Migrating your site from HTTP to HTTPS can seem like an overwhelming and complex process. However, with big security benefits and SEO advantages, it makes sense to migrate from HTTP to HTTPS. The process needn’t be difficult either. The key is to migrate using 301 to redirect HTTP to HTTPS.
First up, we’re revising the basics of what HTTPS is.
You may have noticed in the left corner of the browser search bar at the top of the page there’s often a small green padlock accompanies with the code HTTPS or Hypertext Transfer Protocol Secure.
Source: Tribulant Software
It’s the secure version of HTTP which is the primary protocol used to exchange data between a browser and a website. HTTPS is encrypted to improve the security of data transfer. This is essential for sites that handle sensitive information like bank details, passwords or personal data.
Source: Omni Convert
Any site that handles any kind of login details should use HTTPS. In browsers like Chrome, you’ll notice that any web page which doesn’t have HTTPS is marked as not secure.
Source: How-To Geek
Google outlines several critical reasons for changing to HTTPS in their website migration guide:
Any information sent using HTTPS is secured with Transport LayerSecurity Protocol (TLS) which provides three layers of protection:
HTTPS is not just essential for giving you and your users peace of mind that your site is secure but it’s also an important part of SEO.
Back in 2014, Google made HTTPS a ranking signal to give secure HTTPS sites a boost. Unsurprisingly, Google wants the web to be a safer place so more users trust their search results. While it’s still only a lightweight ranking signal, its Google’s way of encouraging webmasters to make the switch to HTTPS.
Additionally, it’s worth remembering that if browsers like Chrome notify users that your site isn’t secure, page visitors are likely to hit the back button right away and increase your bounce rate.
When migrating to HTTPS, Google recommends that you do so with a per-URL basis. It’s best to do the migration using 301 redirects.
Source: Hallam Internet
Using 301 redirects generally makes the migration from HTTP to HTTPS much cleaner. If Google recognises that all of the old URLs have just moved to a new one, you haven’t removed anything, not indexing anything or robots.txt it makes it a lot easier for Google to trust the migration as one big site move from HTTP to HTTPS as opposed to something else.
When things are made clear to Google, the search engine can see that it’s just a generic move and it doesn’t need to think about the details. When Google can do this, it’s then more likely that the search engine can just switch everything over without any big noticeable changes to the site.
While it’s possible to use 303 redirects, as well as other status codes to migrate from HTTP to HTTPS, it’s not really advisable.
Google says that if you start using other kinds of HTTPS result codes for redirects then the search engine ultimately takes longer to reprocess each URL and ultimately makes it harder for Google to pass on the signals to the new version of the site.
If you want your site to consistently rank well in the SERPs it’s always better to keep on Google’s good side and make life easier for the search engine. Ensuring it’s easy for Google’s bots to crawl your page means the search engine is more likely to reward your page.
If you’ve been thinking about migrating your site from HTTP to HTTPS for a while, you need to think about the proper steps to ensure your site’s traffic doesn’t suffer. This basically means communicating to Google that you moved your site from HTTP to HTTPS.
Source: Free Code Camp
You can do this by:
SSL certificates are small data files which bind a key to an organisation’s personal details. When correctly installed, it activates HTTPS protocol which allows secure connections between web browsers and servers.
You can purchase SSL certificates from a few different vendors. We suggest:
You can choose from three different certificate types depending on your business’s needs.
This is a pretty technically advanced step if you’re not used to installing SSL certificates. It might be best to hire a specialist for the job but you can also check out this guide to get you started.
It’s best to use relative URLs as a general rule, but there will always be times when someone has hard-coded a URL so you will need to do a full sweep on your site and database during an HTTP to HTTPS migration.
Again if you’re unsure about performing database changes, it’s best to leave it to an expert who can make sure the job is done correctly.
You need to update any custom scripts you may have so they now point to HTTPS versions. This includes third party hosted scripts otherwise your site may bring up a mixed content warning.
Building 301 redirects is the most critical step in the whole migration process. 301 redirects are a permanent redirect which passes on around 90% of link juice (ranking power) to the redirected page.
If you don’t use 301 redirects, you’ll most likely seriously damage your SEO efforts and may see your rankings plummet overnight.
It’s best to implement 301 redirects at a server level as opposed to using a plugin. It’s actually simpler to do it at the server level too if you’re handling hundreds of URLs.
Adding 301 redirects requires comfort with coding so it’s best to do it only if you have knowledge already - if not leave it with an expert.
Any hard-coded links or blocking rules that may be present in your robots.txt files might still point to HTTP files. It’s important they’re updated so they point to the new HTTPS files.
Once your site is running on HTTPS, you need to create a new Google Search Console profile. Click ‘Add a Property’ and continue with the claiming process.
If you use sitemaps (which you should) you’ll need to resubmit the HTTPS version in your new Google Search Console profile.
Paste your URL into the URL Inspection tool and hit enter. Click ‘Request Indexing’ and Google will recrawl your website. Sometimes it can take weeks for Google to recrawl everything on your site properly following a migration so this step speeds things up.
This is an essential step if your site has ever suffered from bad SEO or you’ve needed to remove a backlink. You’ve probably created and submitted a disavow file in the past, this is just a case of redoing it with your new Google Search Console profile.
If you don’t resubmit your disavow file under the new profile, Google won’t see your disavow file when a new algorithm update lands.
This is easily done by heading to your original Google Search Console profile and downloading the disavow file. You then need to launch the disavow tool under your HTTPS and resubmit the file.
Under your account, click into Admin and view your settings. Flip the URL into the HTTPS version. Do the same in your property settings too. This means you won’t lose any of your history and can pick up where you left off.
Once you have your SSL certificate in place, it’s important to ensure that users actually visit the HTTPS version of your site and not the HTTP one. If you’ve correctly implemented 301 redirects, there shouldn’t be a problem.
To check that the redirect is in place, go to your homepage and check the URL bar. You should see your site displayed along with https and a lock icon.
Change this to HTTP and hit enter. If the redirect is correctly in place, you’ll be redirected automatically to the HTTPS version.
If this works properly, your redirects should be properly in place, however, there can still be issues:
Migrating from HTTP to HTTPs is an essential step for both security and SEO. While it can be a slightly complex process, once you know the steps it’s much easier. The key is to create 301 redirects so HTTP pages go to HTTPs. Remember if you’re not comfortable with coding or making domain changes ask a specialist to help you out.