A Step-by-Step Guide to Migrate Your Site to HTTPS
Grow Your Business, Not Your Inbox
Online security is becoming an increasingly important area for businesses of every size. And one of the most basic forms of online security entails switching to HTTPS hosting.
Of course there are loads of factors to consider, but aside from the advantages of presenting a safe and secure website to your visitors, switching to secure HTTPS hosting (as opposed to HTTP) is good for business. Along with the reasurrance it gives your visitors, HTTPS is actually a stated Google ranking factor.
And, in the coming years, the question isn't going to be so much whether you need to migrate to HTTPS, as when you are going to switch.
But if you're not prepared for it or unfamiliar with this technology, then all you need to do is to follow the following steps to ensure that your site is migrated safely, securely and with the minimum of impact.
Step l. Buy An SSL certificate
The first point is to buy the right SSL Certificate for you. Without getting too technical, the way that an SSL certificate works is that it creates an encrypted, impenetrable link between the browser window and the web server.
There are all sorts of different SSL certificates available, and they vary in cost. The important point is that fundamentally they all work under the same principle. You don't get "more security" just because you are paying for a more expensive certificate.
What they will offer are different sets of features.
The entry-level SSLs are Domain SSLs. These are issued instantly and require only email verification. They offer HTTPS browsing with a padlock but there is no in-depth verification process, just a domain-ownership check. They're ideal for smaller businesses on a budget that aren't taking online payments.
Next in line are Organization SSLs, which require a higher degree of verification which includes checking company ownership. As a result, they take longer to be issued, typically two to three business days. WIth this type of certificate, the company name and domain name appear in the browser bard.
Finally, there are Extended Validation SSLs, which allow you to use a "green browser" bar. These are more expensive than Domain or Organization SSLs and involve a verification process to check the company in more detail; that process includes legal, operational and physical verification.
It is for this reason that these SSLs can take between three and five days to be issued, and they will require that various legal documents be produced.
Step 2. Acquire an SSL certificate installation.
Once you've purchased your SSL Certificate, you'll need to approve it. As the graphic shows, there are different levels of verification before the certificate is issued; but if we use the example of a Domain SSL, this can be issued instantly once the domain owner verifies his or her email address.
This is done by the SSL issuer; the issuer sends an automated email to one of a pre-determined set of email addresses such as webmaster@TheDomainName.
If you're using shared hosting, then your hosting company will assist you as it administers the server. It will set everything up for you once you have approved the certificate.
Step 3. Do a full back-up.
Whenever you make major changes to your website, it's always worthwhie to run a full back-up of all of your website files. If you use cPanel hosting, for example, there is a built-in cpanel back-up feature that you can use, whiich is easy to configure.
Otherwise, check with your hosting company to see if it offers a managed back-up service, and use that.
Either way,, doing a back-up is a belt-and-braces approach.
Step 4. Change your HTTP links To HTTPS.
Before you switch to HTTPS, you'll need to update all of the internal links in your website. Later, we'll look at a way to globally achieve this, but it is still good practice to go through your website and change any links that point to HTTP pages inside your site to the new HTTPS links.
How you do his depends on the size of your website. If you just have a few pages, this is just a manual process. If you have hundreds, even thousands of pages, there are tools that can automate this process for you (especially if you are using WordPress).
Step 5. Check code libraries.
Step 6. Update any external links that you control.
All of the links pointing to your site from your social media accounts and listings in authority directories need to be updated. Just focus on the ones that you have under your control.
You'll be redirecting HTTP traffic to the equivalent HTTPS page shortly, so there's no need to stress about getting them all 100 percent updated -- just focus on the main ones.
Step 7. Create a 301 redirect.
This sounds complicated but it is quite straightforward, really. A 301 Redirect is a method of redirecting traffic from one web page (URL) to another. It is effectively a "permanent" redirection because your website is permanently switching from HTTP to HTTPS.
This is a really important point because if your website has dozens, hundreds or even thousands of backlinks pointing to it from other websites, hey will be set to point to the HTTP pages. If your searc- engine ranking depends on the number and quality of backlinks, then you don't want to lose the power that they give you.
Therefore, a 301 redirect means you don't have to go and change all of these links, which would often be impractical, if not virtually impossible.
Setting up a 301 redirect depends on the type of web server that you use. The most popular type of web servers are Apache, NGinx and LiteSpeed and Windows. With Apache and LiteSpeed, you need to update the htaccess file. With NGinx, you need to update the NGinx Config File. With Windows, you need to update the web.config file.
Step 8 (optional). Update CDN SSL.
If you are using a content delivery network (CDN) like CloudFlare, you will also need to synchronize your SSL with that system. A CDN is a globally distributed network of servers that stores copies of your web pages on its servers so that your pages are presented by the server closest to the person browsing your files.
This offers advantages not only in terms of speed but also of security, as it can recognize various malware patterns and prevent your site from being hacked. You just need to double-check with your hosting company or developer if you are hosted on a CDN. If you are, then you'll need to check with the CDN's technical team for its instructions.
Most websites don't use a CDN, though so this step is included for the purpose of completeness.
Step 9. Update any other tools and transactional emails.
These days, many businesses use a whole plethora of additional tools around their websites, such as email marketing, marketing automation and landing-page generators.
You'll need to prepare a list of these software programs and look for any mentions of web pages that refer to HTTP; then update them to HTTPS.
Another area is transactional emails: things like welcome emails, invoices and forgotten password emails. These all need to be updated. Sure, the 301 redirect will usually take all of these into account but it always looks more professional to present your clients with the correct URL.
Step 10. Update Google (Analytics and Search Console)
Last and not least, you'll need to update your Google accounts -- Analytics and Search Console. In Analytics, you just need to change the Default URL to HTTPS. In Search Console, you'll need to add the new site with HTTPS.
Switching to HTTPS is the direction of travel when it comes to online security. You're going to have to do it sooner or later.
But it doesn't need to be a complex matter. If you're not a technical person, you may need some help from a web professional. But, as long as you follow the steps outlined here, you'll be fine.