How to secure your web site. What is HTTPS and why is it important?


When ever you browse the internet, information passes from your computer to the web site you are visiting. Information like which website you are visiting, keywords you use in Google, details you enter in a contact form and more are transferred between computers.

Normally, without encryption, this data is transferred in plain text. It is possible for anyone to actually see the information that is being transferred from your computer to the server (or website you are visiting).

To fight this, HTTPS was introduced which encrypts all data from your computer to the server and back.

If a website starts with https:// it means no encryption is happening and everything is being sent using plain text. If a website is using https:// then the data is encrypted and it is impossible for anyone to see the data that is being transferred.

When purchasing items online, or filling out contact forms, protecting your privacy is important so a big push is happening now to change all websites from regular https:// to https://

In fact, Google will give an instant boost to your website’s listing if you move to HTTPS.

Some web browsers will even show a warning if a website is not using HTTPS which can scare away potential visitors from your website.

How to Change Over to HTTPS

To use HTTPS you need an SSL certificate. You can usually purchase one from your hosting company.

Once you have an SSL certificate you need to forward your old http website to the new https website. This is important because if you don’t do it then you will end up with two different URLs which will hurt your search engine rankings because Google will see two websites with the same content and it will negate the benefits of https because most visitors will continue to visit the plain http version.

To properly forward http to https can get a little technical. Many web hosts are slightly different so I will explain the way to do this for the most common servers. Confirm with your web host that you are using Apache on a Linux server and that they support .htaccess files before doing the following.

  1. You need to create a .htaccess file at your root directory. You can do this with any FTP program
  2. Edit your .htaccess file and add the following code;
    RewriteEngine On 
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$$1 [R,L]
  3. Change to your actual domain name.

What the above code does is tell your web server to forward any traffic going to https:// to redirect to the https:// version. Your website visitors don’t have to do anything more and they are automatically forwarded to your secure website.

Non-Technical Way with EverWeb

If you are using EverWeb to build your website, version 2.4 can actually do all of the above for you without any work on your part. You will need the EverWeb + Hosting platform to take advantage of this feature.

All you have to do to switch over to HTTPS with EverWeb is;

  1. Make sure you have the EverWeb Site Shield add-on
  2. In EverWeb go to the File menu and select ‘Edit Publishing Settings’
  3. Check the box that ‘Use HTTPS Secure URLs’
  4. Publish your website

Get Your Instant SEO Boost with HTTPS

In order to quickly take advantage of the SEO boost with an HTTPS website you will need to submit an XML sitemap of your website to Google and other search engines.

An XML Sitemap will make a list of all of your web pages, along with important meta information like the last updated date, how frequently your web pages are updated and a few more details.

It is important to create an XML Sitemap file with your new https:// URL and submit it to your Google Search Console account.

There are many ways to create an XML Sitemap. You can make one that just lists your web pages, or you can also make a more complex one that includes the meta details discussed above.

To create an XML sitemap file follow these steps;

  1. Use a Sitemap Generator such as Sitemap Automator or
  2. Create your Sitemap using the above tools
  3. Upload your Sitemap to your root FTP account
  4. Login (or create) a Google Search Console account
  5. Follow the steps to add your website, verify your account, and submit your sitemap file

If you are using EverWeb, iWeb or any desktop website builder you can follow these video tutorials;

  1.  Video tutorial for creating your XML Sitemap File for EverWeb websites
  2. Video tutorial for creating an XML Sitemap file for any website builder

By the end of the year HTTPS websites will be the norm. It will be essential that everyone is switch over because Google and other search engines will essentially require it. Web browsers will start giving warnings for non HTTPS websites as well which may scare off your website visitors.

Switching to HTTPS should be straight forward. If you have any questions, please post them below.



Leave a reply