Posts

HTTP to HTTPS Migration Guide – Case Study of Securing Our Site Over SSL

I've been thinking about migrating TheGuitarLesson.com (which runs on WordPress) to HTTPS for quite a while now. There are many advantages of moving a site to HTTPS, there are a lot of articles online that deal with the subject, so I won't go into detail on them. Being secure is important, but for me, the most important factors were:

  1. HTTP/2 performance improvement - Sites optimized for and delivered over HTTP/2 perform 50-70 % better than sites over HTTP/1.1. HTTP/2 can only be used through HTTPS.
  2. SEO - Google is using HTTPS as a ranking signal.
  3. SSL = trust - When people see the green padlock, they feel all tingly inside 🙂
  4. Referral data - Referral sources from HTTPS referrers are blocked, unless your site is HTTPS as well.
  5. More secure - Usernames and passwords are secured over unsecured connections as well.

The final push came in the form of an email from Google about a month ago:

google-nonsecure-warning-email

To summarize the letter:

Go HTTPS in 3 weeks, or have a big'ol NOT SECURE notification in the Chrome browser address bar!

Reading that, and following a brief panicky moment, I realized that I can't put this off any longer. In Google's efforts to secure the Internet, it was going to slap a NOT SECURE warning on my site for all visitors to see. My site has memberships that cost money, imagine the trust my customers would feel when they encounter the warning. Read more