Last month, Google shook up the hosted online content creator world with news that their search rankings will start to reflect HTTPS security. That’s big news. Google wants a secure web, and to get us all there — kicking and screaming, if need be — they will reward those who leap on the SSL bandwagon with higher visibility.
For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
When Google speaks, we content providers tend to jump!
Fifteen years ago, I employed SSL on my websites — not because I was selling anything but, because I believed then, as Google believes now — that locking down a secure session for people reading my work was important.
That belief cost me hundreds of dollars in buying secure certificates and installing them myself on a root admin level.
It was all a lot of work for what, in the end, became a punishing payback because people back then didn’t really seem to care if their session was http:// or https:// and adding a secure sockets layer put a lot of stress on server CPU cycles — and everything got really slow — all in the same of a security that nobody, but me, really wanted.
When the SSL certificates expired, I did not renew them, and not a single person — other than me — cared or noticed.
Oh, how the world has changed in 15 years!
Now we all want security.
We all want to make sure our computers and web browsers are a secure as possible and the SSL cert companies are leaping into the air at the new windfall for their righteous, and important, business.
Pair are my hosting company, and they’re currently running a SSL Premium Certificate special: $64.50 for two years per domain! Wowser!
That is a fine special, and a great way for me to get back into SSL publishing without breaking my back or bank! Pair does the installation and maintenance. I just worry about setting up my sites to wade back into the https:// secure waters.
I’m delighted to announce I have, so far, secured four of my main business websites:
Going SSL is not a simple task, especially if you already have a lot of pre-existing content.
You will need to make wholesale source page changes to secure your entire site with https:// and here are the steps I took for each of my domains.
I’ll use Boles.com as the default example to keep things simple. Make sure your SSL cert is installed and working before you begin this process and you will need to be using a dedicated IP for this to work.
1. Use a program like Dreamweaver to do a universal, full code, source “FIND” for http://Boles.com and “REPLACE” with https://Boles.com in your local directory. I had over 6,000 URL changes for the Boles.com domain alone. Save all the files. Upload the changes to your server. Be sure to use the specific URL you want found and changed because just using part of the URL address could change other things in your code you do not intend.
2. Do the same “Find” and “Replace” for any other domains you’re changing from http to https for each site you’re upgrading to SSL.
3. You must update all your source code, because if you call an image using http on an https website, the visitor’s browser will raise warnings about the session not being secure. So, if you use images or files from a non-secure, outside connection, you likely should not go the https route until you can find a way to securely call those resources in your code.
4. Visit all your live pages to make sure each connection is secure. I am still finding a rogue page or two that didn’t take the Find and Replace very well, and I’ve had to do a few code fixes by hand to secure the connections.
5. If you embed any outside content using an iFrame, or some other scheme, make sure those sources are using https, too. I can confirm Vimeo, SoundCloud, Google Analytics, Google Custom Search and PayPal all work great, by default, using HTTPS and I didn’t have to touch their code that I was already using to secure those services. That was a great relief, and checking out all those services for https connections is what took most of my pre-SSL cert purchase prep time.
6. If you use Google Analytics with Webmaster Tools, change your domain URL to https:// in your admin area to let Google know you successfully made the change to SSL!
7. When you have everything working, you can take the next step and force everyone visiting your sites to use https and a secure session — they type “Boles.com” and get automatically redirected to https://Boles.com — and I was able to get that done by using the following code — Provided by Pair — in my sever’s .htaccess file for each of my domains:
Remember, if you ever decide to not go HTTPS in the future, you’ll need to reverse the changes you made here.
All David Boles Blogs images you’re seeing on this site are called from my Boles.com server — and that means every image you now view here is being fed to you via https and SSL — and I didn’t have to do anything special here to make that happen. The .htaccess change I made handles that invisibly for me, and you!
The great thing about web servers today — compared to those from a decade and a half ago — is that they are faster and more efficient. I notice no slow down now in loading pages using https instead of http — and that’s a great and grand thing.
Creating secure connections is a fine gift we can give each other moving forward into a treacherous and dangerous world — and sometimes it takes a benevolent overlord like Google — to point you in the right direction by taking your ear and twisting you thataway just a tiny bit to get there a little faster.