How To Move HTTP To HTTPS – Step By Step Guide
Google has declared that HTTP sites are ‘not secure’. This created an urgency among sites to move to HTTPS from HTTP. If not, the browser will provide a warning message to the accessing customer, when they enter a site. The chances of a customer choosing to do business with such a website becomes quite tricky. Since 2014, Google is trying to create a secured internet by making HTTPS as a ranking factor. Who doesn’t want to be ranked as a top search in Google?
Back to the topic, are you planning to migrate from HTTP to HTTPS? Only a small percentage of websites are still dwelling in HTTP and allowing their competitors to steal their customers and potential buyers. If you are one of that minority group, this is the article for you.
The first step is to get an official security certificate. Install that certificate into your server. The type of security certificate depends on the server setup, hosting agency and so on. You can also find open and free SSL certification authorities to help you with this.
Deal with mixed content
What is a mixed content? It is the scenario where, the page gets loaded in HTTPS but the elements in the page like scripts and images gets loaded over HTTP. It might not look like a serious problem, at beginning. If left so, the HTTP elements will weaken the security of the entire page, making your site vulnerable to hacking. The simplest way out of it is to update all the resources in your page to HTTPS. This will be done via find-and-replace database query.
On the other hand, you can also user CSP directive upgrade-insecure requests, which will automatically make the browser request for a secured version of every HTTPS element of the page. For external elements like plugins, CDNs and others, manual testing and configuration will be required.While dealing with externally controlled resources, you can request it from another host, if possible or, directly host it from your site or, just exclude it from your site.
Update external link redirects
There is a reason to why SEO is called as the blood of your website. Every link chosen by your domain should be updated. If not, all the redirect from external links will jump from old to new structure and then from HTTP to HTTPS. These unnecessary steps might make Google not pass the ranking signals, effectively. This will reduce your visibility in the internet.
The first step is to audit every backlink you have to make sure that they have one redirect step to move to the live page. To do so, use any tool like Google Search Console or others to have all the backlink date. Now, check whether the pages get loaded based on the following requirements.
- Links, which return 4XX should be mapped to a securer version of the active page of your site.
- The links, which go through multiple steps,should be updated to move to the right destination.
HTTPS for redirects
This step varies with the type of your platform. For platforms like Magento, WordPress and others, this step can be done automatically via the admin panel. For other platforms, you need to update your webconfig file or .htaccess file using a rule redirect. However, it should be well documented.
While using rule direct, the most common issue is the separate requirement for forcing HTTPS. This will lead to chains in redirects. You need to follow the previous step to make the redirect point the right destination page in one-step.
Just forcing HTTPS will not increase the security of your site. Your unsecured version can be easily loaded and hackers could use it to force their way into your site. Thus, HTTPS Strict Transport Security A.K.A HSTS should be used. It is a web server directive, which makes all the requested resources to be loaded via HTTPS, only. For this, you would need an authorized SSL certificate for your site and all the subdomains. You would also need to add a new set of codes to your .htaccess file or webconfig file.
Online certificate status protocol
OCSP is an additive to the certification revocation list. The browsers check the CRL to kind about any issues pertaining with SSL certificate of the server. While doing so, the browser will download the entire list and compare it. This will consume bandwidth, which is bad for speed and accuracy of the site. To avoid this OCSP will query only the certificate required and provides a grace period, if the certificate of the site has been expired.
Hypertext transfer protocol is a list of rules, which governs the web to deal with formatting messages, which are submitted between the browser and the server. HTTP/2 helps in increasing your performance and allows you to process numerous requests, simultaneously. It is said that the load time of the site with HTTP/2 is improved 50 to 70% than HTTP/1.1.
Updating HREF LANG, XML site map, sitemap reference and so on
Make sure sitemap reference of robots.txt, HREF LANG, XML sitemap, canonical tags and others are updated to point to HTTPS destination page. If you fail to do so, you would gradually lose visibility in the internet.
Google Search Console
GSC (Google Search Console) is a free tool, which will help webmasters to work with subdomain level. After migrating to HTTPS successfully, if you fail to create a new account, the information of your GSC will not be shown in the live site. Thus, it is essential to set up HTTPS GSC profile and upload disavow file to it. This will increase the security of your site.
In addition, you need to set up the parameter settings in the GSC account, allowing the Googlebot to crawl your site effectively. In simple terms, update all the site information in GSC account.
Change URL with social media, email and others
Last but not least, you need to update your links with apps, social media, messaging service providers and others to make sure that the users are not redirected unnecessarily.
While migrating to HTTPS, it is safer to perform the process in a test environment, first. You might find many potential bugs at first. There is no rush into moving to HTTPS with bugs. According to survey, the sites, which are successful in migration, are the ones, which followed all the protocol and tested every step prior to going live. Do not cut any corners during the process. Are you not savvy with the technical part? There are numerous service providers, who will help you move from HTTP to HTTPS. Hire the right service provider to help you with the migration.