ssl certificates

HTTP to HTTPS migration – everything you need to know

Digital marketers might not always see eye to eye with Google, but the security of users has always been the common cause for both sides.

HTTP/2 offers numerous performance benefits and now is the best time to consider moving to HTTPS, due to additional security, as well as SEO advantages.

The reasons behind the migration

Though security is highly stressed when talking about the web experience, the fact is that there are more reasons for the transfer to HTTPS.


According to Velocity, Mozilla and Load Impact, users expect to see between 50 to 70% reduced load time from websites optimized and delivered over HTTP/2 than over HTTP/1.1. In order to reap the benefits of the HTTP/2 performance, you have to run over HTTPS due to browser support.


In 2014, Google’s ex-software engineer announced that the SSL certificate represents a slight ranking signal that is expected to strengthen over time. Three years later, we are seeing it significantly affect the rankings of a particular website. Current statistics show that exactly 15% of all the websites are using HTTP/2, and this number is expected to rise in years to come.

Referral data

One other reason for migration is the fact that Google Analytics blocks HTTPS to HTTP data. This means that if your website is running on HTTP and you have traffic coming from other websites which run on HTTPS, the referrer data gets lost completely and traffic ends up under direct traffic – in the long run, this is far from helpful for those who are focusing on devising a strong digital marketing strategy. On the other hand, if you optimize your website for HTTPS and users are going from another HTTPS website to yours, the referrer is passed.


The aspect of security could not be stressed enough, especially when it comes to eCommerce websites. Namely, as they are processing large amounts of sensitive data, not running over an SSL certificate means that users’ usernames and passwords are sent over the Internet in clear text, what makes information like usernames, passwords, and credit card information easy to access to.


With almost 80% of the Internet users expressing concern for their online safety, SSL certificate can help you build trust with your visitors. GlobalSign reports that almost 30% of users take notice of the green address bar since they want to be 100% certain their data is protected.

Step by step migration guide

Taking all of the above into consideration, it is evident that the migration to HTTPS comes with a multitude of benefits across various domains. The following segment of the article represents a detailed guide on how to migrate your website from HTTP to HTTPS and enjoy the perks that come with it.

1.     Get an SSL certificate

An SSL certificate is a small data file which binds a key to the details of a particular organization. Once you install it, it will activate the HTTPS protocol and enable the secure connection between the server and a web browser. There are 3 primary types:

  1. Domain validation – one domain or subdomain that includes only email validation, no additional paperwork. It is cost-effective and can be issued in a few minutes.
  2. Organization/business validation – one domain or subdomain which involves business verification, thus providing a higher level of security and is issued within 1 to 3 days.
  3. Extended validation – one domain or subdomain which includes business verification, thus providing a higher level of security and is issued within 2 to 7 days. With this certificate comes a green address bar.

When it comes to trust indicators, you can choose from two types:

  1. Extended/organization validation – shows the name of your company or organization in the address bar and is a more expensive certificate.
  2. Standard domain validation – shows a green padlock in the address bar and is a more affordable option.

2. Installing an SSL certificate

The installation process depends on the software you are running. For this reason, it is essential that you establish on which platform your website is running and approach the installation accordingly. For more information, check out this link.

Once your certificate is installed, it’s advisable to check whether there are any issues, by using SSL Labs Server Test or SSL Certificate Check.

3. Update hard-coded links

Relative URLs are always a better option, but at times when there are hard-coded URLs, you’ll need to clean your website and database when migrating from HTTP to HTTPS.

Again, the process will differ depending on a platform, but for the purpose of this article, you’ll learn how to update your link in WordPress. Using Database search and replace script in PHP, you can run update queries on your own. Still, note that there are many metadata fields and tables, so it’s possible to miss some if you don’t have an exact list. It is advisable to backup your database to be safe, as this script grabs your local database credentials. Place their program into the root of your website using FTP and browse through it in your browser. Then simply insert what you wish to replace and ensure you enter all formats you’ve mixed and matched over the years.

Next, it’s best to choose dry run in order to see what will be updated or replaced, and after that click on live run. After this, all the entries in your database will be updated, including hard-coded links on posts and pages, WordPress site URL, canonical tags, and so on.

4. Update custom JS, AJAX libraries

It is essential that all custom scripts are updated to HTTPS, including 3rd party hosted scripts to avoid getting a warning of mixed content. You can use SSL Check tool to scan your website and check whether it contains any non-secure content.

5. Add 301 redirects

301 redirects represent permanent redirect which passes more than 90% of ranking power to the redirected pages. Implementing 301 redirects means that the migration from HTTP to HTTPS will have minimal effect on the current position of your website in SERP.

6. Update robots.txt file

Update all blocking rules or hard-coded links in your robots.txt to ensure there aren’t any left that are pinpointing to HTTP directories or files.

7. CDN setup

Besides the installation of an SSL certificate on a CDN, the rest options may vary between different CDN providers, which is why detailed instructions for those will be listed here.

a)    Install SSL certificate on CDN

When it comes to CDN, you are provided with three options:

  1. Shared SSL – First, choose Zones in your dashboard and click on the manage Choose edit and enable advanced features. Under SSL you’ll have to enable shared so that it redirects HTTP to HTTPS on the CDN and implements 301.
  2. Custom SSL – Requires that you have your own certificate, different from the one you buy for the main domain.

b)    Origin URL update

c)     HTTP/2 support

d)    Hardcoded links update to HTTPS

8. SEO

Given that by now your website is entirely migrated to HTTPS and that your entire URL structure is changed, in order to keep your rankings and search traffic, intact there are a few important things that need to be done.

Basically, this is like adding your website to Google Search Console for the first time, it’s just that this time you’re adding the same property with different values. After creating a new property, submitting the newly built HTTPS sitemap is the next step. To accelerate the entire process manually, submitting the pages of your website for crawl is a viable option.

In the end, what’s left is to re-upload the disavow file (that is if you had one).

9. Google Analytics

Changing to HTTPS in Google Analytics is far simpler than with Search Console. Just head to Analytics website, and under your admin options open settings and change the default URL option from HTTP to HTTPS.

In the end, make a list of all the tools you use to manage/market your website and update any necessary setting that might be affected by the new HTTPS address.

Mind you, there are many things that can go wrong in the process of migrating a website from HTTP to HTTPS, and if there is even the slightest grain of doubt in you that you can’t perform this yourself, the best way to mitigate any possible wrongdoings would be to go to with a professional small business website design company. People like that have performed countless migrations and are guaranteed to save your data and traffic.

If you are still in doubt with the benefits of having an SSL certificate and are not sure which provider to choose from, check out this article from our partner website. Webmaster.Ninja – Benefits of SSL

Image source: Flickr – Yuri Samoilov

Blake Davies

Post a Comment

Your email address will not be published. Required fields are marked *