When it comes to websites on the internet, security is of utmost importance and with Google announcing HTTPS as a ranking signal moving your website from HTTP to HTTPS has become crucial.
This post covers the basic difference between HTTP and HTTPS, the reasons to migrate and the steps to follow.
HTTP vs HTTPS
HTTP stands for HyperText Transfer Protocol, it is used for communication purpose on the world wide web (www).
HTTPS on the other hand, is the secure version of HTTP, HyperText Transfer Protocol Secure. The data sent over the communication channel that is established therefore is secure. HTTPS, therefore, is usually used on websites to that deals with banking or e-commerce transactions.
Why to Move?
Apart from the three key layers of protection provided by HTTPS there are several other reasons for you to migrate your website from HTTP to HTTPS. Let’s have a look at the three key ones.
Improved SEO Ranking
Not only does making your website secure help protect your website, it even helps in your ranking with Google’s secure web initiative.
According to the initiative, Google encourages websites to go secure by
- Announcing HTTPS as a ranking signal
- High priority given to index HTTP Pages
- Debunking myths and explaining how it’s easier and cheap to move to HTTPS
Security
The security is provided by TLS (Transport Layer Security) and is essentially provided in three layers viz.
- Encryption: Data is encrypted and no one apart from the end user can decrypt it. Thus , if there are is any eavesdropper present trying to listen or steal the information it is prevented.
- Data Integrity: Data passed over the channel can’t be corrupted or modified without detection.
- Authentication: Users are able to communicate to their intended website without an attacker interrupting the conversation. Eg: Man-in-the-middle attack
Better Performance
With the upgradation of HTTP to HTTP/2 (HTTP 2.0) most of the browsers support the new protocol over the secure HTTPS network. Moving to HTTPS increases the speed of your website and in turn boosts the performance of your website and user experience.
Steps to Migrate
Getting a Valid SSL Certificate
To begin with, you require an SSL certificate. SSL Certificate is a digitally signed certificate that establishes the identity of a website and uses encryption to send data to the website. There are several types of SSL Certificates but the most recommended one is an EV SSL Certificate. Alternatively, you can even choose a COMODO SSL Certificate. ResellerClub provides four categories of SSL certificates:
1. POSITIVE
2. COMODO
3. WILDCARD and
4. EV SSL
Installing your SSL Certificate
I: One of the most important thing to remember is that to install SSL Certificate you also need the SSL Certificate of the Certificate Authority (CA). The CA bundle contains root and intermediate certificates of the CA. You can download it from here. Once your certificate is issued, it will be available in your control panel.
1. Login to your Control Panel
2. Go the Order Information view
3. In the Order Information view, click on View certificate details,
A pop-up will now show the certificate.For installing your SSL certificate on your server, it depends mostly on the software that you are running. The steps change accordingly. Refer the to see the appropriate instructions.
Cpanel
Plesk
Microsoft IIS 5.x & 6.x
Microsoft IIS 7.x
Apache
NGINX
OS X Lion (10.7) Server
Others
II: If you want to host multiple SSL certificates for different domain on the same IP address, then you need to install them via SNI (Server Name Indication). Installing SSL via SNI doesn’t require a dedicated IP address. Resellerclub supports SNI on their HostGator servers. To install it you need to contact the Support Team and they install it for you.
Update Hard-coded links to HTTPS
It is a good practice to use relative URLs, but then are chances someone has hard-coded a URL and in such a case you will need to do a full cleaning of your website and the database during the migration process.If you are a WordPress user, then you can easily follow Yoast’s instructions that can be found here. You will need to change the URL of the website, add some bits of code to force HTTPS in the admin area and even install the WordPress HTTPS plugin.If you are a non-CMS user then you will need to find all the links. This includes links to pages, images, CDN, JavaScript and, anything that your website might use. The next step is to change the relative link paths. For example, if the link is “http://yourdomain.social/link” then it should be “/link”. Finally, refresh your cache on both website and browser and check the links.
Update Custom JavaScript, AJAX libraries to HTTPS
If at all you’ve installed any custom script on your website, you will want to change it to HTTPS as well. For example, if you’re using Google’s jQuery then you can point it to their HTTPS version https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
Adding 301 Redirects
Adding 301 redirect is an important step to all your new URLs. You can either use a plugin or add the following code to your htaccess file via FTP (Note this is for WordPress sites).
Apache
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]NGINX
server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}
Update your robots.txt file and Sitemaps
First you update Sitemaps to use the HTTPS version of the URLS then, update robots.txt file to include the new Sitemap. It is important to update robots.txt and Sitemap for SEO purposes, as it consists website URLs.
Fetch
As all the website URLs are changed after migrating to HTTPS, Google needs to recrawl this. Sometimes it may take weeks for Google to make these changes correctly, so it is recommended doing this as soon as you can to speed up the process.
Updating your Google Analytics Profile URL
Lastly, you need to update your Google Analytics Website’s URL. To do this, click Admin under your account and then view settings. Then change the URL to the HTTPS version. Change your Property Settings as well, so as to not lose history.
Conclusion
As you have noticed, there are a lot of steps when migrating from HTTP to HTTPS make sure you do follow the steps properly and you should be successful. If you have any comments or suggestions, feel free to drop us a comment below.