The Google Chrome Team has released a “work in progress” guide to transitioning a website to HTTPS. For those of you who didn’t immediately transition to HTTPS when Google first announced that it would be used as a ranking signal (which they later announced would not be visible), you probably want to add it to the upcoming to do list, as Chrome is planning to alert users when they try to visit an unsecured site.
The guide, written by Chris Palmer on the Chrome team, gives step by step details on how to transition without any issues.
This document describes a series of steps you can follow to gradually migrate a small or large web site from HTTP to HTTPS. You can take the steps at any speed — all in 1 day, or 1 step per month — but you should take them in order.
Each step is an incremental improvement and has value on its own. However, your site does not provide a security guarantee until you have completed all migration steps.
They have made the document editable, asking people to leave comments, so that others can offer their own tips and advice. However, I suspect it won’t be long until someone tries to add affiliate links to certificate sites! The editing is currently disabled by Google Docs due to its popularity.
This document is a work in progress! Please feel free to insert constructive comments to improve the text and to ask questions I haven’t answered. If you want credit for your contributions, please include your name in the comment. Thank you!
If you haven’t made the HTTPS migration yet, it is definitely worth reading and following Google Chrome’s How to Migrate to HTTPS guide.
Jennifer Slegg
Latest posts by Jennifer Slegg (see all)
- 2022 Update for Google Quality Rater Guidelines – Big YMYL Updates - August 1, 2022
- Google Quality Rater Guidelines: The Low Quality 2021 Update - October 19, 2021
- Rethinking Affiliate Sites With Google’s Product Review Update - April 23, 2021
- New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met - October 16, 2020
- Google Updates Experiment Statistics for Quality Raters - October 6, 2020
Ethan Glover says
I feel like Google is pushing to hard on the HTTPS for two major reasons.
1. The EFF is planning on making it free and easy late next year, I think it would be fair to wait on this. I would like to, but for every post like this I read (I appreciate the resource) I feel like I’m doing so in vain.
2. Satellite internet connections are known to have problems with secure websites. The connections are very low latency and right now (as a satellite user) I can not access any website that forces HTTPS. Even the secure elements on the page (Like the facebook like box.) Show broken images and doesn’t work properly. (This is also the same reason satellite users can’t use VPN.)
I don’t know, I get Heartbleed hit some sites pretty hard and Google has publicly said they want to fight the NSA spying, but this could push unecessary costs (point one) and even alienate users in remote geographical locations (point two).