You probably know that HTTPS sites (sites with an SSL Certificate) are more secure than HTTP sites, but do you need that extra security for your author website? Here is why we recommend making your site more secure by using HTTPS.
Why Use HTTPS?
It Looks Professional
When your author website begins with HTTPS, it looks like a professional site. Readers will see you as a serious author and will be more willing to try out your books, while promotion sites and venues will be more likely to contact you with marketing opportunities.
Google Prefers HTTPS
Google uses whether sites use HTTPS as part of their ranking algorithm; they prefer sites that are secure. In other words, if your author website uses HTTP instead of HTTPS, it will affect your ranking on Google, and thus affect your site’s discoverability.
It Is More Secure
If your site uses HTTP, the information that is being served by your site to the end user can be intercepted and changed. This makes it easier for shady characters to use your site to download malware onto your readers’ computers. Security becomes even more important if you are collecting personal information from readers, such as name and email when they sign up for your newsletter, because that information is easy for computer-savvy individuals to steal when it is sent over an unsecure connection.
Enabling HTTPS (which is done by getting an SSL Certificate for your site) protects your reader and shows consideration of them, as well as protects your website and your reputation.
Switching to HTTPS
If your author website is currently using HTTP, we recommend getting an SSL Certificate so you can use HTTPS. Some web hosts offer free SSL Certifications (such as Bluehost, HostGator, InMotion, and SiteGround), and other web hosts only offer paid SSL Certifications (such as GoDaddy).
You can also get a free SSL Certification from Let’s Encrypt. Certificates from Let’s Encrypt have to be renewed at least every 90 days and will lapse if not renewed. But some hosts have built-in support for using Let’s Encrypt, automating this renewal. You can check your web hosts documentation or contact them to see if they have built-in support. Even if your host provider does have support for Let’s Encrypt, you may need to enable the feature.
If your host doesn’t have free SSL Certification and doesn’t have built-in support for Let’s Encrypt, there are still options for getting SSL Certification without paying extra for it. If you have shell access, or SSH access, you can use an ACME client to automate renewal for Let’s Encrypt. If you don’t have shell access, you can manually upload the cert and manually renew it, but this, of course, adds a lot of work. In that instance, you can ask your web host if they can add support for Let’s Encrypt. If they refuse to add support and don’t have a free SSL option, and you don’t have shell access, it may be time to switch to a different hosting provider.
In summary, how you switch your site to HTTPS depends on what host you’re using for your website, so contact them for more information on how to get a certificate.
Once You are Switched to HTTPS
Once your site is HTTPS, keep in mind the following things:
- Make sure your certificate is always up to date.
- Be sure your certificate matches your base website URL (if it doesn’t match exactly, the browser will tell users that your site is not safe, even if it is!).
- Allow your HTTPS site to be crawled by Google’s robots.txt.
- Add the new HTTPS site to the Google Search Console
Note: when you change your site from HTTP to HTTPS, Google treats it as a site move with URL changes, which means your site will take a brief hit to its traffic, but it should recover in a few weeks as Google finishes recrawling and reindexing your site.