HTTPs has become a major concern in the SEO sphere recently. The Google initiative aims at offering a more secure web by encouraging website owners to migrate to HTTPs. While switching to HTTPs can include several advantages, underestimating the process can be a total disaster for both rankings and traffic. Our infographic focuses on providing you a handy roadmap to migrate from HTTP to HTTPS serenely.

How to migrate to HTTPS?

migration-to-https-a-step-by-step-SEO-guide

Feel free to share on your website

Infographic retranscription

Back in May 2017, Moz were announcing that 50% of search results were showing HTTPs. While Google is urging webmasters to switch to HTTPs, there are several best practices to respect to avoid any rankings loss.

Why switching to HTTPS?

Security
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
Encryption
Data integrity
Authentication

SEO
Google has confirmed HTTPS is actually a ranking signal. It helps:

  • Slightly improve rankings. According to SEMrush, HTTPs is the 7th ranking criteria in 2017.
  • Be prepared for future algorithm updates
  • Avoid loss of referral data
  • Prevent from injecting ads into hotspots

User experience
HTTPs is also beneficial regarding user’s experience because it builds confidence when it comes to security and paiements as SSL encryption is expected when purchasing.

How to switch from HTTP to HTTPS?

  • Start with a test server

Check and test everything to avoid screwing it up in real time.

  • Crawl current website

Get the big picture of the current state and for comparison purposes.

  • Read any documentation regarding your server or CDN for HTTPS

Be prepare to any potential issue.

  • Get a security certificate and install it on the server
  • Update references in content

Search-and-replace in the database. Update all references to internal links to use HTTPS or relative paths.

  • Update references in templates

References to scripts, images, links, etc are either using HTTPS or relative paths using Git or Notepad++. To make sure your browser is calling the right protocol you can use //. Eg: instead of calling a script in https://cdn.google.com <script src=”https://cdn.google.com” …. You can use <script href=”//cdn.google.com”…. Your browser will decide which one to pick, avoiding calling a HTTPs script that does not exist on that protocol.

  • Update canonical tags

While most CMS do it for you, double-check, because that’s not always the case.

  • Update hreflang tags

Like canonical, most CMS do it but check also any other tags you are using.

  • Update any plugins/add-on/modules

Avoid insecure content or bugs regarding internal site search or forms.

  • Crawl the site

Check for broken links or missed links. You can use OnCrawl to get a full report of your URLs. You can also export in csv.

  • Make sure any external scripts that are called support HTTPS
  • Force HTTPS with redirects

Check server documentation regarding Nginx, IIS or Apache.

  • Update old redirects currently in place

And secure lost links from previous redirects. Avoid chain of redirects.

  • Crawl the old URLs

Look for broken redirects. Again, you can use OnCrawl.

  • Update sitemaps

Use the right HTTPS versions of the URLs. Keep the old sitemap cause Google needs to crawl all pages in http to detect 301

  • Update your robots.txt file

Don’t forget to add your new HTTPs sitemap while also keeping the old one.

  • Enable HSTS

Load faster by telling browsers to always use the HTTPS version.

  • Add HTTP/2 support
  • Add the HTTPS version to search engines webmaster tools

Also upload the new sitemap. No need to use the Change of Address Tool when switching from HTTP to HTTPS.

  • Update your disavow file
  • Update your URL parameter settings

You are ready to go live!


Need to crawl your website and make sure your migration is properly operating? Give a go to OnCrawl with a 30 days free trial