Google is getting increasingly serious about website security. For a few years now they have been gradually making it more attractive for websites to have an ‘SSL certificate’, which makes the transfer of data between a website and a person’s browser more secure.

Read more about SSL here

From October 2017, websites with any kind of text input (for example a contact form) will require an SSL certificate if they want to avoid a “Not Secure” warning in the address bar of Google’s Chrome browser.

chrome not secure message in browser

In the worst case, if your website doesn’t have an SSL certificate, people will be sent to this page, not your website:

connection not private error message

Is my site affected?

Here are 2 questions to ask yourself:

  • Does your website take any text input? This includes contact forms, site search, newsletter signups, and login areas.
  • Is your website using HTTP:// in the address bar?

If you answered “yes” to both of those questions, you need to implement HTTPS… And if your site has a checkout, i.e. you sell things online, then you absolutely must get an SSL certificate as a matter of urgency.

And you need to make sure it’s done in the right way so you don’t risk losing visits from search engines.

What should I do next?

  1. Contact your web developer and tell them you want to move to HTTPS. There are a few different ways to do this and your developer will be able to advise you on the most suitable one for your site. Check out this article on Moz for some options.
  2. In technical parlance, the move to HTTPS is a ‘website migration’. This means that all the pages are moving to a completely new location. Ask your developer to use ‘permanent redirects’, as opposed to ‘temporary redirects’, to point all the pages on their old HTTP address to their new address at HTTPS. Permanent redirects work better for SEO. More on that here.
  3. Ask your web developer to scan your website’s database for instances of HTTP and to replace them with HTTPS when they switch your site over.

Rank tracking

If your business depends on visits from search engines for enquires and sales, we’d recommend you implement ‘rank tracking’.

Here are the steps you’ll need to take:

  1. Keyword research: compile a list of the main keywords that people use to find your website. Although this is a ‘how long is a piece of string’ exercise, you should be able to get a ‘fit for purpose’ list of keywords from your Google Search Console (set it to the last 90 days). If your website is a few years old or more and you’ve been running Google Analytics all that time, you’ll be able to get more keywords from Analytics. Experiment with setting the timeframe so the list isn’t dominated by ‘not provided’.
  2. If you’ve used more than one source to compile your list of keywords, you’ll need to de-duplicate the list using Microsoft Excel.
  3. rankwatchNow upload your list of keywords into a ‘Rank tracker’. These are tools that test, daily or weekly, where your website ranks for a list of keywords. Rankwatch is one of our favourites for this kind of work. It’s simple to use, does daily tracking, and is inexpensive. Although it doesn’t offer much of the more refined analysis, it’s perfect for spotting whether your rankings have changed for a keyword, and if so, which page is affected.
  4. Run your rank tracking software for a least a week before you migrate your site onto HTTPS. That way, you’ll be able to plot a trend for how well your site is ranking.

You can now ask your web developer to make the move over to HTTPS. When that is complete, look at your rank tracker every day for at least another week, ideally 2 weeks, and check to see if any of your keywords are suffering and which page is affected.

What sort of problems can I expect?

Hopefully none. One of the difficulties with persuading organisations to undertake this kind of work is that the best result they can hope for is ‘no change’. But when things do go wrong, it can be catastrophic. We know of one well-regarded charity that lost 20% of its website visitors through a poor migration, and a trade association that has lost over 50% of its visitors.

If there is a problem, for example if your developer has used temporary redirects rather than permanent redirects, Rank tracking will help you to quickly identify where the problem is, and you can begin coming up with an answer. The longer you leave it, the harder it is to recover.

Good luck and please feel free to contact us if you’d like any further information on this.