There are now 2 very good reasons to change over from running your website with http:// at the beginning of the address to running it with https://
Note: http stands for Hyper-Text ( the text that does more than standard text, because you can click it etc. ) Transfer & Protocol. Protocol are the rules for transferring the hypertext. S stands for Secure.
Reason #1
Google, per recent letters sent to Webmasters ) has said …
[quote style=”1″]starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page.[/quote]
I’m sure you don’t want the new version of Chrome to label your website not secure ! But HTTP isn’t encrypted like HTTPS is and Google are quite determined to secure the internet. Here’s a link to the intended rollout at Google Blog … https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
So eventually all http:// pages will be labelled Not secure.
And although a couple of years back Google said running your website over https:// was a “slight” benefit to search rankings, now it’s become more influential.
Reason #2
It’s early days at present, but HTTP/2 is coming !
HTTP/2 is a faster way of serving out websites than the current HTTP/1.1 and it’s starting to roll out. To make use of it, your pages have to be encrypted, which means … change your website to https.
Then try the test on this page … https://www.httpvshttps.com
Encryption
Encrypting a website requires an SSL certificate, which is a file of code that encrypts a website page with a key before it leaves the host. It’s issued by a CA ( certificate authority ) who provides the browser developers ( Chrome, Safari, Firefox etc. ) with the key to decrypt the pages when they download.
It’s become much easier to get and install an SSL certificate the last couple of years.
In fact if your website is running on cPanel ( probably the most popular hosting control panel ) you already have one installed for free and waiting to be used,
Just last December cPanel teamed up with the Comodo certificate authority to provide AutoSSL … https://www.comodo.com/news/press_releases/2016/12/worlds-largest-CA-comodo-and-web-hosting-platform-leader-cPanel.html
And if you don’t want to use the Comodo certificate, or it’s not available, then there’s the free Let’s Encrypt certificate from https://letsencrypt.org and Certbot to help install and manage it … https://certbot.eff.org
Speed !!!
No-one likes a SLOW website. But as websites have been getting bigger with lots more to download – text and images and resources it’s been getting harder for http/1.1 to keep it fast. HTTP/2 is a solution.
HTTP/2 is supported by the most current releases of Edge, Safari, Firefox and Chrome, but none support it unencrypted. You’d think it would take more time to encrypt and decrypt everything, and you’re right it does. But as it will allow your website to use http2, the result will be a speed-up as http2 becomes the standard.
How to change your website to https ?
It’s a similar routine for all websites. We have several WordPress websites running in cPanel which made it quite easy, so here’s what we did. It may be a bit technical, so give it a miss if you like.
(1) The Certificate
You can check if there’s a certificate already installed and ready to go in your hosting by going pasting in your domain name here … https://www.sslshopper.com/ssl-checker.html
We run on cPanel, so already had the certs and got a lot of green dots and and info that the certificates were issued by Comodo.
(2) Updated the URL for the website to HTTPS
In the admin/dashboard. Settings > General Settings > the addresses were updated : WordPress Address (URL) and Site Address (URL) to their HTTPS:// counterparts.
(3) Redirected HTTP pages to HTTPS
Opening up a file called .htaccess though cPanel, pasted 3 lines of code …
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
(4) Updated links in the posts by doing it in the database.
Accessed the database from PHPMyAdmin in the cPanel and ran these queries …
# Update self-hosted embeds (images, iframes, scripts, etc.)
UPDATE v7d_posts SET post_content = REPLACE(post_content, ‘http://bunyipcamping.com.au’, ‘https://bunyipcamping.com.au’);
UPDATE v7d_posts SET post_content = REPLACE(post_content, ‘http://www.bunyipcamping.com.au’, ‘https://www.bunyipcamping.com.au’);
# Update internal pingbacks
UPDATE v7d_comments SET comment_author_url = REPLACE(comment_author_url, ‘http://bunyipcamping.com.au’, ‘https://bunyipcamping.com.au’);
UPDATE v7d_comments SET comment_author_url = REPLACE(comment_author_url, ‘http://www.bunyipcamping.com.au’, ‘https://www.bunyipcamping.com.au’);
(5) Manual Checks
Some things are just best done manually and that’s what I found with menus and text Widgets. I looked through each and updated http to https where needed.