fields / don’t ask for credit cards

OK, we hear you. However, this is just the beginning of changes. Google eventually plans on marking all websites that are on HTTP as non-secure. There’s no date on that at the moment but, things are moving fast on the web so it may happen in about a year. They plan on marking HTTP sites as non-secure in quite a visible way.

Although used by about 50% of users, Chrome is not the only browser. However, in this case, relying on “others’ won’t follow this crap” approach probably won’t help as other browsers have also started making similar changes.

Chrome, future version HTTP sites

Enough with the bullshit! How do I get HTTPS running in 2 minutes?

Depending on your hosting provider adding HTTPS to a site can be 2 minutes of work and zero dollars, or it can be a combination of about 50 dollars and a few hours of work.

Free, under a minute setup

If you’re using services of a proactive hosting company that supports Let’s Encrypt (see if your hoster is on the list), you can get an SSL certificate for free. It’s genuinely free; there’s not “buts” or any “small print” involved. Installing it will take 2 or 3 clicks and about 35 seconds of waiting until things are auto-configured. In total – a pleasant experience. Log into your cPanel and look for the “Let’s Encrypt for cPanel” icon; click and follow the on-screen instructions. If your site is using a CMS, minor modifications will be necessary to switch to HTTPS. See how to do it in WordPress.

Let's Encrypt cPanel

Not free, but still fast setup

If you’re not lucky enough to be using a decent hosting provider that has Let’s Encrypt support and don’t want to get your hands dirty with certificates, you can buy a commercial certificate and have the hosting company install it for you. In most cases, it’s an add-on service, so you’ll either be able to order via the customer’s portal or by sending an email.

Certificates are, just like domains, purchased on a yearly basis and have to be renewed, so the initial cost of about $50 you’ll pay is not the end cost. You’ll have to renew the certificate yearly. Make sure the renewal fee is roughly the same as the initial price. If you’re offered more than one certificate with different prices, you can go for the cheapest one. If you have a small site with a simple hosting setup, it won’t make a difference.

Slow and maybe free setup

If you have time on your hands but refuse to pay for a certificate, there’s the option of generating a Let’s Encrypt certificate (again, this will be free) and then installing it on your site. In theory, you can install it on any site, but in practice, things are more complicated, and chances are it’s not going to be smooth sailing for you. On shared servers look for the “Install SSL Certificate” icon and upload the certificate (this

On shared servers look for the “Install SSL Certificate” icon and upload the certificate (this tutorial and comments on it will help ). If it’s not there, you’ll require assistance from support and they may turn you down insisting that you buy a certificate from them. If you’re on a self-managed server of any kind, you won’t have such problems but installation will be a “technical” thing we can’t cover in this article.

Help! I’m not using cPanel

It’s impossible for us to cover every server setup GUI. Besides things being named a bit differently, they should work the same as on cPanel. If it doesn’t look like that send an email to your hosting company:

Hi,
I’d like to make my site www.funnycats.com more secure by switching to HTTPS.
Do you support the free Let’s Encrypt certificate (letsencrypt.org) and can you install it for me?

Setting up WordPress to work on HTTPS

There is only one thing to do. Change the Site address and WordPress address in General settings to reflect the new URL. Don’t get scared – after saving settings, you’ll have to log in again. Depending on your server setup old links (one with HTTP) may or may not be redirected to new, HTTPS ones. Try opening an old URL and see if it redirects. If it doesn’t add this line to your .htaccess file, after the “Rewrite Engine On” line:

RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


That’s all there is. We hope that migrating your site to HTTPS will be painless and done in time so you don’t get penalized by Google. What do you think about this change? Have you made your site more secure by switching to HTTPS? Let us know your thoughts in comments.

START YOUR OWN BLOG

This guide is an introduction to mastering the art of blogging. It provides easy to follow steps to start, maintain, and grow your blog.

Read the guide

2 thoughts on “Last chance before you get penalized by Google – switch to HTTPS

  1. Another option that you might mention for a basic site is CloudFlare. One can use that for free with a simple site and get both an SSL cert and caching to boot.

Leave a Reply

Your email address will not be published. Required fields are marked *