Migrate from HTTP to HTTPS: Raise security and search engine ranking

Migrate from HTTP to HTTPS
You may be thinking to migrate from HTTP to HTTPS, but unable to proceed because of the cost of an SSL certificate or the fear of site break. Let me assure you, after going through this post, both of the apprehensions will evaporate, and you can have a smooth migration from HTTP to HTTPS.

In this article, we will cover the following topics:
1. Why should we migrate a website from HTTP to HTTPS?
2. What is an SSL certificate?
3. Procedure to accomplish HTTP to HTTPS migration.

Why should we migrate a website from HTTP to HTTPS?

As per the latest survey, only 30% of the top 100,000 domains are secure. This figure was 10% in June 2016. The Significant rise in the secured domains can be attributed to the efforts by Google who is pushing hard to make the World Wide Web safe.
Find below some benefits that secure sites enjoy over the unsecured ones:

i) Encryption

Data exchange between a secure (HTTPS) website and a user–browser is encrypted, which makes it safe and secure from eavesdroppers. It means the man in the middle cannot listen, track or steal the data being exchanged.

ii) Data Integrity

The data being transferred cannot be modified.

iii) Authentication

The visitors can trust they are accessing a verified original website. They can even view the certificate attached to the secure site to gain confidence.

iv) Performance

Most of the web hosts have rolled out a new network protocol — HTTP/2. All current browsers and CDN support it. This protocol can significantly boost your website speed. The first requirement to enable HTTP/2 is an SSL certificate installed on your site.

Although I have migrated from HTTP to HTTPS, I am unable to use HTTP/2 protocol. As per Godaddy –my web host, I am using shared hosting where this feature is not provided.

v) Search engine ranking

Google has announced that HTTPS is now a lightweight ranking signal. Therefore, secure your site and get a boost to its ranking.

You may like:  Why you need a child theme? Find the easy way to install it.

What is an SSL Certificate?

Expansion of SSL is Secure Socket Layer, whereas, an SSL certificate is a small data file. After getting installed, it enables green padlock and HTTPS protocol on a website. It also creates an encrypted connection between a site and a visitor’s browser and the website URL changes from HTTP to HTTPS.

Types of SSL Certificates

Three types of SSL certificates are — i) Domain Validated certificates (DV), ii) Organization Validated certificate (OV) and iii) Extended Validation certificates (EV).

Domain Validated certificates

The certificate authority (CA) issues a domain validated certificate once it completes the verification of a domain owner. The applicant must own the domain for which the certificate is applied. No other details like the company information, etc. are asked of the applicant.

Most of the bloggers use this certificate. It is quite cheap and CA issues it within a day. Such certificates are available under $10/year.

Organization or Business Validated Certificate

The CA verifies the domain ownership and the business or organization documents of the applicant before issuing the certificate. This certificate is costlier than the domain validated certificate. The applicant receives it within 1-3 days of applying.

Extended Validation Certificate

Before issuing the EV (Extended Validation) certificate, the CA verifies domain ownership, along with detailed verification of business records related to legal, physical & operation existence. This is the costliest certificate, and it takes about ten days for the CA to issue.

Note: If you need an SSL certificate for free, you can visit Let’s Encrypt. But, you need some technical knowledge to exercise this option.

Procedure to accomplish HTTP to HTTPS migration

Take full back up of your website

Always take back up of your site before making any changes to it. You may require it in case of any site break which may happen during the migration of HTTP to HTTPS.
I took the site back up on 09-09-2017 before applying for the SSL certificate on the same day evening.

Buy an SSL certificate

Many companies are offering SSL certificates including Comodo, IdenTrust, Symantec, etc. But I recommend you buy the certificate from your Web Host as it will provide technical help in the implementation process. For example, my Web Host is Godaddy, and I bought the certificate from it.

Install the certificate

Instructions in the rest of this article presume you have your domain, web hosting, and SSL certificate from Godaddy.

Log in to your account at Godaddy and navigate to my products > SSL certificates > Standard SSL. Follow the guidelines in this video.

After verification of your domain ownership, Godaddy will issue the certificate and send you an email in this regard. You will not need to install it as the web host will do it.

