Important Considerations When Switching to HTTPS
By James Cummings ; July 6th, 2017

In January 2017, Google started labelling HTTP websites that contain fields for credit card information or passwords as ‘not secure'. Eventually, this will extend to all websites, whether they collect credit card information or not.

More sites are converting from http to https as they realise the importance of making this move. These are some of the reasons to consider switching to https:

●     As an e-commerce site, you need to ensure the credit card details of your customers are safe.

●     It will increase your SEO rankings.

●     Your customers will trust you, knowing their information is safe with you.

●     You'll avoid phishing emails and protect your visitors from malicious replicas of your site.

Don't think this level of security is exclusive to Google. Aliesha Ellington at Openhost Web Hosting points out that "Apple has mandated that all iOS apps must use HTTPS connections... and Facebook serves their ‘Instant Articles' over HTTPS, even if the original publication doesn't use it."

You're Ready to Switch, Do It Right

You must consider these when switching from HTTP to HTTPS:

1. It is best practise to start with a test server and test everything ahead of time.


2. Select the right SSL for your site. An SSL certificate is a data file that ensures that any information transmitted between a user's web browser and the website's server is secure. SSL activates the HTTPS protocol. Google advises you choose a 2048-bit key to ensure a high level of security. There are important considerations when deciding what SSL you want:

●  Is the certificate authority (CA) dependable? You want a CA that offers technical support.

●  Make up your mind which type of certificate you need:

i. Single certificate for one specific domain.

ii.  Multi-domain certificate for more than one domain.

iii. Wildcard certificate for different subdomains.

3. Use a crawler to take note of all URLs from your website and other subdomains, and export all your URLs from Google Analytics in case the crawler is unable to find all pages.

4. Check that your server supports HTTP Strict Transport Security (HSTS) and be sure that it's enabled. When users enter HTTP in their browsers, HSTS tells the browser to request HTTPS pages instead.

5. Once you know what certificate and provider you'll use, you'll have to create a certificate signing request (CSR) to install SSL on your server.

6. Follow the instructions on the website of the certification authority and install the SSL certificate.

7. Make sure none of your tags still point to the old HTTP versions. Changing them to the new HTTPS URLs ensures that Googlebot knows which version of the page it should be ranking in the SERPs. Make sure to map out the new HTTPS URLs for every single page, maintaining an exact duplicate URL structure. Depending on your CMS, you could use an SSL plugin, do a search and replace, or use protocol relative URLs.

8. You should make sure all your internal links are directed to the new HTTPS URLs. Ensure that all your images, CSS files, external scripts and resources are retrieved from secure locations.

9. Add 301 redirects from HTTP to HTTPS at the server level, notifying search engines that your website's addresses have changed. 301 redirects allow you to transfer almost all of the ranking power to the redirected page. You should not 301 redirect everything to the homepage or you could seriously hurt your rankings, which produces the same outcome if you don't do the redirects at all.

10.   When doing your 301 redirects, make sure you update all hard-coded links in your robots.txt file from HTTP to HTTPS.

11.   Improve speed by adding HTTP/2 support, which only works with HTTPS.

12.   Update social media links to the new HTTPS URLs.

13.   Update the default URL in your analytics platform to allow you track HTTPS thoroughly.

14.   Update PPC landing pages in order to preserve the landing page score.

15.   Update incoming links, so that websites linking to you don't have to load a redirect on their pages.

16.   If you use a CDN to make your page loading time faster, be sure to update your CDN URLs.

17.   Monitor everything and make sure your social accounts still work and traffic remains unaffected. There's a lot that can go wrong with an https switch.

Mistakes to avoid during a HTTPS migration

●  Not letting Google crawl your HTTPS URLs.

●  Duplicating content when both HTTP and HTTPS versions of a page are displayed.

●  Failing to replace all HTTP URLs with HTTPS URLs.

The importance of making the switch to HTTPS for your business cannot be overemphasised. However, you need to ensure best practices and avoid common mistakes.

About author

James is a business psychologist and serial entrepreneur, with over a decade working in finance, IT, marketing and recruitment sectors. He has authored numerous books in the management space and is Founder and CEO of

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Flash can be added to this post.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

More information about formatting options

To prevent automated spam submissions leave this field empty.