Welcome to WebmasterWorld Guest from 54.224.121.67

Forum Moderators: phranque

What will happen if I don't switch to HTTPS?

possible downside of non-secure pages

     
12:23 am on Feb 18, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10113
votes: 550


Many site owners are still deciding if or when they will follow the new SSL standard of using a security certificate and switching to HTTPS.


Possible downside of not switching to HTTPS*

Visitors may start to decline. As discussions about secure web sites become more popular, visitors may avoid non-secure web sites.

Browsers are still transitioning but the warnings will get more explicit for ALL pages, not just Credit Card or forms. These warnings may further scare off visitors.

Google has made statements that secure sites will gain advantage in mobile & desktop SERP. HTTPS is already being displayed for secure sites. Bing & other Search Engines will surely follow.

Eventually, non-secure websites may be considered unsafe to users and purged from SERP altogether.

Browser support for HTTP/2 protocol is only for HTTPS websites. This protocol greatly speeds up page loads. If your site is not secure, you will not benefit.

*Possible scenarios, no one knows for sure.
5:44 am on Sept 3, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10113
votes: 550


@killua - IMO 483 out of 489 is pretty good. From what I've been seeing, 3 months for a site your size is about normal. Don't forget, 10s of thousands of other sites are doing the exact same thing you are. There's likely a rush to get this done before the hammer falls.

There's also the possibly of report descrepanccy. That index report has been faulty several times in the past, sometimes only for some accounts.
1:02 am on Sept 7, 2017 (gmt 0)

Full Member from US 

10+ Year Member

joined:Apr 11, 2006
posts:235
votes: 17


I just wanted to warn anyone with Disqus comments on their site, leave the URL of your http site alone in the Disqus settings because the comments will still load anyway. If you change it to https you'll go down a rabbit hole that involves downloading a .CSV file of all your pages with Disqus comments, correcting it in Excel by adding corresponding https URLs, and reuploading it. Some of the URLs weren't even my domain (I have no idea why) and as long as War and Peace, so this was practically impossible for me to do. I thought I finally had the .CSV file fixed, but they wouldn't even accept it!

I just went back in the Disqus settings and changed my URL back to http, and the comments showed up again.
4:45 am on Sept 7, 2017 (gmt 0)

Junior Member

10+ Year Member

joined:May 20, 2006
posts: 73
votes: 0


I'm not sure how you did that with Disqus. In my initial test, the Disqus comments will disappear if the site is accessed through https. I'm not sure though if the HTTPS 301 redirect triggered that. In my case I just used disqus recommendation of migration tool which is the csv method, and the process was easier than I thought.
7:04 am on Sept 7, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1572
votes: 14


I have questions re changing to https.

1) presumably all the pages on the site have to be re-indexed by g as they now have new urls.

2) relative insite links will still work but if there are any full / absolute links they will have to be updated.

3) presumably all inward links to the site will now be broken, how can I maintain traffic and PR benefits from inward links once I have new urls?

4) links elsewhere formed as www.example.com should still work, will they? but any that were formed as http://www.example.com will have to be updated - for example in all employees outlook email templates and the like?

Any that I have missed?

[edited by: phranque at 7:37 am (utc) on Sep 7, 2017]
[edit reason] exemplified domain [/edit]

7:14 am on Sept 7, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1572
votes: 14


Yup missed one.

I am being offered two different levels of ssl deal, a basic one and an enhanced one. It seems the only benefit from the enhanced one is that our company name will appear in the top left of the url bar, it is quite a lot more expensive, I am thinking of going for the basic ssl deal, any opinions?
7:36 am on Sept 7, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10113
votes: 550


Those are two different types of security certificates.

You can self install a free certificate. These hosts try to take advantage of their customers. This doesn't need to cost you anything.

Get a free cert here:
Lets Encrypt [letsencrypt.org]
11:20 am on Sept 7, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Apr 20, 2017
posts:297
votes: 55


These hosts try to take advantage of their customers. This doesn't need to cost you anything.

It's sure that LOT of hosts will take the opportunity to charge their clients for certificates they may get themselves free ! Also charging for free certificate, and for installing them, etc, etc... and may be for the renewal. It's easy to pressure clients by claiming that if their site is not in HTTPS they will be wiped from the face of the world (which is not true)

Get a free cert here:Lets Encrypt [letsencrypt.org]

From scratch is requires some skills and knowledges, to set up a LE certificate. but it's possible that Mark_A is using a web control panel which can include this automatically. I know that CPanel, Webmin, and certainly others come with a module especially dedicated to Let's Encrypt.

