With the announcement that Google will be highlighting all non-secure sites, https, from July 2018 website owners need to think about how their sites are being delivered to the public. For those not yet aware there are two protocols for web pages — http and https — HyperText Transfer Protocol and HyperText Transfer Protocol Secure. The Secure version needs a certificate that provides a level of security for the user to prove that the site they are visiting is encrypting the data between the site and the user’s browser — which in theory is safer than not encrypting it — I will not go into the deep dark depths of that now. What you do need to know is that secure sites are already in the majority after a big push by Google over the past few years to get the digital community to embrace security more. https is slower than http but there are now SEO advantages that outweigh the speed disadvantage.
The keen eyed of you will notice as at this point in time (February 2018) this simoncox.com is not actually running on a secure server- other sites have taken precedence but I will be moving it to a new server as part of whats been a very long set of migrations to the fabulous WESH UK hosting where I will be enjoying automated SSL certification! Once a site has been moved over to https you need to check every internal link to ensure that they are also https. Often image paths are not relative (start with a / or ../ ) but contain the full URL, such as:
A full site audit needs to be undertaken to catch all the URLs that were not migrated. It is possible that those URLs are being redirected to the https URL but that adds a redirect into the journey and will slightly compromise the worth of the internal link — better to link directly.
I recommend you download the Screaming Frog SEO spider tool to run the audit on your site. It is free for 500 URLs so anything bigger you will need to pay or you could hire someone to do that for you — I am available to do this kind of SEO audit at coxand.co.uk of course!
With Screaming Frog run a crawl against your website.
Once finished go to the Protocol tab and then you can filter by http to show the un-secure URLs on your site.
Or you can use the Internal tab and click on the Address column header to sort it. You should then be able to review all URLs and easily spot anything that is not https. If you have a shed load of URLs then you can use the filter on the top right — just add http:// to that and it will filter the list to show you all non secure internal URLs found.
List them and fix them!