10 Common Mistakes When Transitioning to HTTPS

10 Common Mistakes When Transitioning to HTTPS

Have you changed your website over to HTTPS yet? Since January of 2017, web browsers Chrome and Firefox have started putting security warning messages on websites that have stuck with using just the old HTTP code. If your website takes in any kind of personal information from readers, even just email addresses, you need to convert to HTTPS right away, if you haven’t already.

What is HTTP and HTTPS

What is HTTP and HTTPS?

HTTP stands for hypertext transfer protocol. It defines the rules by which computers talk to each other across the internet. It was the standard for many years, but the push has been made this year to create a more secure system using HTTPS (hypertext transfer protocol secure). This ensures the safety of transferred data, such as passwords and personal/financial information, making your website less vulnerable to attack. Securing your website in this way also improves your search rankings and signals to your readers that you care about their web safety.

To switch your website from HTTP to HTTPS, you need to get a security certificate that enacts a ‘handshake’ procedure that encrypts the data going between client and server on the internet.

If you’re really computer savvy you can install it yourself, but ISME also offers a One-Key Service that will take the entire burden off your shoulders for a reasonable fee.

Potential problems when migrating to HTTP

Potential problems when migrating to HTTPS

It seems like nothing is ever simple when it comes to computers. There can be a few bumps on the road to HTTPS. Here are 10 of the most common mistakes that people make when switching over to a secure protocol.

Insecure password input pages

Insecure password input pages

You might think that you don’t need a secure password input page. You’re not a bank, after all. You just ask people to sign into your blog before commenting because you got tired of all the spam. No matter how inconsequential you might think it is, you need HTTPS.

For one thing, if you don’t have it your browser will post a big fat Not Secure warning in your URL window, which might make people think your website has been hacked and will now give their computer a virus.

Having unsecured items on your website

Having unsecured items on your website

Even if most of your website is on HTTPS, if you have unsecured items – images, links, scripts, etc – on your page they will trigger the security warning. Worse, they might leave a door open through which you can get attacked.

Links to unsecured pages within your own website

Links to unsecured pages within your own website

Let’s say your password input page has impeccable security, but the rest of your website hasn’t quite caught up yet. You have a link to your value-added giveaway (like my book, Internet Marketing Made Easy) at the bottom of your sign-in page, because it’s at the bottom of all your pages. You should make sure your giveaway page also uses HTTPS. Any HTTP link is a security risk. This applies to links to all website items, even if it’s just an image.

The wrong URLs on your sitemap.xml

Make sure you have the proper HTTPS URLs on your sitemap. If you forget to change over the old HTTP URLs you might confuse the search engine crawlers and they won’t be able to completely index your site (very bad for your search rankings).

Not redirecting to your new HTTPS pages

If you’re stuck mid-transition, with half of your website on HTTP and the other half of HTTPS, make sure to have redirects or canonical URLs set up to maintain your SEO.

Letting your SSL certificate expire

This will cause your browser to slap a security warning on your page, frightening off browsers.

 

Your SSL certificate isn’t registered to the right domain name

Your registration needs to match your domain name (what comes up in your address bar) exactly. If it doesn’t match the browser will show a name mismatch error, which might also cause people to have trust issues with your site.

Not using the latest security protocol version

Using the old (version 1.0) SSL or TLS protocol leaves you open to hackers. Always use the most recent security protocol version, and keep it updated.

Not supporting HSTS

Not supporting HSTS

HSTS stands for HTTP Strict Transport Security and protects you and your readers from certain kinds of attack. With HSTS in place, your server tells web browsers to only talk to it over secure HTTPS connections. That way you and your readers will be safer from attacks and malware.

Not supporting SNI

Not supporting SNI

SNI stands for Sever Name Indication and is an expansion of the TLS protocol. You can use it to host several servers, and use several security certificates from the same IP address, giving you an added layer of security.

The increasing incidence of online attacks, such as the recent WannaCry ransomware infection, make it vitally important to stay one step ahead of the hackers. Using HTTPS is one extra line of defence between you and them, and that makes the extra effort worth it.

Need some help, or would like a short-term mentor in your business?
Get a FREE Copy of my No. 1 seller “Internet Marketing Made Easy,” or book a FREE 20-minute session with me

Internet Marketing Made Easy

 

BOOK NOW