You may be thinking to migrate from HTTP to HTTPS, but unable to proceed because of the cost of an SSL certificate or the fear of site break. Let me assure you, after going through this post, both of the apprehensions will evaporate, and you can have a smooth migration from HTTP to HTTPS.
In this article, we will cover the following topics:
1. Why should we migrate a website from HTTP to HTTPS?
2. What is an SSL certificate?
3. Procedure to accomplish HTTP to HTTPS migration.
Why should we migrate a website from HTTP to HTTPS?
As per the latest survey, only 30% of the top 100,000 domains are secure. This figure was 10% in June 2016. The Significant rise in the secured domains can be attributed to the efforts by Google who is pushing hard to make the World Wide Web safe.
Find below some benefits that secure sites enjoy over the unsecured ones:
i) Encryption
Data exchange between a secure (HTTPS) website and a user–browser is encrypted, which makes it safe and secure from eavesdroppers. It means the man in the middle cannot listen, track or steal the data being exchanged.
ii) Data Integrity
The data being transferred cannot be modified.
iii) Authentication
The visitors can trust they are accessing a verified original website. They can even view the certificate attached to the secure site to gain confidence.
iv) Performance
Most of the web hosts have rolled out a new network protocol — HTTP/2. All current browsers and CDN support it. This protocol can significantly boost your website speed. The first requirement to enable HTTP/2 is an SSL certificate installed on your site.
Although I have migrated from HTTP to HTTPS, I am unable to use HTTP/2 protocol. As per Godaddy –my web host, I am using shared hosting where this feature is not provided.
v) Search engine ranking
Google has announced that HTTPS is now a lightweight ranking signal. Therefore, secure your site and get a boost to its ranking.
You may like: Why you need a child theme? Find the easy way to install it.
What is an SSL Certificate?
Expansion of SSL is Secure Socket Layer, whereas, an SSL certificate is a small data file. After getting installed, it enables green padlock and HTTPS protocol on a website. It also creates an encrypted connection between a site and a visitor’s browser and the website URL changes from HTTP to HTTPS.
Types of SSL Certificates
Three types of SSL certificates are — i) Domain Validated certificates (DV), ii) Organization Validated certificate (OV) and iii) Extended Validation certificates (EV).
Domain Validated certificates
The certificate authority (CA) issues a domain validated certificate once it completes the verification of a domain owner. The applicant must own the domain for which the certificate is applied. No other details like the company information, etc. are asked of the applicant.
Most of the bloggers use this certificate. It is quite cheap and CA issues it within a day. Such certificates are available under $10/year.
Organization or Business Validated Certificate
The CA verifies the domain ownership and the business or organization documents of the applicant before issuing the certificate. This certificate is costlier than the domain validated certificate. The applicant receives it within 1-3 days of applying.
Extended Validation Certificate
Before issuing the EV (Extended Validation) certificate, the CA verifies domain ownership, along with detailed verification of business records related to legal, physical & operation existence. This is the costliest certificate, and it takes about ten days for the CA to issue.
Note: If you need an SSL certificate for free, you can visit Let’s Encrypt. But, you need some technical knowledge to exercise this option.
Procedure to accomplish HTTP to HTTPS migration
Take full back up of your website
Always take back up of your site before making any changes to it. You may require it in case of any site break which may happen during the migration of HTTP to HTTPS.
I took the site back up on 09-09-2017 before applying for the SSL certificate on the same day evening.
Buy an SSL certificate
Many companies are offering SSL certificates including Comodo, IdenTrust, Symantec, etc. But I recommend you buy the certificate from your Web Host as it will provide technical help in the implementation process. For example, my Web Host is Godaddy, and I bought the certificate from it.
In case you want to buy it from some other source, you may refer the article Top 10 Cheap SSL Certificate Providers for guidance.
Install the certificate
Instructions in the rest of this article presume you have your domain, web hosting, and SSL certificate from Godaddy.
Log in to your account at Godaddy and navigate to my products > SSL certificates > Standard SSL. Follow the guidelines in this video.
After verification of your domain ownership, Godaddy will issue the certificate and send you an email in this regard. You will not need to install it as the web host will do it.
You may like: Tips to save money on Web Hosting renewal of your website
Update internal links to HTTPS
From the dashboard of your admin page, navigate to Settings> General Settings. Change the WordPress Address (URL) and Site Address (URL) from HTTP to HTTPS. Similarly, modify all internal links to your web pages and images.
Also, update all the installed plugins to have your new URL.
Special Note on the problem I faced
After updating the General Setting, when I tried to save, it didn’t save. I logged out of the Admin page to log in again. This time also settings did not save. I waited for an hour before trying again to log in. Here came the shock — WordPress did not accept my password. I knew something wrong had happened.
I was confident I didn’t make any mistake. So I called up Godaddy helpline. The customer care asked me to wait for 24 hours to 48 hours for the SSL certificate to take effect. I was adamant and asked them to provide me access to my admin page. She (customer care) asked me to change the Nameservers setting to default as it had been set for CloudFlare servers. This trick also failed. I contacted the helpline three more times, and every time they told me to wait for 24 hours to 48 hours. Although I was not convinced, still I waited until next day morning.
All of a sudden, an idea struck me in the morning, and it solved the problem. I searched the root directory of my website for the files that had been modified recently. I found the file; it was .htaccess file. I compared this file with the backed-up file on my computer. It was discovered that Godaddy had replaced the original .htaccess file with a new one with three lines of codes. I re-installed the original file from my back up and got the access to the admin page.
Then I proceeded to update all the internal links to HTTPS successfully.
Add 301 Redirects
Godaddy adds 301 redirects to the .htaccess file at the time of issuing the certificate.
For Apache web server, ensure the following entry in the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]This step sets permanent redirect to all the URLs from HTTP to HTTPS. Furthermore, it passes nearly all the link juice of HTTP web pages to https web pages. In other words, it preserves the SEO ranking.
If you are not sure how to modify this file, then watch this video.
Install SSL certificate on CDN
If you are using CloudFlare CDN, you should set SSL setting to full. For other CDN sites, you need to refer their documentation for installing the certificate.
Update Google Search Console
Now you have migrated from HTTP to HTTPS; it is time to add a property in the Google search console. Start your website URL with https and proceed.
Submit Sitemap
Submit your new sitemap with https URL to Google Search console. See the image below:
Update Google Analytics
Update your default URL at Google Analytics as seen in the image below:
Fetch
Fetch and render all pages and posts for quick indexing by Google. Otherwise, Google may take weeks to crawl all contents.
Submit your disavow file again
Earlier if you submitted a disavow file (to Google) to recover from negative SEO, then after migrating to HTTPS, you need to submit it again.
Final Words on HTTP to HTTPS migration
You can see it requires careful effort to migrate from HTTP to HTTPS. But, when you consider the benefits you will realize it is worth making such efforts.
If you face some unexpected problems during the migration process, revisit the above points to resolve them.
