The essential HTTPS guide (and why it should be installed on your hosting)

17 February 2017 | | Internet

HTTPS is the secure version of HyperText Transfer Protocol (HTTP) the ‘S’ standing for ‘Secure’.

In its most basic form, it establishes an encrypted, secure connection between a user’s browser and the server that hosts a website. The data sent using HTTPS is secured with a Transport Layer Security protocol (TLS), which provides 3 layers of protection:

  1. Encryption. Encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages or steal their information.
  2. Authentication. Proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
  3. Data integrity. Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.

A secure connection offers greater trust (visitors will be reassured that you are a responsible business), more transparency (your visitors will see that you own the domain name) who owns the domain name and higher conversion rates.

Most importantly, Google has announced that hosting your website on a secure server is a positive ranking factor. HTTPS ranking factor – Google Official Announcement

Dental Design is now offering our clients the opportunity to install HTTPS as part of our hosting package options. If you are interested, please get in touch. 

Step 1: Get an SSL certificate

First up you’ll need an SSL Certificate. You can usually get these direct from your hosting company or from a reputable SSL vendor. The advantage of buying through your host is that they’ll most likely help with the installation.

When you start looking, you’ll see that there’s quite a variety of SSL Certificates to choose from. Some of the most popular ones are:

Domain SSL – This is the most common type of SSL. Cheap, instant issue SSL which shows the padlock in the browser bar. Valid for one domain only.

Wildcard SSL – Similar to Domain SSL except also valid on subdomains of the same domain.

Organisation SSL – More expensive SSL which requires basic company verification and takes one or two business days to issue. Domain and company details appear in the certificate and a padlock will be shown in the browser.

Extended Validation (EV) SSL – This is the most expensive type of SSL which requires legal, operational and physical company verification. It takes three to four days to be issued and includes the full green secure browser bar feature.

Don’t get too hung up on the different types of certificate. They all work in exactly the same way. The only thing is that the more expensive ones have more of a verification process in place and the EV SSL has the green browser bar. Don’t think that just because you opt for the cheaper Domain SSL that you’re getting cheaper security – you’re not, they are exactly the same.

Step 2: Install your SSL certificate

Once you’ve purchased your SSL certificate you’ll need to verify it. As explained above with the organization and EV certificates this can involve providing additional information.

Assuming you go for the domain SSL, you’ll need to verify your domain by approving an email that is sent to one of a number of pre-specified email addresses (i.e. webmaster@YOURDOMAIN).

You can also get your SSL with or without www. – it’s purely down to personal preference.

Once you’ve verified, your hosting company can then install it on your domain for you.     A dedicated IP address for your SSL is not now strictly necessary, but some hosts may still require that you purchase one. Just check with your host and they’ll help you with this.

Step 3: Run a full backup

As with any task that involves changes to your website, it’s highly recommend that you run a full backup first. If you use a hosting control panel like cPanel you can run this manually from there.

Step 4: Update internal URLs

Now the fun starts. As you’re switching to HTTPS any internal links in your site will still use HTTP unless they are changed. If you leave them as HTTP after switching to HTTPS they may return 404 errors when clicked on.

If you’ve got a small site you can probably update these yourself or if you’re not comfortable looking under the hood, then you can get a designer, developer or web professional to do this for you.

On that note it’s worth just pausing and considering this point because it’s important. If you’re genuinely not comfortable with making these types of changes to your website then you should definitely get some professional assistance. You can use this guide to help you understand the steps involved so that you can communicate with them on their level. If you don’t have anyone in mind then start with your hosting company to see if they can recommend anyone or use a freelance site like Upwork or Guru to find someone.

Top Tip: If you do decide to use a freelancer, don’t be frightened to ask them to take a test first using a tool like Test4Geeks. Reject any that score less than 80% – you only want to work with the ‘A’ Graders.

Of course if your site is large and has hundreds, maybe thousands of pages, then it’s not really feasible to do this manually. Fortunately there are tools that can automate this for you, especially if you’re using WordPress.

Step 5: Update external URLs under your control

Once you’ve updated your internal links you should check to see if you have any external links that you control which you can update to HTTPS.

For example your social media profiles will have links to your site as will directory links. Wherever you have links where you have a login, you should go through and update them so they reflect the change to HTTPS rather than linking to the outdated HTTP address.

Of course, if you’ve got dozens or hundreds of external links pointing to you it’s not feasible to go round and ask all website owners to update these links. We’ll cover how to work around that shortly.

For now though, just run through the ones you do control and update them.

Step 6: Set up a global 301 redirect

A 301 redirect is a way of permanently redirecting traffic from one URL to another. In this case it would be from the HTTP URL to the new HTTPS URL. This is usually something that you might do occasionally on a page by page basis but in this case as you’re moving your entire website to HTTPS, you need a more efficient way to achieve this.

The way that you do this depends on the type of web server that you use. The majority of websites will be hosted on LAMP servers (Linux, Apache, MySQL, PHP). In this case you need to make changes to the htaccess file.

