HTTPs has become a major concern in the SEO sphere recently. The Google initiative aims at offering a more secure web by encouraging website owners to migrate to HTTPs. While switching to HTTPs can include several advantages, underestimating the process can be a total disaster for both rankings and traffic. Our infographic focuses on providing you a handy roadmap to migrate from HTTP to HTTPS serenely.
How to migrate to HTTPS?
Feel free to share on your website
Infographic retranscription
Back in May 2017, Moz were announcing that 50% of search results were showing HTTPs. While Google is urging webmasters to switch to HTTPs, there are several best practices to respect to avoid any rankings loss.
Why switching to HTTPS?
Security
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
Encryption
Data integrity
Authentication
SEO
Google has confirmed HTTPS is actually a ranking signal. It helps:
- Slightly improve rankings. According to SEMrush, HTTPs is the 7th ranking criteria in 2017.
- Be prepared for future algorithm updates
- Avoid loss of referral data
- Prevent from injecting ads into hotspots
User experience
HTTPs is also beneficial regarding user’s experience because it builds confidence when it comes to security and paiements as SSL encryption is expected when purchasing.
How to switch from HTTP to HTTPS?
- Start with a test server
Check and test everything to avoid screwing it up in real time.
- Crawl current website
Get the big picture of the current state and for comparison purposes.
- Read any documentation regarding your server or CDN for HTTPS
Be prepare to any potential issue.
- Get a security certificate and install it on the server
- Update references in content
Search-and-replace in the database. Update all references to internal links to use HTTPS or relative paths.
- Update references in templates
References to scripts, images, links, etc are either using HTTPS or relative paths using Git or Notepad++. To make sure your browser is calling the right protocol you can use //. Eg: instead of calling a script in https://cdn.google.com <script src=”https://cdn.google.com” …. You can use <script href=”//cdn.google.com”…. Your browser will decide which one to pick, avoiding calling a HTTPs script that does not exist on that protocol.
- Update canonical tags
While most CMS do it for you, double-check, because that’s not always the case.
- Update hreflang tags
Like canonical, most CMS do it but check also any other tags you are using.
- Update any plugins/add-on/modules
Avoid insecure content or bugs regarding internal site search or forms.
- Crawl the site
Check for broken links or missed links. You can use Oncrawl to get a full report of your URLs. You can also export in csv.
- Make sure any external scripts that are called support HTTPS
- Force HTTPS with redirects
Check server documentation regarding Nginx, IIS or Apache.
- Update old redirects currently in place
And secure lost links from previous redirects. Avoid chain of redirects.
- Crawl the old URLs
Look for broken redirects. Again, you can use Oncrawl.
- Update sitemaps
Use the right HTTPS versions of the URLs. Keep the old sitemap cause Google needs to crawl all pages in http to detect 301
- Update your robots.txt file
Don’t forget to add your new HTTPs sitemap while also keeping the old one.
- Enable HSTS
Load faster by telling browsers to always use the HTTPS version.
- Add HTTP/2 support
- Add the HTTPS version to search engines webmaster tools
Also upload the new sitemap. No need to use the Change of Address Tool when switching from HTTP to HTTPS.
- Update your disavow file
- Update your URL parameter settings
You are ready to go live!