Migrating Website from HTTP to HTTPS

Published On: November 8, 2017Categories: SEO Services

In the modern-day scenario, we don’t just use the internet, but hypothetically live on it. It wouldn’t be wrong to say that we begin and end our day on the internet. When Internet is such a reliable and useful resource in all our lives, we assume it to be safe.

Well! as developers & owners of the website, it our duty to provide a safe atmosphere for our users. In the past there has been a lot of Malware injections, trojan viruses that we have come across. Luckily, these days we are over most of it due to upgraded quality of browsers.
To be realistic, browsers are just containers of that extracts whatever is given by the server. Hence, to make your website more secure and a better place for visitors & prospective customers, it’s important to have a gradual shift from HTTP to HTTPS.

Unsure about what steps to carry out when changing the website from “HTTP” to “HTTPS”?

Follow these easy steps:

1. Set up 301 redirects from HTTP to HTTPS so that search engines are notified that your site’s addresses have changed and so that anyone who has bookmarked a page on your site is automatically redirected to the https address after you flip the switch.

Add the following to your .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

2. SEO: Google Search Console, Sitemaps, Fetch

Now that your site is running on HTTPS you need to create a new Google Search Console profile. Simply click on “Add a Property” and continue with the claiming process.


3. Sitemaps

Sitemaps aren’t required for Google to crawl your site, but they can be useful if you are trying to debug indexing issues or verifying if your images are indexing. If you use them, you will need to resubmit the HTTPS version in your new Google Search Console profile.


4. Fetch

We then recommend doing a fetch and crawl on your new HTTPs site just to get things moving a little faster. In some migrations to HTTPs it takes weeks for Google to re-crawl everything correctly.

Submit your homepage by clicking on “Fetch” and then click on “Submit to index.”


Then choose “Crawl this URL and its direct links.” If you have some very important pages too that might not be connected to your homepage you could also submit them individually for re-crawling.


5. SEO: Resubmit Your Disavow File

This is a step a lot of people forget. If you have ever suffered from negative SEO or have needed to remove a backlink, then you probably created and submitted a disavow file. Because you created a new Google search console profile in step 11, this requires that you resubmit disavow file under the new profile. If you don’t, the next time an algorithm update comes along, you could be facing serious troubles as Google will not see the disavow file.

So head over to the Google Disavow tool under your original Google Search Console profile (HTTP) and download your disavow file.

Then launch the disavow tool again under your new HTTPS site and resubmit your file.


Make sure you see the confirmation message.


6. Update Your Google Analytics Profile URL

Then you need to update your Google Analytics Website’s URL. So, under your account click into Admin and then your view settings. Then flip the URL to the HTTPS version in property settings and view settings. This way you don’t lose any history and can pick up right where you left off.


7. Update references in content.

This can usually be done with a search-and-replace in the database. You’ll want to update all references to internal links to use HTTPS or relative paths.

8. Update references in templates.

Again, depending on how you deploy, this might be done with Git or simply Notepad++, but you’ll want to make sure references to scripts, images, links and so on are either using HTTPS or relative paths.

9. Update canonical tags.

Most CMS systems will take care of this for you when you make the switch, but double-check, because that’s not always the case.

10. Update hreflang tags

If your website uses them, or any other tags such as OG tags for that matter. Again, most CMS systems will take care of this, but it’s best to QA it just in case.

11. Update any plugins/modules/add-ons

To make sure nothing breaks and that nothing contains insecure content. I commonly see internal site search and forms missed.

12. CMS-specific settings may need to be changed.

For major CMS systems, these are usually well-documented in migration guides.

13. Crawl the site to make sure you didn’t miss any links and nothing is broken. You can export any insecure content in one of the Screaming Frog reports if this is the crawler you are using.

14. Update old redirects

Update old redirects currently in place (and while you’re at it, take back your lost links from redirects that haven’t been done over the years).

15. Crawl the old URLs

Crawl the old URLs for any broken redirects or any redirect chains, which you can find in a report with Screaming Frog.

16. Update sitemaps to use HTTPS versions of the URLs.

17. Update your robots.txt

Update your robots.txt file to include your new sitemap.

18. Add HTTP/2 support

Add the HTTPS version of your site to all the search engine versions of webmaster tools that you use and load the new sitemap with HTTPS to them. This is important, as traffic drops are misdiagnosed because we see the traffic in the HTTP profile drop, when the traffic in reality moved to the HTTPS profile. Another note for this is that you do not need to use the Change of Address Tool when switching from HTTP to HTTPS.

19. Update your disavow file

Update your disavow file if you had one for the HTTPS version.

20. Update your URL parameter settings if you had these configured.

21. Analytics:

In your analytics platform, make sure you update the default URL if one is required to ensure that you are tracking HTTPS properly, and add notes about the change so that you know when it occurred for future reference.

We hope the above information is easy and useful and will help implement and showcase a better and more secure web platform for your customers and website visitors.

Share This Story, Choose Your Platform!