Posted: 05 Apr 2017 Contributor: Matthew J Fritschle
SEO Guidelines to Migrate Your Website from HTTP to HTTPS
HTTPS is the standard for all communication on the web, and our main discussion point today. Not only does it increase your site visitors’ trust, but if you have an eCommerce site, your sales as well. Why? Because we’re more likely to give our information to someone we trust.
Tantalizing, isn’t it? Well, if now want to know how to switch to HTTPS, you can forget about Googling, “How to switch website from HTTP to HTTPS?”, because here is all you need to know:
What is the Difference Between HTTP and HTTPS?
Let’s begin with HTTP (Hypertext Transfer Protocol), which is an internet communication protocol that allows communication between different systems. In essence, it’s used to transfer data from a web server to a browser. HTTPS (Hypertext Transfer Protocol Secure) is similar in that it’s an internet communication protocol, but unlike HTTP this one protects the integrity and confidentiality of your users’ data between their computer and your site. The difference, as we’ll soon see, is that HTTPS uses an SSL (secure sockets layer) certificate to create an encrypted connection.
For example, when a user enters data into a form on your site to subscribe to updates or purchase a product, HTTPS protects their personal information. After all, if you want repeat visitors to your site, you want them to feel safe while submitting sensitive information.
Now that you have an inkling as to what HTTPS is, are you wondering what are the advantages between HTTP and HTTPS? Yes? Good, in that case, how about talk about the benefits of an HTTP to HTTPS migration?
Business Benefits of HTTPS Over HTTP
- Security: As you might’ve guessed, HTTPS makes your website substantially more secure from hacking and other security breaches. As such, this is one of the biggest reasons to migrate from HTTP to HTTPS.
- Search Engine Optimization (SEO): HTTPS helps SEO by improving your site’s ranking in search engine results. If you’re now asking, “Okay, so what’s the SEO impact of migrating from HTTP to HTTPS?” Google’s got you covered. As per their update published a while ago on their official blog, security is a top priority for Google, and they promote HTTPS because it helps online businesses stay secure.
- Brand Trust: Just like home security system signs that people place on their front lawn, HTTPS builds trust with visitors. As a matter of fact, a survey conducted by GlobalSign found that 77% of website visitors are concerned about their data being intercepted or misused online. Like those signs, it’s important to let your visitors know that their information will be secure on your site. With HTTPS comes trust, and with trust comes sales.
- Accurate Referral Traffic Data: If you’re using Google Analytics to track your website’s traffic and performance, an HTTP to HTTPS migration is a must. Why? Because in Google Analytics, HTTPS to HTTP referral data is blocked. This means that traffic from an HTTPS website to an HTTP website is not be visible under the referral traffic of the HTTP website, and all traffic from HTTPS websites are considered direct traffic.
As per BuiltWith, approximately 10% of the top 1 million websites are using HTTPS to secure their data and to build trust with their users:
In a similar vein, BuiltWith also found that ‘business’ websites have the highest adoption rates of HTTPS protocols, followed by ‘shopping’ websites (after these there’s a steep drop-off):
As we can see in the graph above, most of the business sites and a fair amount of shopping sites have migrated from HTTP to HTTPS protocols and are currently receiving the benefits of HTTPS.
Moving from HTTP to HTTPS SEO Guidelines
Below are the best SEO practices for transferring from HTTP to HTTPS (before and after migration). If implemented correctly, these guidelines will help your website avoid any loss with SEO such as mixed content issues, which sometimes occur when a website is moved from HTTP to HTTPS.
Long story short, mixed content issues arise when some elements load in HTTP as opposed to HTTPS. This creates loopholes of sorts that attackers can target, and can be bad for two main reasons. First, there’s a weak link in the otherwise sturdy chain that is your website’s security. Second, most browsers respond to this by stopping the insecure elements from loading or displaying an ‘insecure content’ warning. This, in turn is bad because non-loading pages or ‘insecure content’ warnings reduce UX, leading to higher bounce-rates and lowered search engine rankings.
Before HTTPS Migration Checklist
- Draft Your Website’s Structure: Draft your website’s structure and think about what an HTTPS migration may affect, such as external scripts, external APIs, payment gateways, etc.
- Prepare a List of Website Pages: Make a list of your website’s pages so that you can locate all URLs in one location. This will make comparisons easier once you have implemented HTTPS protocols.
- Crawl Your Website’s Pages: Before migrating, crawl your website’s pages through the Google search console. To compare SEO benefits, make sure to keep a record of the crawl status (page caching data) and position of the pages in the search engine that are going to be migrated. This will be very helpful, as it will give you a nifty before and after migration SEO snapshot.
- Website Traffic Status: Similar to the item above, keep a traffic report of your website to see the before and after migration difference.
- External and Internal Backlinks: Keep records of internal and external links to and from your website to keep the benefits of old backlinks. This will help you make appropriate changes once HTTPS is implemented on your site.
- Check Robots.txt: Keep the status of your site’s robots.txt file, whether page URLs are blocked or not. For those who don’t know, this file helps web crawlers do what they do best (crawl your site).
