6 Top Tips For Moving a Website From HTTP to HTTPS

If you are responsible for the running of a website then a move to HTTPS may seem tempting at the moment. Google are using HTTPS as an indicator when they are ranking but they do say it has only a minor influence. Even if you are not worried about Google ranking (are you crazy!) you should plan to move to HTTPS at some point.

HTTPS is a protocol where communications between a web server and a client are encrypted. As I work for a company that develops network security monitoring software it is a topic that comes up a lot.

Some time ago I implemented HTTPS on our own website. Based on my own experience I decided to share these tips which you may find useful if you plan to enable HTTPS on your own web server.

Planning stage

Tip 1. Give yourself plenty of time to get a SSL certificate.

An SSL certificate is required to enable HTTPS on a web server. There are many providers of these but make sure you use a popular one like Comodo or Verisign. They have strict procedures when it comes to the issuing of certificates which can take up to two weeks.

Be prepared for form filling and phone calls. Your contact information must be up to date on your current website. Make sure you use an address where your business is registered and that phone numbers are current and working.

Fixing script issues is more complicated. I use https://www.whynopadlock.com/ to check what scripts are not using secure links. All you need to do with this site is paste in a HTTPS URL and it will tell you if any of the page elements are insecure. The most common issues are scripts that are contained within CSS templates or other PHP files.  It may take time to track them down if you are not familiar with command-line searches.

Moving to HTTPS on your live site.

Tip 3. Add your HTTPS site to webmaster tools.

Once you have enabled HTTPS on your website you need to add this to Google webmaster tools. I use a disavow file and at the moment I upload it to my HTTP and HTTPS sites within webmaster tools. I am not 100% on this and it’s something I need to check with Google.

If you don’t add your HTTPS site to webmaster tools you will be blind as to what search terms are bringing you traffic and all the other useful reporting that webmaster tools bring.

Add a 301 redirect so that all HTTP links map to their HTTPS versions. If you don’t do this you will probably drop down in the Google rankings.

Tip 4. Change all social sites so they use HTTPS links.

If you have a Facebook, Google+, or other social pages, make sure you update it with the HTTPS address of your site. This is important as search crawlers will pick up signals like this and it will tell them that you have moved to HTTPS.

In fact, once you move to HTTPS use secure links everywhere and if possible update back-links to your site so they use the HTTPS prefix. If you cannot do this don’t worry. Just make sure the back-links still work and that you don’t have any weird redirect issues.

What to check for after migration

Tip 5. Check Google Index.

When you enable HTTPS on your live site you should follow this guide to move a site with URL changes. Not all steps in this are required, it does say when to stop so watch out for that.

Once you complete this step you can then enter a search string like site:netfort.com and see what the URLs are like in the Google index. You should see HTTPS versions if everything goes to plan.

If you have issues do not suddenly reverse back to HTTP, this will cause more problems. Instead, focus on the issues preventing correct operation of HTTPS. This also applies if you see a drop in visitor numbers. Fix the HTTPS issues and your visitor numbers should come back up.

Tip 6. Watch out for the green lock.

Review all of your most popular content. If you don’t see a green lock top left you have a content problem on that page.

My closing piece of advice is to remind you again to make sure you fix the links and scripts on your current site before you move to HTTPS. Hope this helps and good luck with your HTTPS migration.

Darragh Delaney


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.