The first step of any SEO audit is to check that each version of a website is only accessible under one URL.
Let’s clarify the problem: If two different versions of a website are indexed in Google, let’s say:
…then both versions are independent websites from the point of view of a search engine. Search engines then have problems to decide which version of a website is the relevant one. In addition, there is the danger that a website is indexed several times (which is rare but possible) and that the same versions of websites are in competition with each other.
Our task is, therefore, to open the input mask of a browser and call up every version of your website. In the best case, no matter which version of your website you type in, you will be redirected to a single one of them.
Possible URL variants of a domain:
If your website is available under several domains, ask your web host to adjust the .htaccess or DNS settings of the website so that this error is corrected.
Install a valid SSL certificate
You should also make sure that your website has a valid SSL certificate. Almost every web host is now able to issue a free and automatically renewing SSL certificate using Let’s Encrypt.
Unsecured pages are now marked as “unsafe” by most browsers.
Since this message can be a deterrent for many users, you should make sure that your website is always accessible at https://. If you are an online shop or process personal data on your website, you may even be obliged to operate the website using secure encryption.
Last but not least https:// is a minimal ranking factor, as Google has already publicly confirmed several times.
Check that all content is embedded via https://
Unfortunately, the sole integration of an SSL certificate is not sufficient to make all the contents of your website accessible via https://. You also have to change all URLs & contents of your website so that they can be called with https:// instead of Http://.
Meanwhile this process is quite simple with the help of some plugins. Enclosed we show you two solutions to move to an encrypted connection.
Attention: Please create a backup of the website before you work with the following plugins.
Better Search Replace
With this plugin, it is possible to search all URLs of a WordPress website within the MYSQL database and change certain entries.
Time needed: 10 minutes.
The following instructions describe how you can change the URL version of your WordPress website with the plugin “Better Search Replace“.
- Open the WordPress Dashboard
Open the backend of your WordPress installation.
- Install WordPress Plugin
Install the plugin “Better Search Replace” & activate it. We also recommend that you make a backup of your website.
- Visit the Plugin Settings
Call up the plugin interface under “Tools” > “Better Search Replace“.
- Check WordPress Database for outdated Domain Versions
Look for the following scheme if you want the website to be accessible at https://ihre-website.de: “http://ihre-website.de“. If you want your website to be accessible at https://www.ihre-website.de, search for the following scheme: “http://www.ihre-website.de“.
- Replace URL
Replace the URL with https://www.ihre-website.de or https://ihre-website.de.
- Perform test run
Activate “Test run” to see whether the operation can be performed at all.
- Deactivate test run
If the “test run” is successful, you can perform the same procedure again. However, deselect “Test run”.
- Remove Better Search Replace
You can then disable & uninstall the plugin again.
Really Simple SSL
Another plugin for setting up an SSL certificate is the Really Simple SSL plugin. Here, only the activation of the plugin is necessary because the plugin works completely without configuration (out of the box).
A disadvantage, however, is that the plugin must remain permanently activated. This can cause incompatibilities, security gaps and maintenance efforts.
Notes from the developer console
You can use the developer console to check your website for errors. You can find it in Google Chrome under “Settings” > “More tools” > “Developer tools“.
In the tab “Console” you should not get an error message in the best case. However, if scripts and contents of other websites are integrated, it often happens that these are still loaded via http://. These then cause a so-called “Mixed Content Error” inside the “developer console“.
Mixed Content: The page at ‘https://googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/active-mixed-content.html’ was loaded over HTTPS, but requested an insecure script ‘http://googlesamples.github.io/web-fundamentals/samples/discovery-and-distribution/avoid-mixed-content/simple-example.js’. This request has been blocked; the content must be served over HTTPS.Example for a Mixed Content Error
As a website operator, you should resolve such warnings. Not only because they reduce the loading time of your website enormously, but also because they can lead to display errors if the corresponding content is blocked by the browser or any extensions.
Conclusion: SEO without SSL is not possible!
Search engines like Google have long since admitted that SSL is a ranking signal. Since December 2010, pages with unsafe content have even been blocked. Until now, unsecured pages were loaded anyway. Since security warnings can have a huge negative impact on the user experience, you should always make sure you have a valid SSL certificate. And finally, privacy is also in the legal and everyone’s personal interest.
The next step of the SEO audit is to check if all pages of your website can be indexed.