This document discusses HTTPS, a protocol that encrypts communications between browsers and websites to secure data transmission. It notes that HTTPS helps prevent tampering, supports user identity verification and encrypted communication, and may boost search rankings. While HTTPS improves security, it requires technical expertise to properly implement, including obtaining certificates, enabling encryption at the server level, ensuring proper redirects, and avoiding common WordPress issues. The document outlines both benefits and potential risks of moving a site to HTTPS.
2. WHAT IS HTTPS
A PROTOCOL MADE TO
SECURE COMMUNICATIONS
BETWEEN YOUR BROWSER
AND A WEBSITE BY
ENCRYPTING THE DATA,
ENSURING THE DATA HAS
NOT BEEN MODIFIED, AND
AUTHENTICATING THE
RECIPIENT.
3. WHY YOU SHOULD BE SECURE
•IDENTITY VERIFICATION
•ENCRYPTED COMMUNICATION
•HELPS PREVENT TAMPERING AND
MAN-IN-THE-MIDDLE ATTACKS
•TRUST
•NO LOSS OF REFERRAL DATA
•GOOGLE RANKINGS BOOST?
4. USES HTTPS AS A RANKING SIGNAL
http://googlewebmastercentral.blogspot.com/2014/
08/https-as-ranking-signal.html
*MAY STRENGTHEN OVER TIME
5. GARY ILLYES, GOOGLE WEBMASTER
TRENDS ANALYST SAID:
“If you're an SEO and you're recommending against
going HTTPS, you're wrong and you should feel bad.”
https://twitter.com/methode/status/633541668403
310593
MORE RECENTLY, GARY STATED HTTPS IS MORE OF A
TIE-BREAKER
http://searchengineland.com/googles-gary-illyes-
https-may-break-ties-between-two-equal-search-
results-230691
6. REASONS NOT TO GO SECURE
•DOES NOT PREVENT HACKS
•COST
•EXPERTISE/RISKS
7. HTTPS DOES NOT
SECURE YOUR WEBSITE
•DOWNGRADE ATTACKS
•SSL/TLS VULNERABILITIES
HEARTBLEED, POODLE, LOGJAM, OH MY!
•HACKS OF A WEBSITE, SERVER, OR NETWORK
•SOFTWARE VULNERABILITIES
•BRUTE FORCE ATTACKS
•DDOS ATTACKS
9. COST?
THE COST OF A CERTIFICATE DEPENDS ON
THE LEVEL OF PROTECTION AND PROVIDER
FREE:
https://www.startssl.com/
https://letsencrypt.org/
Arriving Q4 2015
10. EXPERTISE:
HTTPS AT THE SERVER LEVEL
•MOD_SSL NEEDS TO BE ENABLED
•PORT 443 OPENED
•PROPERLY CONFIGURED VIRTUAL HOST
•SPDY (SPEED IMPROVEMENTS)
•OCSP STAPLING (CUTS DOWN ON CHECKS)
•SO MUCH MORE
11. EXPERTISE:
HTTPS FOR WORDPRESS
SETTINGS » GENERAL
CHANGE WORDPRESS ADDRESS AND SITE
ADDRESS TO USE HTTPS:
THIS IS NOT ENOUGH AS IT ALLOWS
LOADING OF BOTH HTTP AND HTTPS
PLUGIN:
https://wordpress.org/plugins/wordpress-
https/
12. EXPERTISE:
COMMON WORDPRESS PROBLEMS
•NOT USING RELATIVE URLS
•FAILING TO CLEAN UP HARD CODED LINKS
•DUPLICATION (HTTP AND HTTPS)
•DEPRECATED FUNCTIONS THAT DON’T
WORK WITH HTTPS
•MIXED CONTENT (CONTENT LOADED FROM
HTTP AND HTTPS)
•CANONICAL TAG ISSUES
13. EXPERTISE:
REDIRECTS
SHOULD BE DONE AT THE SERVER LEVEL
IN THE SERVER CONFIG FILE HTTPD.CONF
https://wiki.apache.org/httpd/RedirectSSL
MORE OFTEN THAN NOT REDIRECTS
EITHER DON’T GET DONE OR GET
PLACED IN .HTACCESS
17. RISKS
“Moved from HTTP to HTTPS, now SEO is in the
ditch.”
“switched to the https version...After that the
ranking on Google dropped for almost every
keyword.”
“Huge drop [50%] in traffic after HTTPS move”