SimonCox.com

Version 7.3

How to find insecure pages in your site before Google start penalising them

by Simon Cox
Simon Cox, Author

Topic
SEO

Google will be highlighting all non-secure sites from July 2018 meaning that the Insecure Content Report of Screaming Frog will be in use a lot over the next few months - I will show you what to do.

Embrace the security push

With the announce­ment that Google will be high­light­ing all non-secure sites, https, from July 2018 web­site own­ers need to think about how their sites are being deliv­ered to the pub­lic. For those not yet aware there are two pro­to­cols for web pages — http and https — Hyper­Text Trans­fer Pro­to­col and Hyper­Text Trans­fer Pro­to­col Secure. The Secure ver­sion needs a cer­tifi­cate that pro­vides a lev­el of secu­ri­ty for the user to prove that the site they are vis­it­ing is encrypt­ing the data between the site and the user’s brows­er — which in the­o­ry is safer than not encrypt­ing it — I will not go into the deep dark depths of that now. What you do need to know is that secure sites are already in the major­i­ty after a big push by Google over the past few years to get the dig­i­tal com­mu­ni­ty to embrace secu­ri­ty more. https is slow­er than http but there are now SEO advan­tages that out­weigh the speed disadvantage.

The keen eyed of you will notice as at this point in time (Feb­ru­ary 2018) this simon​cox​.com is not actu­al­ly run­ning on a secure serv­er- oth­er sites have tak­en prece­dence but I will be mov­ing it to a new serv­er as part of whats been a very long set of migra­tions to the fab­u­lous WESH UK host­ing where I will be enjoy­ing auto­mat­ed SSL cer­ti­fi­ca­tion! Once a site has been moved over to https you need to check every inter­nal link to ensure that they are also https. Often image paths are not rel­a­tive (start with a / or ../ ) but con­tain the full URL, such as:

http://example.com/images/image.jpg

A full site audit needs to be under­tak­en to catch all the URLs that were not migrat­ed. It is pos­si­ble that those URLs are being redi­rect­ed to the https URL but that adds a redi­rect into the jour­ney and will slight­ly com­pro­mise the worth of the inter­nal link — bet­ter to link directly.

I rec­om­mend you down­load the Scream­ing Frog SEO spi­der tool to run the audit on your site. It is free for 500 URLs so any­thing big­ger you will need to pay or you could hire some­one to do that for you — I am avail­able to do this kind of SEO audit at coxand​.co​.uk of course!

With Scream­ing Frog run a crawl against your website.

Once fin­ished go to the Pro­to­col tab and then you can fil­ter by http to show the un-secure URLs on your site.

Or you can use the Inter­nal tab and click on the Address col­umn head­er to sort it. You should then be able to review all URLs and eas­i­ly spot any­thing that is not https. If you have a shed load of URLs then you can use the fil­ter on the top right — just add http:// to that and it will fil­ter the list to show you all non secure inter­nal URLs found.

List them and fix them!


Comments