- Page Speed: Check the page speed and keep a record of page download time for all individual pages, on both mobile and desktop. This will show you the page download time impact of migration.
- Create a Keyword Ranking Report: Create a keyword ranking report for targeted keywords and use it for before and after migration comparisons.
We’ve reached the metaphorical patty in the burger, AKA the technical guidelines that you should follow to complete the migration.
- SSL Certificates: There are 3 types of HTTPS SSL certificates that can be used to make a website HTTPS compatible (these encrypt information and make it unreadable to everyone except for the server the information is being sent to):
- Extended Validation (EV) SSL Certificates
- Organization Validation (OV) SSL Certificates
- Domain Validation (DV) SSL Certificates
A business can select a type of SSL certificate as per their security concerns and budget allocation
- HTTPS Certificate Types: Decide the kind of certificate you need (single, multi-domain or wildcard) and get an updated certificate from a reliable certificate authority (CA) that offers technical support.
- Single Certificate: Single certificates protect a single subdomain.
- Multi-domain certificate: Multi-domain certificates protect multiple domains with a single certificate
- Wildcard Certificate: Wildcard certificates protect multiple subdomains with one certificate, and subdomains don’t need to be defined at the time of purchase.
- Google recommends using a 2048-bit key certificate because it’s highly secure.
- Use relative URLs for resources that reside on the same domain that’s being secured.
- Follow these instructions provided by Mozilla to implement the SSL certificates.
As a side note, if you’re doing an HTTP to HTTPS WordPress migration, pay attention to your site’s CMS. You’ll need to change the WordPress Address (URL) and the Site Address (URL) in WordPress’ general settings. If, on the other hand, you’re working on an HTTP to HTTPS Apache migration and need help redirecting to the HTTPS version of your site, check this article out. Somewhat similarly, if you’re wondering how to change HTTP to HTTPS in IIS, you can go here for Microsoft’s advice.
After Migration from HTTP to HTTPS Checklist
Okay, by now you should be finished with technical nitty gritty and gearing up to complete the after migration checklist to make sure that everything is running smoothly:
- Place 301 Redirects: A no-brainer, use 301 redirects to point all HTTP URLs toward HTTPS, and do not use 302 or 303 redirects.
- Content on HTTP and HTTPS: Make sure the content on your HTTP and HTTPS sites are the same to avoid duplicate content issues.
- Canonical Tags: Make sure all canonical tags point to the HTTPS versions of the URLs.
- Page Internal Links: Rewrite hard-coded internal links (as many as possible) to point to the HTTPS URLs (this is better than relying on 301 redirects).
- Search Engine Webmaster Tools: Register the HTTPS URL versions in both the Google search console and Bing Webmaster Tools.
- Google Search Console: Use the Fetch and Render function in the Google search console tool to ensure that Google can properly crawl and render your site.
- XML Sitemap: Update your sitemaps to reflect the new URLs. Submit the new sitemaps to Webmaster Tools and leave your old (HTTP) sitemaps in place for 30 days so search engines can crawl and process your 301 redirects.
- Robots txt: Update your robots.txt files and add your new sitemaps to the file. Make sure your robots.txt doesn’t block any important pages.
- Google Analytics Code: If necessary, update your analytics tracking code. This change is required when you are using the old version of Google Analytics.
- HTTP Strict Transport Security (HSTS): Implement HTTP Strict Transport Security (HSTS), which tells web browsers to only access HTTPS pages even when directed to an HTTP page. This eliminates redirects, speeds up response time and provides extra security.
- Disavow file: If you have a disavow file, make sure to transfer any disavowed URLs into a duplicate file in your new Webmaster Tools profile.
- And of course, change the name of your website default URL to HTTPS.
Check the Status of your HTTPS URL Setup and Implementation:
- Use tools like SSL Check to scan your site for non-secure content. If the HTTPS page URLs are working properly, your report grade should be “A” (just like school).
- Check HTTPS redirects and legacy redirects to ensure they work correctly.
- Monitor the “Crawl Errors” report in the Search Console and address any errors appropriately.
So you’ve finished your website’s migration from HTTP to HTTPS and are wondering what to do now. Don’t worry, here it is:
- Social Platforms: Remove any links to the old HTTP page URLs and replace with the new HTTPS URLs (no 301 redirects are required).
- External Footprints (Backlinks): Make a list of all external footprints (from Google Webmaster Tools) and send a request to replace the old HTTP page URLs to the new HTTPS URLs. This will help you receive link benefits to your actual site pages. Though we are redirecting them, it is better to replace them with HTTPS based URLs wherever possible.
- Print Media: Remove all old HTTP URLs from print media, email signatures, visiting cards, billboard banners etc., and only use the HTTPS page URLs to promote the website.
- Paid Campaigns: Remove all the old URLs from all paid marketing campaigns to stop further promotion of old page URLs.
As this HTTPS migration guide is SEO-oriented, it’s best to talk about the HTTPS SEO impact. To begin with, don’t fret if you lose some traffic of keyword rankings in the immediate period after the migration. Everything should go back to normal within 1-2 weeks. Actually, things should be even better than normal now that your site is more secure, so look forward to that.