Shivangi Shrivastava

A Step by Step guide to switch from http to https and why you must do it today!

In the digital age where the internet reigns, the proverbial ‘netizens’ have wide access to a plethora of information, but at the same time are exposed to a lot of unprecedented risks.

One of the ways of securing your website and users is by switching your website to HTTPS, which is a secure version of the Hypertext Transfer Protocol.

An HTTPS website has numerous benefits.

https-image

Source

Since the data over a secure channel is encrypted, information lost during transit is as good as useless, unlike HTTP where the information is transmitted in readable text form.

The visible padlock in the address bar of the browser often builds trust on visitors of the security your website provides.

Google had announced in 2014 that they will start to factor in HTTPS as ranking signal for their searches which in turn contributes to better SEO. Not only this, but they had also implemented the policy of marking HTTP websites as ‘not secure’ in late 2016. This means a lot to the credibility of your website.

The SSL security symbol acts as a seal of quality and assurance and it’s high time you adopted the new security standard.

Fret not.

This is a short guide to show you how to switch your HTTP website to HTTPS, the secure version of the now being phased out HTTP.

There are 8 basic steps to switching your site to HTTPS:

  1. Purchasing & installing an SSL certificate
  2. Creating a backup of your website
  3. Switching internal links to HTTPS
    (Optional) 3rd party script updates to HTTPS
  4. Setting up 301 redirects to your HTTPS website
    (Optional) Installing SSL on CDN
  5. Updating external links
  6. Updating Google Webmaster Console and Analytics

Here’s a handy infographic for you to scour & refer to.

httpas-image2

Source

Right then, now for the details.

1. Purchasing and Installing an SSL Certificate

An SSL certificate basically works like an anti-spying tool. It encrypts data between your host server and your website users, obfuscating any data transmitted between the two.

There are a couple of SSL certificates available:

  • Domain SSL: The most popular sort of SSL provides a padlock and domain name in the browser address bar. A cheap and effective solution which is restricted to only one domain and is delivered almost instantly.
  • Wildcard SSL: Is essentially an extension of the Domain SSL in the features it provides, except that it also covers dynamic subdomains of your website too.
  • Organization SSL: Is an enhanced and costlier version of the Domain SSL and takes 2-3 days to be issued. It also shows the company and domain name alongside the padlock in the address bar.
  • Extended SSL: An even more expensive version of the SSL certificates, extended SSL requires domain ownership as well company verification. This often involves physical visits involving paperwork and its issuance can take up to a week.

https-image3

Source

We shall stick to Domain SSL since that’s the most popular form of certification.

The verification for this kind of certificate is done through an email to one of the email addresses of the domain name, which can even belong to your website host, so keep that in mind.

Most website hosts offer services to install SSL certificates so there is hardly anything to worry about. You can switch to domains that offer the service in case your current domain does not’ offer the service, or let your developer take things over for the installation.

Once the verification of the certificate is done your host will assign a dedicated IP and install the certificate.

2. Create a Website Backup

It’s good practice to keep a backup of your website, especially when handling such sensitive things as a complete overhaul of your website.

While a relatively minor task – switching to HTTPS – it is better to be sure than sorry.

You can manually create the latest backup of your website or ask your domain host to provide you with one. Just in case you need to revert things back to normal without costing you anything.

Switching Your Website’s Internal Links to HTTPS

If you have a handful or maybe even a couple dozen pages, it is a good idea to manually go through the pages to check that no page redirects a visitor on your site to the HTTP version.

This is to ensure that there is no 404 error on your page when you switch your website to the HTTPS standard.

https-image4

Source

For much larger websites with thousands of pages there are automation tools like Interconnect It which can save you time. It is still a good practice to go through pages manually to be sure. Not all, but the ones that matter.

(Optional) 3rd party script updates

If you have complex websites utilizing Ajax and JavaScript.

Consider updating such tools, software, and code libraries so they work when you switch over to the HTTPS standard.

4. Setting Up 301 Redirects

A 301 essentially redirects the web traffic to a particular direction. In this case, a 301 will redirect your users to the HTTPS version of the website instead of the HTTP one.

This ensures that all backlinks to your website redirect to the HTTPS version of the website and not the HTTP version.

https-image5Source

It also safeguards your SEO.

There are a few web servers that have different was to be dealt with. The most popular of them are Apache, Nginx, LiteSpeed, and Windows.

For Apache or LiteSpeed, you’ll need to update the htaccess file.
For Nginx, you need to update the NgInx Config file.
For Windows Web Server, you need to update the web.config file.

(Optional) Installing SSL on CDN

If your website is using a Content delivery Network (Like CloudFlare), you should contact the CDN team to get to know the ways you can synchronize your SSL certificate with them.

You should confirm with your hosting company of your website utilizes a Content Delivery Network, first.

If your website doesn’t utilize a CDN, then you needn’t follow this step.

5. Updating External Links

You have to be sure that you present to your clients the correct URLS.

The 301 workaround ensures that your traffic gets redirected to the correct HTTPS domain, but it is good practice to trace and rectify the old HTTP links that link back to your website from emails, social media websites, landing pages etc.

You don’t have to go overboard with correcting all the links, just be sure to handle the ones on priority and under your immediate control.

Small things like FAQ links from chatbots, ‘Forgot Password’ links etc, are some of the common ones that you should be warey of.

It’s better to be correct with the URLs from the start rather than to rely on a 301 workaround.

6. Updating Google Webmaster Console and Analytics

This is a relatively simple ‘step since you need only update your new URL o the Google Websites.

Just Submit your new HTTPS URL to the Google Webmaster Tools.

 

Source

Don’t forget to add the new HTTPS URL for your website on to Google Analytics, otherwise you’ll be getting false metrics in the form of reducing traffic since Analytics would pick up on the dwindling traffic of your HTTP website while in reality the traffic is simply being redirected to the newly made HTTPS version of your website.

https-image6Conclusion

That’s it!

Switching over to HTTPS is not as cumbersome as it may appear to be. Most of the things are sorted from your domain host’s side and you need only tweak a couple of things here and there by yourself, but it’s, of course, better to let your developer handle it.

You need only choose the most suitable SSL certificate with the Domain SSL being the most common.

With internet security on the rise, it is better to be amongst the early adopters as Google has proven the worth of it with their ranking criteria considering HTTPS.

This is only one of the reasons why you should make the switch to HTTPs.

We hope this short guide helped you. Do let us know if you snatch something missing here. And if you have any questions to ask, fire away in the comments down below.

REFERENCES- Google ranks better – https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
As of January 1, 2017, Google Chrome will classify all websites without SSL encryption as unsafe. (use image from there SSL graphic), support for non SSL will go down (WordPress -Additionally, any host that does not use standard SSL encryption will no longer be supported or promoted)
https://en.onpage.org/blog/https-ssl-and-seo-get-better-rankings-with-better-security
Downside of HTTPS (fraud licences, Heartbleed) https://www.wired.com/2017/01/half-web-now-encrypted-makes-everyone-safer/

Do you want to build a strong subscriber list fast?

Learn how to leverage the full power of web push notifications.

Shivangi Shrivastava
Shivangi is the Content Crafter at Notifyfox - a software helping marketers connect and communicate better with their users.  She is a writer by day and an avid reader by night.  When not working, you can usually find her buried deep down in Google SERPs.