14-point checklist for a successful HTTP to HTTPS migration

The HTTP To HTTPS Migration Checklist

Congrats, you have finally decided to move your site from HTTP to HTTPS. Google is going to love you, your readers are going to love you and everyone on the internet are going to love you for making the internet more secure and a safer place for everyone. According to Google, HTTPS (Hypertext Transfer Protocol Secure) is nothing but an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and your website. HTTPS is also known as HTTP over TLS or Transport Layer Security. Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection – encryption (all data sent between your server and the users’ browser is encrypted), data integrity (ensures data is not tampered with), and authentication (ensures your data is not being intercepted).

If you are familiar with search engine optimization best practices, you would have heard already about the preference Google gives to sites which are secure over non-secure websites. In 2014 itself Google announced that it will be taking HTTPS as a ranking signal, that is, it will give your content more preference over your competitors if your site is secure and theirs isn’t. So, let us dive into the HTTP to HTTPS migration checklist for SEO –

1. Make Sure You Have Installed SSL Successfully

SSL (Secure Sockets Layer) is the standard security protocol for establishing an encrypted link between the server and a client, typically between your site’s web server and the user’s browser. You can check if you have installed SSL properly by using the SSL Checker tool.

Note: If you cannot afford the premium SSL certificated, you can install free SSL certificates like Cloudflare’s Universal SSL or Let’s Encrypt’s free SSL. Cloudflare’s SSL doesn’t require you to do anything on your server, whereas for configuring Let’s Encrypt SSL, you need to have access to your server and some technical knowledge. Or, you can totally migrate your website to a new host which supports easy installation on Let’s Encrypt certificates.

2. Make Sure HTTP Requests Is being Transferred to HTTPS

If you are using WordPress, you can use the Really Simple SSL plugin to automatically detect your settings and configure your website to run over HTTPS. Check your site with Redirect Checker to verify that every request to transfer is 301 from HTTP to HTTPS. Here are some other plugins worth checking out which performs the same function on your WordPress site.

Note: Really Simple SSL plugin makes changes to your .htaccess file in your web server. Make sure you take a backup of your .htaccess file before making any changes. I’m including this warning because messing with ‘that particular file’ can make things complicated for you in one click and your website may fail to load.

3. Make Sure All Your Requests Are Using HTTPS

Make sure all requests to the static content on your website like images, JavaScript and CSS loads over HTTPS. You can check it using the inspect element feature, that is the ‘Console’ on Google Chrome or the ‘Web Console’ in Firefox. Make sure your brand new HTTPS site is showing the green padlock icon in the address bar.

4. Make Sure All Versions Of Your Website Is Added To Google Search Console

Let us assume your website address is http://yourwebsite.com. Now, add it to your Google Search Console. Next, add the WWW version (http://www.yourwebsite.com) of your website even if it is redirected to the non-WWW version. Now, we have added two HTTP variations of your website but without the SSL. Finally, let us add the HTTPS versions of your website too. Add https://yourwebsite.com and https://www.yourwebsite.com and save changes. Finally, don’t forget to set the preferred version which you would like Google to use to display to your organic site visitors. Organic visitors are those people who land on your website from search engines. For a more detailed explanation of this concept, check out this post on Search Engine Land.

5. Your Old HTTP Links Will Be Updated With HTTPS In Time In Google Index

All these days Google was serving HTTP versions of your site to your organic visitors. But now that you have added the HTTPS version of your site to Google Search Console and have set it as the preferred version, it will start updating the previously indexed links of your website in search engine results page (SERP).

6. Traffic To HTTP Version Of Your Website Will Drop With Time

Once Google starts replacing SERP links to your site with secure versions, traffic (number of requests) to your non-secure HTTP version of your website will start falling. It is at this time that the total traffic to your website will take a hit.

7. You Will See An Increase In HTTPS Traffic In Your Google Search Console

Since we have set HTTPS as the preferred version of your website in Google Search Console, you will notice that the number of HTTPS requests to your website is on the rise, thanks to the falling number of requests to HTTP versions of your website. It is at this stage that your site will slowly get back to where it was prior to migrating your site from HTTP to HTTPS.

