Chris Harrison

12 August 017

TECH BYTE: Moving your website to https SSL – Tips n Tricks

This post describes some useful tips that might come in handy if you’re considering switching to the now commonly-used HTTPS to encrypt sensitive data. Question: “Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.

A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.

To emphasize the importance of encrypting sensitive data, Google Chrome (from January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.

How does someone switch?
Because it’s important that your customer data is safe, you ought take steps to ensure that you have SSL-certificates across all your own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.

You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, Images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.

Ensure your CDN supports SSL as well. Even make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain. There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.

Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://. Google has also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.

Source and more reading: YOAST

Disclosure: Afterall you have just read and yet The Byte isn’t across to https:// yet itself. We’re getting there! However, we also don’t process any monetary transactions over this site and don’t hold any client/reader content.

by Chris Harrison