What is an unsecured page (HTTP)?
An unsecured page is a page that does not have any kind of encryption security to protect its requests and responses. An unsecured page will have a URL that starts with HTTP instead of HTTPS, which indicates that it does not have Transport Layer Security (TLS) or a Secure Sockets Layer (SSL) protecting its requests.
Unsecured pages are vulnerable to having their data stolen/recorded by cyberattackers. The lack of encryption makes it very easy to see all the data in its requests — including passwords or other sensitive information.
How important is page security to SEO
Google has explicitly said that having HTTP pages on your website will hurt your traffic and search engine optimization (SEO) efforts.
Google began to use HTTPS as a ranking factor in 2014 to ensure that it did not lead users toward unsecured websites. Data security is becoming more critical every year, so for both SEO and the safety of your users, you should ensure your pages use HTTPS protocol. In addition, all internal links and external links within your web pages and blogs should also be HTTPS links.
Different types of SSL certificates
There are 3 different types of SSL certificates, and each of them applies to different kinds of websites.
1. Domain Validation SSL Certificate
Domain validation SSL certificates are the cheapest and fastest ways to implement encryption on your website. They will add HTTPS to all your URLs and a padlock icon to the address bar when users visit your website (showing them that it is secure). All this certificate requires is that you prove ownership of your website. It is recommended that only internal websites, test sites and non-public facing websites get this certificate.
2. Organization Validation SSL Certificate
As the name suggests, the organization validation SSL certificate requires that you prove ownership of your website and that you are a registered business. This business validation makes this certificate great for official business websites. Visually, it will look the same as the domain validation SSL certificate and can take up to 3 days to be issued.
3. Extended Validation SSL Certificate
The Extended Validation SSL certificate is the highest tier of SSL certificate and is ideal for public-facing business websites. Beyond just the padlock in the address bar, this certificate will give your website a green address bar, which will display the name of your organization. This is the most difficult certification to get since the vetting process is performed by a human being and is much stricter.
How can you secure your page?
To secure your website, follow these simple steps:
- Buy an SSL (or a wildcard SSL if you have multiple subdomains) from your web hosting provider or another SSL/TLS provider.
- Make sure your website is compatible with SSL or TSL security.
- Migrate the site during a non-busy period (weekends are a good time).
- Crawl your site to identify and update all of your internal links so there are no HTTP links on the site.
- Update your sitemap to include only HTTPS links.
If you want to learn more about optimizing your website for search, you can read our full SEO audit checklist or get an SEO audit consultation.
Momin Shahab is an SEO consultant at Productive Shop. He has worked in SEO on an international level for upwards of three years at various companies. He has gained training in content marketing, project management and data analysis. When he's not working or researching SEO, he is reading and collecting books.