8. Don’t Forget To Change To HTTPS In Google Analytics

Don’t bother about this if you are not using Google Analytics (which you should) to track your website’s analytics. Migrating your website from HTTP to HTTPS will cause some confusion and wrong data to be displayed in your Google Analytics reports. This is due to referral loss which causes a spike in your direct traffic. To fix this problem, just update your default URL in the property settings from your Google Analytics account. Also, you should re-authenticate the HTTPS version of your site in your Google Search Console to your Google Analytics account.

9. Make Sure Your New Sitemap Supports HTTPS And Submit It To Google Search Console

I hope you know what a sitemap is as every website on the internet needs a sitemap. A sitemap is an XML file that lists all the pages of your website. It tells search engines how your content is structured on your site. Also, it makes it easier for search engine bots to crawl your website. So, make sure you have got one and that it loads over HTTPS properly. If you are using WordPress, you can use Yoast plugin to generate your sitemap for free. You can read more information about XML sitemap over here. Also, don’t forget to submit the new sitemap to Google. You can do it from within your Google Search Console under the sitemap tab.

10. Update All Your Social Media About Us Links To HTTPS

Replace all links to your website on your social media accounts to reflect the changes.That is, add the HTTPS version of your website instead of the old HTTP version.

11. Use Google Search Console’s Fetch And Render Tool To Verify That Your Site Is Being Crawled Fine

Using Google’s powerful fetch and render tool, you can see how Googlebot renders your page. It will show you a visual representation of how Googlebot sees your page. This is one important tool that many web developers and SEO specialists rely on. Read why Google’s fetch and render tool is important from this article by SEMrush.

12. Keep An Eye On Your Current Google Search Console Errors

Since you have migrated your site from HTTP to HTTPS, be ready to embrace the errors you’re about to be bombarded with. Keep an eye on these errors and try to fix them. Most of these errors should get resolved on its own in a month’s time if you have properly followed the above points. If you’re not sure about the error message, just leave a comment below this post and I’ll get back to you.

13. If You’re Using CDN, Change Its Configuration Accordingly

Most of us are aware of what CDNs are and how they can help secure and boost your website. Previously you would have configured to work with your HTTP site but now that you have migrated your site to HTTPS, you need to reflect the changes in your CDN dashboard too. Else, it won’t serve the images requested by your new secure site. The internet works in a different way and HTTP requests & HTTPS requests are not the same.

14. Check Your Site For Different Devices And Locations

Sometimes, migrating your site from HTTP to HTTPS can break a few things unexpectedly. So, it is your duty to check that your website is loading properly for everyone. Make sure you use different devices like laptops, smartphones, and tablets from different network locations to check if your website is loading properly. You can also use tools like Website Availability Test, Global DNS Propagation Checker or GeoScreenshot to assess the same.

Conclusion

Thus I hope that you found this checklist for switching to HTTPS quite useful and that it helped you in migrating your website from HTTP to HTTPS without any hassle. If you’re facing any problem, just leave out a comment below and I’ll get back to you with a proper solution.

HTTP To HTTP Migration Checklist - Points To Keep In Mind When Migrating Blog From HTTP To HTTPS
Pin this on Pinterest

10 thoughts on “The HTTP To HTTPS Migration Checklist

  1. I need to do this! I saved this to Pinterest so I can go back and do it. I’ve avoided this process because i was not sure i could do it successfully.

    1. Hey Michele, thank you for saving it on Pinterest. Nowadays, it is definitely a good practice to enable SSL for your site as Google has begun marking sites which don’t support HTTPS as ‘not secure’ in the browser’s address bar. If your web hosting company doesn’t support the installation of Let’s Encrypt free SSL certificates, try Cloudflare. You can enable their Universal SSL on your site in one click. Moreover, it’s quick and hassle-free.

  2. I’ve just swapped from http to https and it’s been fairly pain free so far – good to be reminded to check some of these though. I’m still figuring out how to update Google Analytics – but it’s still working fine so I’m leaving it alone for now.

    1. Switched your site from HTTP to HTTPS already? That’s awesome! You’re one good citizen of the internet. Regarding Google Analytics, it will keep working as usual but if you’re a power user you would miss out on some key metrics. That’s the reason why it’s always a good practice to update your preferred protocol (HTTP/HTTPS) of your site from your Google Analytics dashboard.

    1. Hey John, it’s great to hear that you found these key points to remember when migrating your site from HTTP to HTTPS quite helpful. Happy blogging.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.