Learn why and how to convert your site from HTTP to HTTPS
Online shopping is a trend that keeps growing every day. And the users’ concerns about their own safety increases as well.
On the one hand, people are more and more used to search online for goods and services to purchase.
On the other hand, all of them want to be sure that their information — like personal data and credit card numbers — won’t fall into malicious hands, be it ill-intended institutions or cybercriminals.
Beyond that, even on purely informative websites, users who browse pages online are constantly exposing their data by signing up for newsletters, accepting cookies, among other less clear ways of providing info.
With this scenario set, the website owners must do their best to assure their users and show them those pages are, in fact, a protected space to browse and do transactions.
There is where Digital Certificates come into play, like HTTPS. Its goal is to make a site safer while contributing to its performance. From now on, keep reading to learn everything about converting to HTTPS in the following topics:
- What is HTTPS?
- Why convert my website to HTTPS?
- What are the steps to migrate to HTTPS?
- What are the usual challenges when converting to HTTPS?
- What other changes and updates do you need to consider?
- Is it worth migrating to HTTPS?
What is HTTPS?
HTTPS stands for HyperText Transfer Protocol Secure. It sounds complicated, but it’s actually pretty simple.
The HTTPS adds an extra layer of protection to the already consolidated HTTP. The new protocol was enforced by Google to appear in its SERPs, and that is why you see almost every website and web portal migrating to the new certificate.
HTTPS uses data encryption by default when the user and the server are exchanging information — shielding the confidentiality and the integrity of that process.
In other words, it means only the two ends on that communication can decode and read what is being transmitted. It mitigates risks of someone intercepting data and makes it virtually impossible to know what it is about, even if they can steal it.
Which websites should switch from HTTP to HTTPS?
Contrary to what some people believe, HTTPS was always a must-have for any kind of website, not only e-commerce. That’s because, in parallel with the security itself, it contributes to other beneficial factors we will talk about later.
Today, the protocol is even more important, as Google requires pages to have the certificate if they want to be shown as relevant results for user searches. Not doing that can deeply harm a Digital Marketing strategy — and the visibility of the brand as a whole.
How to know if a site uses HTTPS?
In addition to the “https://”, sites with HTTPS usually have a green lock displayed before its address on the navigation bar.
Why convert my website to HTTPS?
The first reason to migrate to HTTPS — using an SSL certificate — is your website security, as we mentioned. Especially for e-commerce, it is crucial to have that kind of encrypted protection when processing payment.
To other pages hosted in WordPress, HTTPS brings more security to a login page. Imagine having yours and your visitors’ data compromised by criminals. How bad would this situation be legally and to your brand’s image?
In competitive markets like e-commerce, being safe isn’t enough. You have to look safe too. Most users don’t understand well the protocols and the meaning of encryption. But when they see the green lock before the navigation bar, they know what it means. It is a matter of credibility, professionalism, and trust.
A benefit HTTPS brings to sites, and is not really well known, is that the protocol can somewhat improve a page’s performance — especially making it quicker to load.
We’ve already mentioned that Google requires the switch from HTTP to HTTPS, but that is not the only thing that the secure protocol has in its favor when talking about Search Engine Optimization.
What are the steps to migrate to HTTPS?
Step 1: Buying an SSL Certificate
It is possible to buy a certificate straight from your web hosting provider, though you can get it somewhere else if you see a better deal. Knowing that some of them even offer it for free when the user is purchasing a hosting plan.
There are different kinds of certificates, and the choice depends on your needs. For e-commerce and e-learning, it is recommended to buy those with Organization Validation (OV) — fully authenticated.
Step 2: Checking compatibility with your website’s features
One of the most important steps when migrating is to make sure the site will keep functional and running properly after the change. To do that, you have to certify that all external features your pages need are provided under the same protocol.
Step 3: Preparing the migration
The complexity of the process depends a lot on your website’s size and the number of existing pages. A small site can be migrated at once.
But, if you have too many URLs, you can do that in parts. For example, starting with specific subdomains where more important content and features are.
You can also enable the HTTPS protocol without disabling HTTP until everything is good. In that case, you should use Canonical Tags to avoid duplicated content.
Just remember that you will end up losing some social media engagement metrics — sharing, likes, and others.
Another point to take into consideration is when you are planning to do it. The best timing varies from market to market. For e-commerce, it is a good idea to avoid doing that on holidays and other seasonal dates.
To most companies, weekends or extended days off are better because it means less traffic when doing the migration.
Anyway, prepare your team’s mental strength and yours to deal with unexpected problems and delays. This guide serves exactly as a way to minimize those situations.
Step 4: Enabling HTTPS
After the planning phase, it is time to start and enable HTTPS on your website.
