A Guide to Using 301 to Redirect HTTP to HTTPS

A Guide to Using 301 to Redirect HTTP to HTTPS 

Migrating your site from HTTP to HTTPS can seem like an overwhelming and complex process. However, with big security benefits and SEO advantages, it makes sense to migrate from HTTP to HTTPS. The process needn’t be difficult either. The key is to migrate using 301 to redirect HTTP to HTTPS. 

Today we’ll be covering the basics of how to migrate, why it’s important for your SEO and why you should always use 301 redirects over others.

What Is HTTPS?

First up, we’re revising the basics of what HTTPS is. 

You may have noticed in the left corner of the browser search bar at the top of the page there’s often a small green padlock accompanies with the code HTTPS or Hypertext Transfer Protocol Secure. 

Source: Tribulant Software

It’s the secure version of HTTP which is the primary protocol used to exchange data between a browser and a website. HTTPS is encrypted to improve the security of data transfer. This is essential for sites that handle sensitive information like bank details, passwords or personal data. 

Source: Omni Convert

Any site that handles any kind of login details should use HTTPS. In browsers like Chrome, you’ll notice that any web page which doesn’t have HTTPS is marked as not secure. 

‍

Source: How-To Geek 

Why Is HTTPS Important? 

Google outlines several critical reasons for changing to HTTPS in their website migration guide: 

Any information sent using HTTPS is secured with Transport LayerSecurity Protocol (TLS) which provides three layers of protection: 

1. Data Integrity. Data can’t be modified or corrupted during transfer on purpose or otherwise. 
   

2. Encryption. Data is encrypted so it’s safe from snoopers trying to steal information. 
   

3. Authentication. Shows that your users are communicating with the intended site. This protects against any possible interfering attacks and builds trust which results in both SEO and business benefits. 
   

HTTPS is not just essential for giving you and your users peace of mind that your site is secure but it’s also an important part of SEO. 

Back in 2014, Google made HTTPS a ranking signal to give secure HTTPS sites a boost. Unsurprisingly, Google wants the web to be a safer place so more users trust their search results. While it’s still only a lightweight ranking signal, its Google’s way of encouraging webmasters to make the switch to HTTPS. 

Additionally, it’s worth remembering that if browsers like Chrome notify users that your site isn’t secure, page visitors are likely to hit the back button right away and increase your bounce rate. 

Using 301 to Redirect HTTP to HTTPS

When migrating to HTTPS, Google recommends that you do so with a per-URL basis. It’s best to do the migration using 301 redirects. 

‍Source: Hallam Internet

Using 301 redirects generally makes the migration from HTTP to HTTPS much cleaner. If Google recognises that all of the old URLs have just moved to a new one, you haven’t removed anything, not indexing anything or robots.txt it makes it a lot easier for Google to trust the migration as one big site move from HTTP to HTTPS as opposed to something else. 

When things are made clear to Google, the search engine can see that it’s just a generic move and it doesn’t need to think about the details. When Google can do this, it’s then more likely that the search engine can just switch everything over without any big noticeable changes to the site. 

Can You Use 303 Status Codes? 

While it’s possible to use 303 redirects, as well as other status codes to migrate from HTTP to HTTPS, it’s not really advisable. 

Google says that if you start using other kinds of HTTPS result codes for redirects then the search engine ultimately takes longer to reprocess each URL and ultimately makes it harder for Google to pass on the signals to the new version of the site. 

If you want your site to consistently rank well in the SERPs it’s always better to keep on Google’s good side and make life easier for the search engine. Ensuring it’s easy for Google’s bots to crawl your page means the search engine is more likely to reward your page. 

How to Begin Migrating Your Site to HTTPS

If you’ve been thinking about migrating your site from HTTP to HTTPS for a while, you need to think about the proper steps to ensure your site’s traffic doesn’t suffer. This basically means communicating to Google that you moved your site from HTTP to HTTPS. 

Source: Free Code Camp

You can do this by: 

• Not blocking your HTTPS site from crawling using robots.txt
• Deciding the kind of certificate you need: multi-domain, single domain or wildcard
• Using 2048-bit certificates 
• Implementing relative URLs that are on the same secure domain
• Using protocol URLs for other domains 
• Avoiding the noindex robots tag and allowing indexing of all your web pages by search engines when possible 

How to Migrate from HTTP to HTTPS

1. Buy an SSL Certificate
   

SSL certificates are small data files which bind a key to an organisation’s personal details. When correctly installed, it activates HTTPS protocol which allows secure connections between web browsers and servers. 