Additionally, there is Caddy WebServer which is really great for this, you simply have nothing to do. It handles HTTPS automatically, and generate the certificate without any action from you. But people using Apache or Nginx, will certainly not try to switch and rewrite their configurations.
12:10 pm on Sept 7, 2017 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11080
votes: 106


links elsewhere formed as www.example.com should still work, will they?

that is considered a relative link so a click on that link should request www.example.com using the same protocol as the url of the page containing the link.
assuming that is a link on your https:// page you should be okay.

if you enter www.example.com in the browser address bar (without protocol specified) the default requested ptrotocol usually depends on browser settings.
1:38 pm on Sept 7, 2017 (gmt 0)

Full Member from US 

10+ Year Member

joined:Apr 11, 2006
posts:235
votes: 17


I'm not sure how you did that with Disqus. In my initial test, the Disqus comments will disappear if the site is accessed through https. I'm not sure though if the HTTPS 301 redirect triggered that. In my case I just used disqus recommendation of migration tool which is the csv method, and the process was easier than I thought.


Well I figured out how to make the .CSV file work, I just put all the URLs (3656 in my case) in a plain text file, and separated the http and corresponding https URLs with a ", " as they instruct. That's a lot easier than trying to modify it in an Excel file, at least for me.

They accepted my .CSV file, and the migration has begun. A check of the first few URLs shows it's working (thank God).
1:45 pm on Sept 7, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Apr 20, 2017
posts:297
votes: 55


I am surprised that it's sound such a pain with Disqus, I assumed that they were handling this automatically considering how important they are.
1:59 pm on Sept 7, 2017 (gmt 0)

Full Member from US 

10+ Year Member

joined:Apr 11, 2006
posts:235
votes: 17


Yeah me too. And personalized support with Disqus seems to be nonexistent.
2:45 pm on Sept 7, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1572
votes: 14


Hi phranque
if you enter www.example.com in the browser address bar (without protocol specified) the default requested ptrotocol usually depends on browser settings.


I was thinking of inward links, if they configured as www. rather than "http://www" - anyhow as long as they arrive at either they will be served the right page.

But would it be wise to request webmasters hosting inward links to our site change their links to https ..?



[edited by: not2easy at 8:22 pm (utc) on Sep 7, 2017]
[edit reason] unlinked partial URL [/edit]

6:48 pm on Sept 7, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10113
votes: 550


Mark_A - if you can get some backlinks edited to reflect your new protocol, sure do it.

However, if your 301 Redirect is working correctly, there's nothing future you need to do as far as backlinks. Everyone will get to the correct place.
10:24 pm on Sept 7, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:14256
votes: 551


But would it be wise to request webmasters hosting inward links to our site change their links to https ..?
It's no different from any other type of link where your URL has changed (or the link was incorrect in the first place). If you can get the linking site* to update it, do so. Otherwise, just make sure you've got the appropriate redirect in place.


* If you are the other site owner's mother, you are home free. For arcane historical reasons, quite a few people arrive at my games via my son's personal site. Easiest Update Ever. Haha.
10:57 pm on Sept 7, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10113
votes: 550


It's no different from any other type of link where your URL has changed (or the link was incorrect in the first place).
Sure it's different. Other links that have changed in path lose some link juice with redirects. Google has stated that an HTTPS 301 will not.
6:40 am on Sept 8, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1572
votes: 14


Sure it's different. Other links that have changed in path lose some link juice with redirects. Google has stated that an HTTPS 301 will not.

Good to know, thanks! I was worried about the link effect in google.
4:01 pm on Sept 8, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:14256
votes: 551


Other links that have changed in path lose some link juice with redirects.
Link juice isn't everything. Or, at least, it isn't the only thing. (This is not the Google SEO subforum.) There's also bandwidth and server load and all the details that add up whenever someone has to make more than one request in order to receive a given page.
8:01 am on Sept 9, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts: 1572
votes: 14


Hmm, I may have to look at the URLs used in adwords also.
8:09 am on Sept 9, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10113
votes: 550


No need. All Adsense is HTTPS.

Unless you're referring to the links you put in Adword ads you are creating.
8:25 am on Sept 9, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts: 1572
votes: 14


Yes, I am thinking about adwords ads that we run.

We don't do adsense, our site is a B2B SME selling its own products.
8:40 am on Sept 9, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10113
votes: 550


So once you switch protocol to HTTPS, you will use that everywhere, for everything.

The old HTTP protocol is history. The web isn't going back :)
3:29 am on Sept 10, 2017 (gmt 0)

Full Member from US 

10+ Year Member

joined:Apr 11, 2006
posts:235
votes: 17


Hmm, I may have to look at the URLs used in adwords also.

No need. All Adsense is HTTPS.

Unless you're referring to the links you put in Adword ads you are creating.


I had to modify a lot of Amazon widgets (which they don't offer anymore but still support in a legacy manner).
7:46 pm on Oct 15, 2017 (gmt 0)

New User from US 

joined:Oct 15, 2017
posts:4
votes: 0


If you don't make the switch to HTTPS sooner or later your content is going to get booted. Furthermore without HTTPS you can't use HTTP/2 which means your content will be slow.
I use Godaddy and they haven't upgraded to HTTP/2 but the day is coming.
9:00 am on Oct 24, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10113
votes: 550


There's an ongoing & informative discussion regarding server response headers that strengthen security after you've made the switch:

HTTPS Security Headers [webmasterworld.com]
This 204 message thread spans 7 pages: 204
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members