Pixeldust Drupal Support Service

How do I Secure my Drupal website with HTTPS?

HTTPS (HyperText Transport Protocol Secure) is how servers send encrypted web pages to visitors’ browsers. What does this have to do with SEO? In June 2020, Google called for “HTTPS everywhere” on the web. They then began testing out using secure, HTTPS websites as a ranking signal. You’re reading that right: If your website is secured using HTTPS with at least a 2048-bit key certificate, Google will rank you higher in their search results.

You secure your website by installing an SSL certificate and adjusting your DNS and server settings. It can be a complicated process and differs depending on your server software, hosting company, and many other factors. Consult your Drupal hosting company for the exact details. The process will look something like this:

  1. Buy an SSL Certificate from an issuing authority. .
  2. You’ll typically use a single-domain certificate, but you can use a multi-domain or wildcard certificate.
  3. I recommend an EV (Extended Validation) SSL Certificate as it provides a visible green address bar as feedback to your site’s visitors that the site is secure. It’s not required, though—a standard certificate will work for onsite Drupal SEO purposes.
  4. The process involves proving to the issuing authority that you control the domain name in your request. The process usually takes from one to seven days and you may be asked to provide information about your business.
  5. After you receive your certificate, contact your hosting company and request that they install it on your server. They may ask you to get a pre-configured version of the certificate for your particular server software. Apache is the most common but ask your hosting company. You’ll get the specially- configured certificate from the issuing authority.
  6. During testing, you’ll be able to access your website at both http://yourDrupal8site.dev and https://yourDrupal8site.dev. Make sure you thoroughly test forms and the checkout process.
  7. Google Search Console
  8. Verify the HTTPS version of your site with Google Search Console. Make sure that you verify both the HTTP and HTTPS version of your website.
  9. Submit the HTTPS version of your XML Sitemap to Google Search Console.
  10. When you’re ready to make the switch to HTTPS, ask your hosting company (or your server admin) to redirect HTTP queries to HTTPS.
  11. Monitor your traffic in Google Search Console. Pay particular attention to the Index Status and Crawl Errors.
Pixeldust and Pantheon Drupal Development
256