Congrats, you have finally decided to move your site from HTTP to HTTPS. Google is going to love you, your readers are going to love you and everyone on the internet are going to love you for making the internet more secure and a safer place for everyone. According to Google, HTTPS (Hypertext Transfer Protocol Secure) is nothing but an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and your website. HTTPS is also known as HTTP over TLS or Transport Layer Security. Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection – encryption (all data sent between your server and the users’ browser is encrypted), data integrity (ensures the data is not tampered with), and authentication (ensures your data is not being intercepted).
If you are familiar with search engine optimization best practices, you would have heard already about the preference Google gives to sites which are secure over non-secure websites. In 2014 itself Google announced that it will be taking HTTPS as a ranking signal, that is, it will give your content more preference over your competitors if your site is secure and theirs isn’t. So, let us dive into the HTTP to HTTPS migration checklist for SEO –
Make sure you have installed SSL successfully
SSL (Secure Sockets Layer) is the standard security protocol for establishing an encrypted link between the server and a client, typically between your site’s web server and the user’s browser. You can check if you have installed SSL properly by using the SSL Checker tool.
Note: If you cannot afford the premium SSL certificated, you can install free SSL certificates like Cloudflare’s Universal SSL or Let’s Encrypt’s free SSL. Cloudflare’s SSL doesn’t require you to do anything on your server, whereas for configuring Let’s Encrypt SSL, you need to have access to your server and some technical knowledge. Or, you can totally migrate your website to a new host which supports easy installation on Let’s Encrypt certificates.
Make sure HTTP requests are being transferred to HTTPS
If you are using WordPress, you can use the Really Simple SSL plugin to automatically detect your settings and configure your website to run over HTTPS. Check your site with Redirect Checker to verify that every request to transfer is 301 from HTTP to HTTPS. Here are some other plugins worth checking out which performs the same function on your WordPress site.
Note: Really Simple SSL plugin makes changes to your .htaccess file in your web server. Make sure you take a backup of your .htaccess file before making any changes. I’m including this warning because messing with ‘that particular file’ can make things complicated for you in one click and your website may fail to load.
Make sure all your requests are using HTTPS
Make sure all versions of your website are added to Google Search Console
Let us assume your website address is
http://yourwebsite.com. Now, add it to your Google Search Console. Next, add the WWW version (
http://www.yourwebsite.com) of your website even if it is redirected to the non-WWW version. Now, we have added two HTTP variations of your website but without the SSL. Finally, let us add the HTTPS versions of your website too. Add
https://www.yourwebsite.com and save changes. Finally, don’t forget to set the preferred version which you would like Google to use to display to your organic site visitors. Organic visitors are those people who land on your website from search engines. For a more detailed explanation of this concept, check out this post on Search Engine Land.
Your old HTTP links will be updated with HTTPS in time in Google’s index
All these days Google was serving HTTP versions of your site to your organic visitors. But now that you have added the HTTPS version of your site to Google Search Console and have set it as the preferred version, it will start updating the previously indexed links of your website in search engine results page (SERP).
Traffic to HTTP version of your website will drop with time
Once Google starts replacing SERP links to your site with secure versions, traffic (number of requests) to your non-secure HTTP version of your website will start falling. It is at this time that the total traffic to your website will take a hit.
You will see an increase in HTTPS traffic in your Google Search Console
Since we have set HTTPS as the preferred version of your website in Google Search Console, you will notice that the number of HTTPS requests to your website is on the rise, thanks to the falling number of requests to HTTP versions of your website. It is at this stage that your site will slowly get back to where it was prior to migrating your site from HTTP to HTTPS.
Don’t forget to change to HTTPS in Google Analytics
Don’t bother about this if you are not using Google Analytics (which you should) to track your website’s analytics. Migrating your website from HTTP to HTTPS will cause some confusion and wrong data to be displayed in your Google Analytics reports. This is due to referral loss which causes a spike in your direct traffic. To fix this problem, just update your default URL in the property settings from your Google Analytics account. Also, you should re-authenticate the HTTPS version of your site in your Google Search Console to your Google Analytics account.
Make sure your new sitemap supports HTTPS and submit it to Google Search Console
I hope you know what a sitemap is as every website on the internet needs a sitemap. A sitemap is an XML file that lists all the pages of your website. It tells search engines how your content is structured on your site. Also, it makes it easier for search engine bots to crawl your website. So, make sure you have got one and that it loads over HTTPS properly. If you are using WordPress, you can use the Yoast plugin to generate your sitemap for free. You can read more information about XML sitemap over here. Also, don’t forget to submit the new sitemap to Google. You can do it from within your Google Search Console under the sitemap tab.
Update all your social media About Us links to HTTPS
Replace all links to your website on your social media accounts to reflect the changes. That is, add the HTTPS version of your website instead of the old HTTP version.
Use Google Search Console’s Fetch And Render tool to verify that your site is being crawled fine
Using Google’s powerful fetch and render tool, you can see how Googlebot renders your page. It will show you a visual representation of how Googlebot sees your page. This is one important tool that many web developers and SEO specialists rely on. Read why Google’s fetch and render tool is important from this article by SEMrush.
Keep an eye on your current Google Search Console errors
Since you have migrated your site from HTTP to HTTPS, be ready to embrace the errors you’re about to be bombarded with. Keep an eye on these errors and try to fix them. Most of these errors should get resolved on its own in a month’s time if you have properly followed the above points. If you’re not sure about the error message, just leave a comment below this post and I’ll get back to you.
If you’re using CDN, change its configuration accordingly
Most of us are aware of what CDNs are and how they can help secure and boost your website. Previously you would have configured to work with your HTTP site but now that you have migrated your site to HTTPS, you need to reflect the changes in your CDN dashboard too. Else, it won’t serve the images requested by your new secure site. The internet works in a different way and HTTP requests & HTTPS requests are not the same.
Check your site for different devices and locations
Sometimes, migrating your site from HTTP to HTTPS can break a few things unexpectedly. So, it is your duty to check that your website is loading properly for everyone. Make sure you use different devices like laptops, smartphones, and tablets from different network locations to check if your website is loading properly. You can also use tools like Website Availability Test, Global DNS Propagation Checker or GeoScreenshot to assess the same.
Thus I hope that you found this checklist for switching to HTTPS quite useful and that it helped you in migrating your website from HTTP to HTTPS without any hassle. If you’re facing any problem, just leave out a comment below and I’ll get back to you with a proper solution.