For NGinx this would be the NGinx Config File.

To double check your work there are tools that can scan your site for non SSL links. WordPress users even have their own Insecure Content Fixer plugin. Nice!

Again, if you’re not sure, get a web professional onboard to help you.

Step 7: Update your CDN SSL (optional)

If you use a Content Delivery Network (CDN) like Cloudflare then you’ll need to update your CDN SSL.

A CDN is a distributed set of servers across the globe that offers the double benefit of presenting your website files via the closest server to the person browsing, as well as being able to detect and prevent malicious traffic harming your website. Check first with your hosting company if you’re not sure about this. If you are then you’ll just need to contact your CDN provider and they will help you to configure your SSL.

Step 8: Update 3rd party tools, email templates & paid search

These days running an effective online strategy involves a whole range of additional tools such as email marketing, marketing automation, social media, landing page generators or Customer Relationship Management (CRM) applications. You’ll need to run through them and double check that any HTTP links are switched to HTTPS. Likewise if you’ve got a billing system that sends out invoices or automated emails these will all need updating.

Of course, in step 6 above you’ve already set up the domain level HTTPS redirection so to some extent this step is not really necessary. However, it just looks more professional if you’re using the correct URL especially for billing related links such as invoices and client login areas.

Finally double check any landing pages or paid search.

Step 9: Update Google (Console & Analytics) and sitemap

Nearly there. The final step is to update Google Search Console and Google Analytics and your sitemap.

In your Search Console you’ll need to submit the new HTTPS site. If you use an automatic sitemap generator then that should update automatically but if you have a manually generated sitemap then you’ll need to update it.

With Google Analytics you’ll need to set the default URL to HTTPS.

More posts from our team


Previous Post:
Next Post:

Back to all news

Reviews2024
Five Star
Reviewed Marketing
5 gold stars
google review logofacebook review with 5 stars
"Excellent service from James at Dental Design, thank you very much for your prompt attention whenever I get in touch! Would definitely recommend to a friend" Alison Tarmey View Full Testimonial
Google reviews logo "Would definitely recommend to a friend"
5 gold stars
"As a dental practice manager I cannot recommend Dental Design highly enough. They are just brilliant at what they do. Lucy and her colleagues are just an email or a phone call away...." Emma Smith View Full Testimonial
Google reviews logo "I cannot recommend Dental Design highly enough"
5 gold stars
"Really great company to deal with. They always respond quickly and are truly reliable. I would 100% recommend, the staff are so friendly and helpful." Michelle Molloy View Full Testimonial
Google reviews logo "Really great company to deal with"
5 gold stars
"I got increased traffic and new patients applying to my surgery, once Dental Design upgraded my website. They are very professional, efficient & adaptive to new situations..." Joanna Gallop View Full Testimonial
Google reviews logo "Very professional, efficient & adaptive to new situations"
5 gold stars
"Lucy has been a star, responding to and acting upon our requests in a prompt, efficient and professional manner, as well as the rest of the Dental Design team..." Abhay Shah View Full Testimonial
Google reviews logo "I cannot recommend them highly enough"
5 gold stars
"...Since the website has been up and running Lucy Mander has been our point of contact. She has been invaluable and gone out of her way to help us, especially during COVID-19 lockdown... " Lucy Jones View Full Testimonial
Google reviews logo "Has been invaluable and gone out of her way to help us"
5 gold stars
"Thank you for all your help and support, and the provision of valuable learning aids for our patients and staff alike in these difficult times. We love the look of our practice website. Very professional!" Sandra Luck View Full Testimonial
Google reviews logo "We love the look of our practice website. Very professional!"
5 gold stars
"Dental Design stood out both in their knowledge of the industry and their professionalism and can-do attitude. All of their staff are exceptionally competent and knowledgeable..." Harvey Rook View Full Testimonial
Google reviews logo "Dental Design stood out both in their knowledge of the industry and their professionalism"
5 gold stars
"Having done extensive research into all the dental website companies, the team and package offered at dental design was unrivalled..." Neil Shah View Full Testimonial
Google reviews logo "The team and package offered at dental design was unrivalled"
5 gold stars
"The team at dental design (especially Rosie) are absolutely fantastic and are always on hand to help. They are professional, friendly and extremely efficient. Rosie always gets back..." KiKi Wilmot View Full Testimonial
Google reviews logo "absolutely fantastic and are always on hand to help"
5 gold stars
"Dental Design are fantastic to work with, our website is amazing and the support they provide is second to none. Our account manager Rosie L is a fabulous point..." Luke Lucas View Full Testimonial
Google reviews logo "Dental Design are fantastic to work with"
5 gold stars
"Having worked with the Dental Design team for the last six months, I've found them not only helpful, but friendly and approachable too. I bombard Marcus with regular..." Sophie Harper View Full Testimonial
Google reviews logo "always met with a swift and professional response"
5 gold stars
desk with branded documents