Probably, everyone will have to move. If not this year, then the next one, so the sooner we all move, the better for us it will be in the future. Hello dear friends, we are starting an unscheduled video, which will be devoted to moving your site to the secure HTTPS protocol, and how to do it correctly in terms of SEO. Just last week, Google officially announced that since January 2017 it will be reporting that the site is unsafe in the Chrome browser for all sites that work on the HTTP protocol, on a quite familiar protocol, which is used by most sites. And since Chrome is the most popular browser, plus Google has been consistently talking about, the need to move to HTTPS for several years, the question of moving all sites to this protocol has risen. First of all, let’s deal with what this is all about. There is a regular HTTP protocol, so this protocol is unsafe. That is, if the site transmits some confidential information, such as bank card data, PIN codes, personal information of the user, this information can be intercepted, and all major sites began to consistently move to HTTPS since the 2000s. For your site to be available at HTTPS, you must have an SSL certificate. This certificate is issued, as well as the domain, for one year, and each year it should be extended It is issued by special certification authorities. This is briefly what HTTPS is. Why does your site need to move to HTTPS? Starting from 2017 Google will report an unsecured connection if your site has not moved to HTTPS and is available via the usual HTTP protocol. As early as in 2014, Google announced that the presence HTTPS is a ranking factor. For some users, a green icon is a certain factor of reliability, the trust is raised. There are other points. For example, you can set up push notifications. Probably, you have seen, when you visit some site, somewhere at the top pops up a window asking whether you want to receive notifications from this site, and in the future, you start to receive news directly in a browser. This is push notifications, which require HTTPS to be configured on your site as well. For conspiracy theorists: I have a version why Google does it, i.e. sequentially makes all sites move to HTTPS. Google is a commercial organization that strives to get as much money as possible, it thinks about the users, about their security in the second place. Google strives to be a monopolist in the possession of information about users, what sites they visit, what queries they ask, how long and on what pages they spend their time. This information, only in large numbers, is sold to advertisers, and it enables advertisers to advertise the goods and services better. Google want to be the only company to possess this information about users. That is why it began to encrypt on what query a user went to the site from the search, that is why it promotes Google Analytics, and Yandex promotes Yandex metrics. The use of a secure protocol encrypts information, and it will be impossible to intercept it, so Google will have the entire information about users. Most likely, in the near future all sites will be forced to go to HTTPS, and the sooner you do it, the faster you will pass all the unpleasant moments, which I’ll describe a little further, and when all the sites are forced to go to HTTPS, it will give you some competitive advantage. So, we talked about what is HTTPS and SSL and why we need to move on it. Now let’s talk about what certificates are there. Certificates are divided into several types: By verification. Certification authorities, the whole task of SSL certificates – check your company, your site. The most common certificates verify the fact that you are an administrator of the domain. A verification letter with the code is sent to the domain’s email address and you hereby confirm that you administer the domain. There are certificates with organization verification. They check the contact information in the domain, the yellow pages about the fact that such an organization is present there, they can also ask for a certificate of registration. There is a certificate with advanced verification. After installing such a certificate not just green lock appears in the address bar, but also does the name of our organization. There is an advanced verification, i.e. it verifies the fact that you are present at this address, some documents are requested, etc. Accordingly, the cheapest certificates are the certificates with domain verification, they are issued the most quickly, and the more serious the check, the more expensive the certificate and the longer it takes to issue them. By functionality
Regular – issued for one domain. If you have several subdomains, you need a special certificate, which spreads its effect on subdomains too, and if you have a small number of subdomains, it is sometimes advantageous to buy a separate regular certificate for each of the subdomains, but if you have a large number of subdomains, then you need a special certificate. There is a certificate that is installed on the server and operates on several separate domains. There are certificates that support Cyrillic domains. This is regarding the certificate types. What awaits you when moving to the secure HTTPS protocol: Temporary drop in traffic. Someone has 50%, but more often it is about 10-20% traffic loss, but the traffic is returned within two weeks, a month, two months. Wait for merging. You need to wait for the search engine to merge the old HTTP of your site with new HTTPS Some links