How to Migrate Your Website to HTTPS (Step-by-step Guide)

Article written by:
  • Hosting Guides
  • Feb 10, 2017

I’m sure you don’t need me to tell you that if you want to have a high ranking website these days then you’ve got your work cut out.

Getting backlinks, optimizing pages, creating content, social media…it’s a wonder we have time to run our businesses these days.

But amongst these things there are a few other important tasks that which are also Google ranking factors.

We’re talking about things like speeding up your website, making it mobile friendly and making your website secure.

Just so you can see what I’m talking about, here are the relevant Google announcements on these:

  • Loadspeed as a ranking factor
  • Mobile friendliness as a ranking factor
  • HTTPS as a ranking factor

Now when it comes to loadspeeds there are potentially dozens of factors that come into play but for most small business website just switching to SSD Hosting will usually be enough.

When it comes to mobile friendliness that usually means you’ll have to open your wallet and invest in a responsive website. In this case you could keep costs down by either going for a ready made template or even using a mobile website builder if cash is a real issue for you.

But when it comes to security the basic price of admission these days is to switch to secure HTTPS Hosting. That will involve buying an SSL Certificate.

So that’s what we’re going to cover in this post.

What You’ll Discover in this Post

In this post I’ll explain:

  • What is HTTPS and why it’s important
  • What an SSL Certificate is and the different options
  • A 9 step process for switching to HTTPS

Sounds like a plan? Great, let’s get started.

What is HTTPS and Why is it Important?

When you browse the internet and land on a website take a look at the browser bar to see the address of the website. Most websites will start with HTTP which stands for Hypertext Transfer Protocol.

That’s just a fancy way of describing the system that allows distributed systems to communicate with one another.

But sometimes you’ll notice a site that starts with HTTPS. The ‘S’ stands for ‘Secure’ and that shows that the link between your computer and the website is secure.

You may be more familiar with HTTPS by the padlock symbol that appears or the green browsing bar.

The way that HTTPS works is that it creates an encrypted connection between the website and the device you are browsing on. This prevents any data from being intercepted by hackers between the two machines.

This is especially important for websites that accept sensitive and confidential details such as payment card details or login passwords.

HTTPS used to be pretty much for Ecommerce sites to accept payments. It used to be just the payment areas but in recent years there has been a gradual switch to make the entire website secure.

This has been partly due to an increased awareness of the risks of not having a secure website but also because Google have clearly stated that having an HTTPS website is a ranking factor.

So the bottom line is that HTTPS is good for security, good for your online reputation and good for your Google ranking! What’s not to like?

So how do you make the switch to HTTPS? Well first you’ll need an SSL Certificate.

What is an SSL Certificate & What are the Options?

If you want to switch to SSL you’ll need to buy an SSL Certificate. Normally you can buy these direct from your hosting company.

The SSL Certificate is just a data file that binds an encrypted ‘key’ to your website to ensure that the connection is secure when someone browses your site.

The SSL Certificate activates the padlock or the green browser bar depending on the type of certificate used and ensures that the link is a secure HTTPS one.

Types of SSL Certificate

When you buy an SSL Certificate you will notice that there are several types of SSL available and they have differing features and pricing.

Overall the way they work doesn’t change – you don’t get a more secure connection because you’re paying more.

Below is a quick overview of several types of SSL:

  • Domain SSL – Low cost and issued instantly so minimal checks required except for ownership of domain. Shows padlock in the browser bar and valid for one domain.
  • Wildcard SSL – Same characteristics as the Domain SSL but can be used on subdomains of the main domain.
  • Organization SSL – More expensive SSL option that involves checks on domain and company ownership which usually take 1 to 2 business days to complete. Padlock shows in browser bar.
  • Extended Validation (EV) SSL – Most expensive type of SSL that involves more detailed company verification such as legal, physical and operational checks. Normally takes around 3 to 4 business days to be issued and allows website to use the green browser bar.

Microsoft Internet Explorer 7+, Opera 9.5+, Firefox 3+, Google Chrome, Apple Safari 3.2+ and iPhone Safari 3.0+ will identify ExtendedSSL Certificates as EV Certificates and activate the browser interface security enhancements.

Step By Step Guide to Switch from HTTP to HTTPS

So now that you understand the different types of SSL, let’s run through the steps to install it and switch from HTTP to HTTPS.

Before we do that it’s worth bringing to your attention that some of the steps are very straightforward whereas others require a degree of technical knowledge. Overall if you are not comfortable making these kinds of changes we would definitely recommend using the services of a web developer and using this guide as a checklist to make sure that things have been done to your satisfaction.

