Google Chrome has already started raising a red flag for all the HTTP websites with the “Not Secure” tag from 24, July 2018. This initiative can be identified as one of the biggest landmarks concerning digital security, prompting businesses to migrate from HTTP to the more secure HTTPS protocol.
Along with safety, the HTTPS protocol promises better web performance, a provision to incorporate SEO to enjoy better Google rankings and also to build credibility to your website.
To derive all the above benefits, you have one practical option and that is to migrate from HTTP to HTTPS. For all those who are yet to initiate this migration, here is a complete “to-do” guide that you can quickly refer to and get going.
Table of Contents
- #1 The SSL Certificate – A Mandatory Instrument For HTTPS Migration
- #2 Set Up Permanent 301 Redirects
- #3 Keep An Eye on Numerous Redirects
- #4 Migrate All Hard-Coded Links To HTTPS
- #5 Update All Your AJAX Libraries Or Custom JS to HTTPS
- #6 CDN To Be Migrated from HTTP to HTTPS
- #7 Fix All Your Mixed Content Issues
- #8 Create a New Google Search Console Profile
- #9 Preserve Or Abandon Your Historical Social Media Data
- Closing Thoughts
#1 The SSL Certificate – A Mandatory Instrument For HTTPS Migration
First and foremost, the migration of HTTP to HTTPS calls for businesses to subscribe to an SSL certificate.
An SSL certificate ensures stronger web security by encrypting all the data that needs to be transported between the browser and the server.
It is an important piece of information to note that Google prescribes businesses to employ a 2048-bit key certificate or others which are stronger. You have 3 different types of certificates to choose from:
- Domain Validation (DV): True to its name, a DV certificate provides DNS or email validation for a single domain or subdomain.
- Extended Validation (EV): This certificate offers the highest form of SSL protection to websites by delivering a legal entity to their software. To obtain an EV certificate, you need to get in touch with a certificate authority (CA) who will completely scrutinize and evaluate your website and then provide you with a green address bar. This green mark demonstrates to your visitors that your website adheres to the highest level of encryption standards.
- Business/Organization Validation (OV): OV certificates, meant for a single domain verify and validate your business. Once given out, you will be able to build a lot of trust amongst your visitors offering them a higher level of web security.
After getting to know the different types of SSL certificate, the next question that will come up in your head is how to get an SSL certificate. Here is the step-by-step guide that will help you order an SSL certificate and enable it.
- You need to first own a dedicated IP address which will ensure that all the web traffic will be exclusively directed to your website. If your webhost supports SNI (Server Name Indication) you don’t need to have a dedicated IP but not all browsers support SNI.
- Next, you need to select and buy an SSL certificate that matches your business needs (DV, EV etc).
- After that, you need to activate the certificate.
- The next step is to install the certificate by pasting it on to the control panel of your web host. Before that, you need to get a CSR code and RSA key from the SSL provider to sign your certificate file.
- You also need to verify whether everything is in order. SSL Certificate Check is the tool that can come handy to check your certificate.
#2 Set Up Permanent 301 Redirects
Once the verification of your SSL certificate is completed, it is time to permanently redirect all the HTTP traffic to HTTPS. Regarded as a crucial step, this redirection from HTTP to HTTPS will permit all your visitors to make the most of the secured HTTPS protocol.
You have two alternatives here. You can either select a plugin (if you are using WordPress for example) or you can initiate the migration via the server.
If you are using the Apache Web Server you can use the .htaccess file to set up 301 redirects. But for those who are running their WordPress sites, you can effortlessly rely on the Really Simple SSL plugin.
This plugin takes care of all the related tasks including setting up the 301 redirects, changing the main domain to HTTPS and transforming all the database links to HTTPS. This redirection will restrict all your web pages to be visible on both the HTTP and HTTPS versions, thus avoiding the duplication of content.
#3 Keep An Eye on Numerous Redirects
After you have completed the ‘redirect’ procedure from HTTP to HTTPS, you should keep a watchful eye on multiple redirects as too many redirects can slow down your site and hamper its performance.
An incorrect redirect will result in duplicate HTTPS redirects reflecting on both the ‘www’ and ‘non-www’ versions. Since these two versions confuse the search engines, such an occurrence is best avoided.
#4 Migrate All Hard-Coded Links To HTTPS
Despite changing your main URL to HTTPS, you may find that some of the static content still need to be secured. You may encounter the below situations that need to be addressed.
Internal Links: When you don’t change the internal links from HTTP to HTTPS, you will face a ‘mixed content’ warning. This prevents the appearance of the green padlock, despite securing your website with a valid SSL certificate.
While the ‘Really Simple SSL plugin’ and ‘.htaccess file’ help you change the links that are identified via the database, you need to physically identify the internal HTTP images and URLs. After that, you can go about editing these files, replacing all the HTTP links with HTTPS.
Hreflang Tags: You should be mindful of the hreflang tags and check them in the source of the website to ensure that they point to the right HTTPS counterpart.
Canonical Tags: Devastating results crop up if you missed out on canonical tags. Although your migrated website is linked to the HTTPS protocol, there can be an instance when the canonical tags point to the earlier HTTP version.
#5 Update All Your AJAX Libraries Or Custom JS to HTTPS
You now have to move on to updating your external libraries or custom scripts so that they point to the secured HTTPS versions. You need to ensure that all the third party hosted scripts are included in this exercise so as to avoid the red flag of ‘mixed content’ warning. In the event you are making use of Google’s jQuery library, you should ensure that you update it to the HTTPS CDN through this link:
#6 CDN To Be Migrated from HTTP to HTTPS
In order to avoid mixed content warnings to show up on your website that runs on a CDN, you should also look at migrating your CDN to HTTPS. To perform this, you can also take the assistance of your CDN provider who will address all the issues concerning migrating from HTTP to HTTPS.
#7 Fix All Your Mixed Content Issues
The next thing that you need to do is to perform a final check on your website to identify any mixed content warnings.
Such warnings arise when you are attempting to load both the HTTP and HTTPS content or scripts. Different browsers like Chrome, Firefox and Internet Explorer show up mixed content warnings. You cannot load both the versions after you migrate to HTTPS. That means, post migration, everything should be in line with the HTTPS protocol.
Content in the form of internal images, audios and videos along with web fonts, Open Graph tags, Structured Data and other internal links are all the resources that should either operate with a relative path or through an absolute HTTPS URL. You need to perform a thorough check whether all these assets deliver what they are meant for.
#8 Create a New Google Search Console Profile
After you are sure that your website is running on the HTTPS protocol without any warnings, you need to look into the marketing and SEO aspect.
So, the first step here is to create a new Google Search Console profile for the new HTTPS version (for both WWW and non-WWW versions).
After the new HTTPS version has been created, you should re-submit all your sitemap files so that they are in sync with the HTTPS. You can also check out Bing Webmaster Tools in addition to Google.
#9 Preserve Or Abandon Your Historical Social Media Data
Your previous HTTP site might have some historical social media data of utmost importance to your business.
But you have a choice whether to retain or abandon past data. In an attempt to preserve all such pages which had buttons that allowed you to share social reviews, you should cross-check whether the earlier pages are now HTTPS-compatible.
While you can retain the numbers connected to HTTPS-friendly pages, you need to reset others which are incompatible to HTTPS to zero. You might have to take this drastic step of abandoning past data so as to maintain the elegance of your HTTPS website.
Businesses looking to secure the crucial information of their websites will also improve their search rankings when they migrate from HTTP to HTTPS. Provided you tick all the above-mentioned pointers, the somewhat tricky ordeal of migrating from HTTP to HTTPS can be simplified with this exhaustive checklist. It is then that they will start enjoying the benefits of HTTP to HTTPS migration, as the days go by.