With the protocol up and running, and the correct implementation of all the setup needed, it will be already possible to access the pages via HTTPS. You need to check if the SSL certificate is correctly installed.
To do that test, you can leave HTTP and HTTPS running in parallel for about 5-10 minutes. If nothing is broken or acting strangely, you can conclude the transition.
Step 5: Updating features to HTTPS
The HTTPS is running after step 4? Great!
Now it is time to update internal links and features. The goal is to reorganize the website’s architecture, making it as lean as possible to make the search engines’ work easier.
That means avoiding redundant redirecting, for example. At this stage, you can check Canonical Tags, as mentioned. Google thanks you and your site’s SEO too!
After that, it is also important to take care of external features. The update will guarantee that your site keeps or improves loading time. It will happen because, once again, you will be avoiding redundant redirecting.
After checking internal links and external features, you can still test the certificate’s implementation on the server. The test allows you to identify possible tweaks to be made, like support restriction to specific browsers.
Step 6: Adding the new version of the site to Google Search Console
You may have noticed that Google Search Console considers addresses with and without “www” as two different sites, demanding some aspects to be verified on both. The same happens to HTTP and HTTPS.
Because of that, you will have to add the HTTPS version of your site to Search Console and verify it. Just follow the instructions given by the platform. By moving your website to a new property on Google Search Console, you will also need to update any configuration required.
And, of course, it is important to create an XML Sitemap for the new URLs with HTTPS. An XML Sitemap helps Google and other search engines to track and index your content quicker, which makes it a crucial step for your SEO.
But have this in mind: keeping the XML with the HTTP URLs is highly recommended. Instead of deleting it, just add the new XML Sitemap for HTTPS and keep both on Search Console.
Step 7: Enabling HTTP/2 and HSTS
After making sure the HTTPS protocol is working, you have at your disposal a new feature that speeds up the loading of content on your site — HTTP/2. Actually, most browsers already have support for the format, but only when the site is under HTTPS.
While HTTP/2 can improve your pages’ loading speed, HSTS tries to prevent redundant requisitions made to servers that operate exclusively with HTTPS. That is an advanced feature that can be used by your webmaster — as it will probably be irreversible after installed.
Step 8: Redirecting HTTP to HTTPS
While and after migrating a website to HTTPS, it is important to map URLs that were accessed via HTTP and redirect them to the new protocol.
You should give special attention to the most visited pages — the ones which get more organic traffic. Check if they are being correctly redirected to the new URLs via code 301.
What are the usual challenges when converting to HTTPS?
As we discussed before, it is not uncommon that unpredictable problems come up, so you need to adjust some things.
If such incidents happen, the best thing to do is not losing your temper. Migrations involve a lot of variables, and it is crucial to keep calm and stick to the plan.
To be better prepared and avoid surprises, it is useful to know what difficulties and challenges are common when converting to HTTPS.
The first one is the removal of the SSL certificate for some reason (mostly when site owners try to go back from HTTPS to HTTP). That’s a problem. It should always be active, no matter the situation.
The second one is to have a URL’s removal request in any of both protocols. Removals in HTTP affect HTTPS and vice-versa. Always keep that in mind when getting rid of any page.
The third one is to use 301 redirecting protocols but forgetting to change Canonical Tags. That conflict makes it harder for search engines to index your pages, and your SEO will be harmed.
What other changes and updates do you need to consider?
Updating Google Analytics
Like we talked about Search Console, you will probably want to update your Analytics with the new protocol. As we said, it will be treated as a whole new website.
On your dashboard, you can access your admin settings and change the URL to the new HTTPS address. The same can be done when configuring properties. By doing that, you avoid losing data from your history and can pick up from where you left off with HTTP.
Updating your Disavow file
This is a step recommended only to experienced webmasters. However, if you are a site owner, suffered from negative SEO, and had to remove a backlink, your webmaster probably used a Disavow file.
If that was done at some point, you will need to update the file, changing all HTTP addresses to HTTPS. If you don’t do that, Google can’t see the Disavow file the next time it tracks your website, and you will have the same problems with bad SEO all over again.
Is it worth migrating to HTTPS?
It is clear that migrating to HTTPS can bring a great number of benefits to your site.
After Google pulled the plug on HTTP, it isn’t any more a question of if, but how. The doubt that remains then is: should I switch from HTTP to HTTPS myself, or is it better to hire a professional?
The answer depends on how familiarized you are with the technical part of your website.
For those who aren’t programmers, it is valid to hire specialized help to migrate. Even then, it is important to know the necessary steps so you can protect your content and contribute to an easy as possible process.
Converting to HTTPS is even more complex for a website that needs to focus on analyzing metrics. Check out our free infographic about how your site’s performance can impact your sales!