will be lost. However, Google says that 301 redirect transfers all reference weight, but still a direct link is better than a redirect link. Difficulty of setting, especially for large sites, or, for example, if you are a beginner. But we have to somehow put up with these problems and survive them. Let’s proceed directly to buying and installing, setting up a certificate. I immediately foresee your question: “and what about free certificates?” I don’t recommend using them, because in some cases the user’s browser will report that the connection is insecure and users will leave, so let us spend $10 a year, but get a working, proven tool. It all starts with the purchase of a certificate. First, you choose a certification authority, you can just examine SERPs, or you can see the offers on your hosting. Usually no questions are raised here. The first thing when buying: we generate a public key, specify our name, position, department, phone, mail and generate the key. It looks like a large block of text. When generating a public key, you will also be given a private key, which must be saved on the computer, because if we don’t save it, you’ll need to reissue the certificate. Next, we replenish the balance of the certification authority in order to get the SSL certificate, insert the public key, set all settings to default, and click “Get certificate”. The next step is to confirm the email address of our domain. A special e-mail is sent, usually to [email protected], and we need to receive this letter, click the link, enter the code. And if we don’t have this e-mail address, we need to create it in advance. This is usually the [email protected] And then, usually within a few minutes, a certificate arrives to your email. If we are a beginner, we take the archive, the private key, and go to the hoster with this information. Write a ticket: “Hello, I want to install the SSL certificate on such domain”, attach the private key and the certificate. Usually no questions arise does, and hoster installs this certificate for free. After that, your site will be available both at HTTP and at HTTPS. Next, we need to configure the 301 redirect, so that when a user enters the HTTP://address of our site, the version HTTPS is opened. Usually it is also done quite simply, if we do not know how to do it, you can find a freelancer and for a little money to ask him to set it up. The next step is to configure internal and external links. Usually this is the moment that causes the most problems, and requires the most time. In this step we need to change all internal links to https. We can specify relative reference instead of absolute ones, if our internal links are built on the principle of “http:the domain of the page”, we can replace these links to relative, simple / and the name of the page, or we can specify the links without specifying the protocol, or directly specify https: etc. All external references to scripts, libraries must also be specified with the HTTPS protocol, or without specifying the protocol, i.e. //domain. This is done so that when you open the site the lock was green and there was no problem with mixed content, it also concerns images and other files that you are downloading from somewhere. If you have a popular CMS like WordPress, moving to HTTPS is done very quickly. Just enter the settings and write https//domain name and all links are automatically changed, plus you need to change the links within the layout. Next step: we bought the certificate, installed it, configured the 301 redirect, changed the links, now we need to test that everything works correctly. The first thing we look at is the colour of the lock, which is displayed next to the URL, so that it is green. If it is gray, open the console and look at what is loaded by HTTP. Next, we open the site in different browsers, on different devices, on mobile phones, on tablets, everything should work correctly everywhere. There should be no errors anywhere. We configure the robots.txt service file. In the instructions for Yandex we write: host: and the domain with indication of HTTPS protocol. The next step is sitemap.
Generate a new sitemap with new links, plus access to sitemap in robots should be also written with HTTPS. Next, we move to Yandex webmaster, go to our domain, select “Relocate site” and there is a function “Add HTTPS”. In Google Search Console we just add another domain, only with the HTTPS address. It is important to track errors in the webmaster panel after moving to HTTPS. And in conclusion, you ask: “okay, and what about links?” Of course, 301 redirect transfers some weight, but it is better to make direct links, so it is desirable to fix all the links which we can reach, and specify the HTTPS protocol. So in all profiles where we left the link, change it to HTTPS, change the link on our network of sites (PBN), we ask to change the link on sites of partners, replace the link in our groups and public pages in social networks, plus, if we bought links in GoGetLinks, RotaPost, we contact webmasters who have placed the link with the request to change the protocol. Some won’t answer, some will refuse, but some part will change this link, and plus we try to change it to HTTPS on other sites, where we’ve placed the link. In conclusion, I would like to say that probably everyone will have to move, if not this year, then the next one. So the sooner we all move, the better for us it will be in the future. So please use this instruction.
Thank you very much for watching. Take care!