You can purchase SSL certificates from a few different vendors. We suggest: 

• SSLs.com 
• GoGetSSL.com

You can choose from three different certificate types depending on your business’s needs. 

1. Domain Validation. Single domain or subdomain that’s inexpensive and issued within minutes via email. This shows up as a green padlock. 
   

2. Business/Organization Validation. A single domain or subdomain that requires business verification which provides a higher level of trust and security. This is usually issued within 1-3 days. This is shown by the business’s address appearing in the green bar. 
   

3. Extended Validation. The same as above but with a higher level of trust and security, issued within 2-7 days. 
   

Source: Pinterest

2. Install Your SSL Certificate 

This is a pretty technically advanced step if you’re not used to installing SSL certificates. It might be best to hire a specialist for the job but you can also check out this guide to get you started. 

3. Update all Hard-Coded Links to HTTPS

It’s best to use relative URLs as a general rule, but there will always be times when someone has hard-coded a URL so you will need to do a full sweep on your site and database during an HTTP to HTTPS migration. 

Again if you’re unsure about performing database changes, it’s best to leave it to an expert who can make sure the job is done correctly. 

4. Update Custom Scripts to HTTPS 

You need to update any custom scripts you may have so they now point to HTTPS versions. This includes third party hosted scripts otherwise your site may bring up a mixed content warning. 

5. Create 301 Redirects to New HTTPS URLs

Building 301 redirects is the most critical step in the whole migration process. 301 redirects are a permanent redirect which passes on around 90% of link juice (ranking power) to the redirected page. 

If you don’t use 301 redirects, you’ll most likely seriously damage your SEO efforts and may see your rankings plummet overnight. 

It’s best to implement 301 redirects at a server level as opposed to using a plugin. It’s actually simpler to do it at the server level too if you’re handling hundreds of URLs. 

Adding 301 redirects requires comfort with coding so it’s best to do it only if you have knowledge already - if not leave it with an expert. 

6. Update Your Robots.txt File 

Any hard-coded links or blocking rules that may be present in your robots.txt files might still point to HTTP files. It’s important they’re updated so they point to the new HTTPS files. 

7. Update Google Search Console 

Once your site is running on HTTPS, you need to create a new Google Search Console profile. Click ‘Add a Property’ and continue with the claiming process. 

Resubmit your site for sitemaps

If you use sitemaps (which you should) you’ll need to resubmit the HTTPS version in your new Google Search Console profile. 

Use the URL Inspection Tool 

Paste your URL into the URL Inspection tool and hit enter. Click ‘Request Indexing’ and Google will recrawl your website. Sometimes it can take weeks for Google to recrawl everything on your site properly following a migration so this step speeds things up. 

8. Resubmit Your Disavow File 

This is an essential step if your site has ever suffered from bad SEO or you’ve needed to remove a backlink. You’ve probably created and submitted a disavow file in the past, this is just a case of redoing it with your new Google Search Console profile. 

If you don’t resubmit your disavow file under the new profile, Google won’t see your disavow file when a new algorithm update lands. 

This is easily done by heading to your original Google Search Console profile and downloading the disavow file. You then need to launch the disavow tool under your HTTPS and resubmit the file. 

9. Update Your Google Analytics Profile URL 

Under your account, click into Admin and view your settings. Flip the URL into the HTTPS version. Do the same in your property settings too. This means you won’t lose any of your history and can pick up where you left off. 

How to Make Sure the HTTP Version of Your Site Redirects to HTTPS Using 301 Redirects

Once you have your SSL certificate in place, it’s important to ensure that users actually visit the HTTPS version of your site and not the HTTP one. If you’ve correctly implemented 301 redirects, there shouldn’t be a problem. 

To check that the redirect is in place, go to your homepage and check the URL bar. You should see your site displayed along with https and a lock icon. 

Change this to HTTP and hit enter. If the redirect is correctly in place, you’ll be redirected automatically to the HTTPS version. 

If this works properly, your redirects should be properly in place, however, there can still be issues:

• HTTPS to HTTP redirects
• HTTP to HTTPS redirects aren’t implemented across all your web pages like subdomains. 

Summary 

Migrating from HTTP to HTTPs is an essential step for both security and SEO. While it can be a slightly complex process, once you know the steps it’s much easier. The key is to create 301 redirects so HTTP pages go to HTTPs. Remember if you’re not comfortable with coding or making domain changes ask a specialist to help you out.