When we talk about the connection between SEO and website security, one of the first points typically mentioned is the importance of an SSL certificate. Of course, there’s more to maintaining an e-commerce site’s security than an encrypted and secure HTTP connection. However, with changes Google made with its recent release of Chrome 62, this is one security measure you can no longer afford to bypass.
Google now marks all HTTP pages with data entry fields collecting any type of personal information as “Not Secure” when visitors:
- first enter the site
- attempt to enter data into a form field
- view a page in Incognito mode
It is Google’s mission to create a safer web, and they suggest that an SSL certificate is necessary site-wide. As was explained in the Chromium blog announcement, “Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network.”
One of the ways Google is creating a safer web is by penalizing websites that remain on HTTP with this security warning. There could be serious ramifications for e-commerce sites, in particular, that don’t abide by Google’s strongly suggested change. So, let’s talk about how you can add an SSL certificate to your site and swiftly migrate to HTTPS, which will help you hold on to your current customers’ loyalty and trust while also instilling a sense of security in new visitors.
Here is how to do it:
1. Know Which Type You Need
All SSL certificates are not created equal – so you need to know which would be the best choice for your business. There are three types of SSL certificates you can choose from:
- Domain Validated Certificate
- Organization Validated Certificate
- Extended Validation Certificate
Because e-commerce sites need (and want) to gain the full trust of customers, you shouldn’t skimp on security. For this reason, you should consider investing in an extended validation SSL certificate, which, of the three, provides the highest level of trust and security.
2. Buy the SSL Certificate
Before running out to buy an SSL certificate, check with your web hosting provider or shop builder to see if they offer one with your hosting plan. For example, Shopify forces HTTPS for all stores hosted by them. If you do have to look elsewhere, check with a CDN and security provider like CloudFlare or one like Comodo that specializes in e-commerce security.
3. Migrate Your Site to HTTPS
Your web hosting provider should have an area in the control panel where you can upload your SSL certificate (for example, here’s WP Engine’s explanation on how to do this on WordPress). Once it is installed, your entire site will instantly move over to HTTPS.
4. Add a 301 Redirect
Migrating to HTTPS at the server level should migrate your entire site, including image paths and internal links. If that doesn’t happen, however, your store could be in serious trouble. A “Not secure” warning isn’t good for business, but a mixed content warning that blocks users from accessing your store is downright bad. Don’t let that happen. Be sure to create 301 HTTP redirects to ensure that all content on your site is served through HTTPS.
5. Activate HSTS
There is no way to inform customers that you’ve made the switch to HTTPS, so you need to activate HTTP Strict Transport Security, or HSTS. This will automatically redirect everyone to your new secure site path. You can do this through your web server.
6. Update Google
Both Google Analytics and Search Console need to be updated with your new https:// domain. Once you’ve updated your accounts, create a new sitemap (for both desktop and mobile) and send to Google to re-index.
With your site migrated and Google notified, make sure Google has re-indexed your site in its new HTTPS state and that everything looks fine. You can do this by using Fetch as Google (probably wait a week or two to do this).
As the owner of an e-commerce website, you’re well aware of how many points of engagement you hope for with customers. If your site currently remains on HTTP and your visitors arrive from a Chrome browser, you may be compromising your ability to safely communicate with them. By migrating to HTTPS and adding a new layer of encryption to your store, you’ll give customers just one more reason to trust you.
Endicia is a leading provider of internet-based postage services that make it easier and more affordable to ship parcels through the U.S. Postal Service®. We know that shipping can be complex and our goal is to simplify your shipping operations so you can focus on doing what you do best. Visit us at endicia.com to learn more.