How to Migrate From HTTP to HTTPS – A Complete Guide!

Come July 2018 Chrome will be marking HTTP (Hypertext transfer protocol) sites as ‘not secure’ according to the announcement made by Google at the beginning of the year. This is a move that Firefox already executed in 2017, and it has not worked well with small business owners who still use HTTP. Luckily for many, the percentage of those using Firefox is low.

Over 50% of web users use Chrome as their primary browser. From July all these will be greeted with caution whenever they try to access HTTP sites. This will not work in favor of more than 50% of websites that have not switched to HTTPS (hypertext transfer protocol secure).

HTTPS was officially included as a search engine optimization (SEO) tool in 2014. The fact that Google took time to announce this means it is a big deal outrightly. Google never reveals ranking factors to avoid fraudulent people playing with the system.

Any website that takes personal data from the users and truly cares should take security seriously. It is clear that the benefits are way more than the drawbacks. If you are yet to make the switch to HTTPS, you have a few months to do so. Here is a comprehensive step by step guide to help you cross the pond.

Security Acquisition and Server Installation

This is where the journey begins. Security acquisition and server installation depend on your hosting and the settings on your server. What you will need is a security certificate, which will afterward be installed on your server. There are reliable, free, and open certificate authorities that can help you out with this.

Update Every Reference

If you fail to update all the references, there will be mixed content problems whereby the initial content on your site will load on HTTPS while the additional resources like images loading on the insecure HTTP.

This is not a small issue and must be resolved. If you don’t do this, the issue can jeopardize the security of the entire page making it endangered to hacking activities.

The process is a straightforward one. You can do reference updates to a query where you find and replace or use a directive which will enable the browser to request the HTTPS version to make the required updates.

The other resources like plugins must be manually tested to ensure they are safely functioning.

The Redirects on External Links Must Be Updated

A competent SEO firm knows that this tops the list. It is unfortunate that many miss out on this. If redirects are not done, every link obtained by the domain will result in chaining. If it happens then, the redirects will be jumping from the old formation to new before jumping to HTTP to HTTPS.

Your ranking will be affected because the bots will fail to send all the signals used for ranking content because of the unnecessary steps within a sequence of redirects.

There are big domains in the world that have lost their visibility because of this unnecessary redirects that end up causing the bots miss on their function.

If by now you have not channeled your backlinks towards a live page within one redirect then here is a secret to propelling your site for better performance.

The first step is taking all data concerning your backlinks. Next, you will run the referred pages through a website crawler to check the page. Depending on what the crawler tells you, you can take the right action.

If you see 4xx, you will direct them to the secure version of the relevant page. On the other hand, if you see one that goes through plenty of steps before settling on a page, you will need to point them to the right destination page that is secure.

Ultimately, the working ones will be handled by the redirects of HTTP to HTTPS and do not require any action from you.


Compel HTTPS with Redirects

This one also depends on your setup and hosting. WordPress, for instance, will handle this through the admin panel automatically. If your setup is different and you are not getting any help, you will need to update the main configuration files with a rule redirect which will be well documented.

The problem that is commonly occurring with rule redirection is different commands for compelling HTTPS as for compelling www. The result will be chaining which will cause HTTPS to be forced to the second step after www. is added to the URL.

Rule redirects need to be pointed towards HTTPS as their landing place to prevent this problem.

Activate HSTS to Avoid Hacking

HSTS is an acronym that stands for

S – Strict
T -Transport
S – Security

It is a directive by the web server that compels all requests for information to be loaded via HTTPS.

Using HTTPS redirection only leaves a loophole for hackers to penetrate to your site and cause trouble. They can still forcefully load your site via the insecure version. When the HSTS is enabled, this loophole can be sealed leaving the ‘bad people’ no other option.

A valid SSL certification is compulsory in this case and should meet the requirement of all subdomains. This will then need you to add code to your configuration files.

Activate OCSP to Eliminate Inefficiencies Give You a Grace Period in Case of Expiry

OCSP stands for

O – Online
C – Certificate
S – Status
P – Protocol

It is an improvement on the CRL which stands for C – certificate R – revocation L – a list which had to be checked for the security certificate status. With CRL you had to download a list to compare which brought out inefficiency and inaccuracy issues.

OCSP eliminates inefficiencies and inaccuracies by querying the certificate with the problem alone. Another important thing is the OCSP allows you time to acquire another certificate in case of expiry.

Add on HTTP/2 to Increase the Performance

Hypertext transfer protocol is a set of commands that the web uses to format or submit among servers and browsers. HTTP/2 increases the performance of these activities such that you can load multiple pages at a go.