You may like:  Tips to save money on Web Hosting renewal of your website

Update internal links to HTTPS

From the dashboard of your admin page, navigate to Settings> General Settings. Change the WordPress Address (URL) and Site Address (URL) from HTTP to HTTPS. Similarly, modify all internal links to your web pages and images.

WordPress URL
Also, update all the installed plugins to have your new URL.

Special Note on the problem I faced

After updating the General Setting, when I tried to save, it didn’t save. I logged out of the Admin page to log in again. This time also settings did not save. I waited for an hour before trying again to log in. Here came the shock — WordPress did not accept my password. I knew something wrong had happened.

I was confident I didn’t make any mistake. So I called up Godaddy helpline. The customer care asked me to wait for 24 hours to 48 hours for the SSL certificate to take effect. I was adamant and asked them to provide me access to my admin page. She (customer care) asked me to change the Nameservers setting to default as it had been set for CloudFlare servers. This trick also failed. I contacted the helpline three more times, and every time they told me to wait for 24 hours to 48 hours. Although I was not convinced, still I waited until next day morning.

All of a sudden, an idea struck me in the morning, and it solved the problem. I searched the root directory of my website for the files that had been modified recently. I found the file; it was .htaccess file. I compared this file with the backed-up file on my computer. It was discovered that Godaddy had replaced the original .htaccess file with a new one with three lines of codes. I re-installed the original file from my back up and got the access to the admin page.

Then I proceeded to update all the internal links to HTTPS successfully.

Add 301 Redirects

Godaddy adds 301 redirects to the .htaccess file at the time of issuing the certificate.
For Apache web server, ensure the following entry in the .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This step sets permanent redirect to all the URLs from HTTP to HTTPS. Furthermore, it passes nearly all the link juice of HTTP web pages to https web pages. In other words, it preserves the SEO ranking.
If you are not sure how to modify this file, then watch this video.

Install SSL certificate on CDN

If you are using CloudFlare CDN, you should set SSL setting to full. For other CDN sites, you need to refer their documentation for installing the certificate.

Update Google Search Console

Now you have migrated from HTTP to HTTPS; it is time to add a property in the Google search console. Start your website URL with https and proceed.

Add a Property

Submit Sitemap

Submit your new sitemap with https URL to Google Search console. See the image below:

Website sitemap

Update Google Analytics

Update your default URL at Google Analytics as seen in the image below:

update default URL

Fetch

Fetch and render all pages and posts for quick indexing by Google. Otherwise, Google may take weeks to crawl all contents.

Submit your disavow file again

Earlier if you submitted a disavow file (to Google) to recover from negative SEO, then after migrating to HTTPS, you need to submit it again.

Final Words on HTTP to HTTPS migration

You can see it requires careful effort to migrate from HTTP to HTTPS. But, when you consider the benefits you will realize it is worth making such efforts.

If you face some unexpected problems during the migration process, revisit the above points to resolve them.

If you like the post, please share it.

13 Replies to “Migrate from HTTP to HTTPS: Raise security and search engine ranking”

  1. Hi Hari,
    nicely described your own ‘first hand’ experience.
    few Questions which you can answer here and later can add to tour post as well, if you please.
    1) .htaccess – what were those 3 lines and what was their implications?
    2) As you removed the lines, what was the side effect? Why on earth they were added by GD there?
    3) Did you use FTP to see the current file content?
    4) And let readers know pls, how to restore a single file from backup.
    Thanks

    1. Thanks, Anupam Majumdar, for spending time and putting up your points. Pointwise reply follows:
      1. .htaccess — I don’t have those three lines. But, they were altogether different from the recommended code in the post. To add further, I am not a web developer to understand and explain the code.
      2. I did not check the site after removing those three lines (.htaccess file became blank). But I know, if you blank this file, your website will not display anything. GD added the code to facilitate migration from HTTP to HTTPS.
      3. No, I accessed the file through cPanel>file manager>public_html.
      4. Usually, you should use FTP (use Filezilla client) to restore any file from your computer to your website. But, I restored the contents of the original .htaccess file in a different way:
      I decompressed the backup file (on my computer) in a folder and accessed the .htaccess file. Then, opened this file with CodeWriter (Windows 10) and copied all the contents of this file and pasted in the .htaccess file in my website’s root directory.

Leave a Reply

Your email address will not be published. Required fields are marked *