Also, depending on your level of technical expertise and the type of hosting you use you may be able to perform some or all of the below actions. For example, if you run a VPS or Dedicated Server you might not even need your hosting company to be involved as you can create the Certificate Signing Request and approve the SSL Certificate yourself (Step 1). If in doubt though, please check with your hosting company..

Step #1: Purchase & install SSL Certificate

Most people will buy their SSL Certificate from their hosting company because they can assist with the installation.

To keep things simple we’ll assume that you get the equivalent of a domain SSL where there is no lengthy verification process. What will happen is that once you order the certificate you’ll be sent an automatic email to one of a set of pre-defined email addresses to prove that you are the owner of the domain.

Usually it will be something like webmaster@yourdomain.

You can decide to go with a Certificate that has www. or you can choose it without. It all boils down to personal preference. If you’re not sure just stick with www. before the domain.

One you receive your certificate code it will need to be installed on the server. Again, this is something that your hosting company will usually assist you with.

Step #2: Backup Your Website Files

Whenever you’re making changes to your site it’s always best to run a backup. It’s just a belt and braces approach to make sure you have a backup available if you experience any issues.

Contact your hosting company about this but usually you can run a full backup via your hosting control panel like cPanel.

Step #3: Update Your Website’s Internal Links

If you check your website’s internal links you will notice that they are all using HTTP. Obviously these need to be updated to HTTPS links. Now in a few steps we’ll show you a way to do this globally using a redirection technique.

However, it is best practice to update your internal links from HTTP to HTTPS.

If you’ve got a small website with just a few pages that shouldn’t take too long. However if you have hundreds of pages it would take ages so you’d be better off using a tool to automate this to save time.

Step #4: Update Links Pointing To Your Site

Once you switch to HTTPS if you have external websites linking to you they will be pointing to the HTTP version. We’ll be setting up a redirection in a few steps time, but if there are any external websites where you control your profile then you can update the URL to point to the HTTPS version.

Good examples of these would be your social media profiles, GoogleMyBusiness and any directory listings where you have a profile page that’s under your control.

Step #5: Setup a 301 Redirect

OK onto the techie bit and if you’re not confident with this type of thing then it’s definitely time to get some expert assistance. It’s pretty straightforward and doesn’t take much time at all in fact, but you just need to know what you’re doing.

With a 301 Redirect what you’re doing is telling Google that a particular page has been permanently moved to another address. In this case you’re going to tell Google that any HTTP pages on your site are now HTTPS so it redirects Google to the correct pages.

For most people who use Linux web hosting this will be done through the .htaccess file. If you have another type of web server just ask your hosting company and they will advise.

Step #6: Update Your CDN SSL

This is actually an optional step because not everyone uses a CDN. CDN stands for Content Delivery Network and it’s a geographically distributed set of servers that store copies of your web files and they present them to your visitors from a geographically close server to improve the speed that it loads for them.

As well as performance improvements, a CDN can also offer better security because it’s servers can monitor and identify malicious traffic and stop it reaching your website.

An example of a popular CDN is Cloudflare.

Either way, just ask your hosting company if you are using a CDN. If you aren’t fine, just move on to the next step.

If you are then you need to contact the CDN and ask them for instructions to update your SSL so that their CDN system recognises it.

Step #7: Check Links in Automated Emails and 3rd Party Tools

Nowadays many businesses will use a range of additional tools such as email autoresponders and landing page generators as well as billing systems.

These all need to be checked through to update any links that point to HTTP content.

Step #8: Update Pay Per Click Content

Likewise if you are using paid search you should double check the links for your landing pages.

Of course the 301 Redirect (Step 5 above) will cover this, but it is always best to double check and make these changes.

Step #9: Update Your Google Accounts

Last but not least you’ll need to update Google Search Console (aka Google Webmaster Tools) and Google Analytics.

With Google Analytics you’ll just need to switch the default URL to HTTPS and with Google Search Console it needs the HTTPS version and SiteMap to be submitted.

Wrap Up

The direction of travel is clear when it comes to security.

HTTPS is the minimum standard required and Google is actively promoting this by making it one of their ranking factors.

In order to switch there is a step by step process you can follow. If you are not sure you’ll need some help from your hosting company and probably from a web developer. However, this is a one-off activity and once you’ve done it you’re set for the future.


About the author: Tony Messer

Author & co-founder of Pickaweb, UK web hosting provider. Having worked with thousands of small businesses, ecommerce retailers and startups, Tony is passionate about helping businesses achieve remarkable results. Connect with Tony on Pick A Web, Twitter @AntonyMesser, and Facebook /Tony Messer.

Article by Guest Poster

This article was written by a guest contributor. The author's views below are entirely his or her own and may not reflect the views of WHSR.

Get connected: