So, without further ado…
How To Move From HTTP to HTTPS (SEOs Checklist)
#1 Start With A Test Server
A ‘rehearsal’ on a test server is very wise, especially for larger sites. Everything can be tested before you push live. Make sure your dev gives you a test server environment to check everything first.
#2 Check Server Documentation for Specific HTTPS Requirements
Although most HTTPS switching processes are standard across most servers it is a great idea to read the specific documentation as there may be some slight differences/quirks in your server setup you’ll have to address.
#3 Get A Security Certificate & Install it On Your Server
Getting a security certificate is down to personal preference but there is a free version ‘Let’s Encrypt’ that can be installed on your server, and paid versions such as ‘Digicert’. The differences between free certificates and paid are explained well here.
#4 Update Settings on CMS
There will be an option somewhere on the CMS to update the site settings, including the URL. WordPress makes it really easy to change to HTTPS. Other CMS and platforms have similar settings
#5 Update All References of HTTP to HTTPS Within Content + Code
This can be a laborious manual task, especially for larger sites, but this can typically be done with a search and replace on the database or through plugins like Better Search Replace. All internal links and images should be switched over.
#6 Update All References Of HTTP to HTTPS within Plugins, Scripts and Templates
Depending on your specific situation, your website may have plugins, scripts or templates that are run on a regular basis. Ensure that these are all updated to HTTPS otherwise the next time they run, it could break something. This includes forms, tools and apps that may run on your website.
#7 Update Canonical Tags
Your CMS platform should already have this covered, but double check that your canonical tags are working as they should be after the switch.
#8 Ensure a 301 Redirect For All URLs In Config File
Making the switch to HTTPS in .htaccess or your server config file is pretty standard, but we SEOs care about how they have been redirected. We of course need them to be 301’d. Show your dev this .htaccess redirect generator so that they can 301 all URLs.
#9 Update Your Analytics Settings
Whether you’re using Google Analytics or another platform, you should have a setting to change the URL. This will ensure all tracking is running smoothly after the switch. Don’t forget to change the URLs of goals too.
#10 Update Webmaster Tools
You’ll have to create a new profile in Webmaster tools with your new HTTPS URL. This will ensure accurate stats and tracking and business as usual within WMT.
#11 Update Advertising Profiles
Ensure that all advertising profiles have the correct URLs for ads and goals. Whilst they will all still redirect fine, it will ensure there are no issues/bugs. Plus, you get the added ‘secure’ factor for your ad URLs.
#12 Update Social + Directory Profiles (Instagram, Facebook, Twitter…)
You’ll need to go through all of your social and web directory profiles and ensure all HTTP references are now HTTPS. Whilst it’s not important to update old posts, ensuring your static ‘web address’ setting within your profile is updated is good practice.
#13 Update Other External Tools
If you’re anything like us, you’ll have a whole array other software such as split testing tools, heat mapping, live chat and more. Ensure all of these tools have the correct settings for your URLs otherwise you may run into bugs.
#14 Run A Site Crawl With Screaming Frog
Finally, use a tool like Screaming Frog to run a crawl on your website to ensure there are no errors, broken links or images.
Should I Update All Of My Old Links to HTTPS?
So you’ve been link building for a few years, and all of your old links are still HTTP. Should you go and contact all of the webmasters and have it updated to HTTPS?
Our short answer. No. As long as your URLs all 301 redirect to your new HTTPS URLs as discussed in point 8, this should pass the value. We deem it too risky, and a potential waste of time to go through old links and update. If all of your old links change within the same time period this could trip a filter.
Why Move To HTTPS Anyway?
It’s happening! All HTTP pages will be marked “not secure” as of Chrome 68 ? https://t.co/eD2RsuYudM
— Google Webmasters (@googlewmc) July 24, 2018
#1 Google Said So
Google have given us several reasons to move to HTTPS, but the main reasons are Encryption, Data Integrity and Authentication. This just means an overall more secure site for users, which is especially important when handing over sensitive data. Bear in mind, your site may still be vulnerable to attacks and hacks, the HTTPS doesn’t solve and secure everything.
#2 Security Warnings in Chrome
Google are now issuing security warnings in Chrome. This could cause issues of trust with visitors.
#3 Ranking Improvements
As discussed above, Google are actually admitting to ranking improvements when switching to HTTPS.
#4 It Looks Better + Helps Trust/Conversions
Let’s face it. HTTPS in the URL just looks better. We’ve already covered the trust this helps build, and this in turn can help with conversions.
So there you have it. That was our guide on switching to HTTPS for SEOs, we hope you found it useful, and if you have anything to add, or any questions at all, simply contact us.
Last Updated on