HTTP/2 is estimated to have 50 to 70 percent better loading times than HTTP/1.1.

XML Sitemaps, HREFLANG, Canonical Tags, XML should be Updated in robots.txt

This is one of the points that should have been covered right at the second stage of updating every reference. Since it greatly affects your SEO, we will discuss it to make it clear.

Making these updates is crucial. If you fail to do it, the Google bots will fail to send the necessary signals to the sites you want to be seen. Instead, they will be dealing with double requests leading to their focu156o\s diverting to the wrong pages.

Add Hypertext Transfer Protocol Security to Google Search Console (GSC)

Besides adding HTTP to GSC, you should also make sure the disavow file and URL settings are up to date. GSC is a free tool that every website owner should be taking advantage of. It works at the sub-domain level and yet many ignore it.

Google Search Console, Sitemaps, Fetch

Now that your website is functioning on HTTPS you will need to create a profile on Google Search Console. If your site gives the Google bots a hard time to crawl it is necessary that you add HTTPS to your GSC account and make the settings required to get rid of the inefficiencies. Take this seriously – create a GSC account and make the updates to the information appropriately. You can do this by simply clicking ‘Add a Site’ and add your URL.



Google does not necessarily require sitemaps to crawl your site. However, they can be important when you are trying to debug indexing problems. Again if you decide to use them, you will have to resubmit the new version of the Google Search Console.



It is recommended that you do fetch and crawl to speed up activity on your new site. In some instances, it takes weeks for Google to re-crawl all the content on a site.

First, submit your homepage to index by clicking on “fetch.”


Then select “crawl this URL and its direct links.” If you have other pages that you consider important, you should submit them for crawling individually.


Remember, a failure to create a new account to reflect your shifting to HTTPS will on the other hand not reflect the live status of the GSC account. Your site will also be unsafe because of this.

The problem will aggravate in cases where your site has in the past had toxic backlink issues which needed a disavow file.

Resubmit your Disavow File

Do not forget this step as many do. The fact that you created a current Google search console you must re-submit a disavow file. Failure to submit this will cause trouble when the new algorithm is released because your disavow file will be missing.

Download the disavow file and resubmit it in your newly launched disavow tool under the current HTTPS site. Only settle when you see a message confirming the success.


Update Google Analytics

See the settings in your admin where you change your URL to HTTPS status. This you should also do to property settings.


Miscellaneous Updates

You can also update the following to point to your new HTTP site — canonical tags, PPC URLs, Email marketing software, external links, and backlinks.

Scan Your Website for Non-Secure Content

It is also crucial because it might help you identify any details along the way you missed

Here are some tools to use for this purpose:

SSL Check tool: The developers over at JitBit have created this great little tool which will scan your website and find any non-secure content.

Why No Padlock: Here’s a simple tool that will tell you about any insecure items on your SSL page!

SSL Insecure Content Fixer: Helps clean up WordPress website HTTPS mixed content

Make Updates to Your Social Media Accounts, Email Providers, and Google Accounts

You want your users on social media platforms, email providers, and apps to get redirected to your new HTTPS site without going through unnecessary redirects. If this happens many looks for other options.


Even as you do this migration go about it with an open mind and patience. Allow any potential trouble to be resolved in a test phase first. This will make sure that your audience gets the best experience using your new HTTPS site.

Sites that have successfully migrated to HTTPS had to follow a specific method. This systematic approach ensures that every potential risk is put to the test and then resolved appropriately.

Migrating to HTTPS before July 2018 will not only secure your site – your SEO will be positively affected as you will rank higher in the Google search. Evidently HTTPS offers security to your site and therefore is highly preferred by Google and ranks HTTPS sites better than HTTP unsecure sites.

For you to successfully benefit from the migration follow every detail of this guide from top to bottom. If you do this, rest assured your website will be secure, your users will trust you and your ranking can get better.

0 0 votes
Article Rating
Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
5 years ago

Hi Navneet! I have read many blogs during these days but this blog because of its noble cause & one must say is a life-guard to businesses. I never comment but yours deserves to have a +ve Comment.
Good research worth reading, Thank You for sharing your hardwork.

Related Posts

most asked questions on google
Have you ever thought about what are the most asked...
By Navneet Kaushal 148547 reads
map location
Letting your friends and family know about your real-time and...
By Navneet Kaushal 127270 reads
People Also Search For or People Also Ask
If you frequently use Google, it is very likely that...
By Navneet Kaushal 112491 reads