What To Consider When Migrating From HTTP to HTTPS
July 05, 2017
Why move to HTTPS?
HTTP is an acronym that means Hypertext Transfer Protocol - a protocol that allows for transfer of information between different systems. HTTPS means almost the same thing except for the added “s” which stands for “SSL”. SSL stands for Secure Sockets Layer - a technology that encrypts a website’s connection and prevents hackers from intercepting communication or data that is being transferred. The added security feature that comes with the “s” is something HTTP severely lacks.
Data or information communicated via HTTPS is secured with these three levels of protection:
- Authentication – Ensure your site’s users communicate only with the intended website without interference from third parties.
- Data integrity – Data sent over HTTPS can’t be corrupted or modified during transfer without being detected.
- Encryption – Exchanged data is encrypted and secured against uninvited third parties accessing them.
Other benefits of switching to HTTPS include;
- HTTPS helps with SEO: According to @SEMrush on Twitter, the security of your site affects your SEO ranking. Matt Cutt also describes HTTPS as a lightweight ranking signal which will, over time, strengthen and boost your SEO rankings.
This means if my site and another site are vying for top ranking, adding https to my domain can give me the edge to rank over my competitor’s ordinary HTTP site.
- It provides better security for your website: Kayce Basques, a Google technical writer recommends all websites use HTTPS for protection reasons.
@JordanCommuntt on Twitter also contributed to the value of HTTPS’ security feature by stating, if you are an entrepreneur with your own website, protecting sensitive data such as your clients' credit card is very important.
A common misconception about HTTPS is that only websites handling sensitive communications need HTTPS. I disagree, because unprotected HTTP requests eventually have the potential to reveal sensitive data concerning your users.
The security protocol of HTTPS shields a website’s integrity by preventing intruders from interfering with a site and its visitors’ communications. An example of this is by securing communication and preventing the insertion of malware.
But while your site becomes more secure with HTTPS, you’d still be prone to more advanced attacks, such as: Downgrade attacks, Brute force attacks, DDOS attacks, software vulnerabilities, Heartbleed, Poodle, Logjam, etc.
- HTTPS is AMP friendly: For website owners hoping to be found online by more people, going mobile is the best way forward. This is something I can attest to because I perform most of my online research on my tablet, not my laptop. The keyword here is mobility. And even though a lot has already been said about the need to make websites more mobile responsive and friendly, not everyone is listening.
AMP (Accelerated Mobile Pages) was developed by Google to ensure faster loading of content on mobile devices. Google has accomplished this by having AMP content appear prominently in their search results.
Now, more and more modern browsers require HTTPS before they can perform optimally. So if I were you and I wanted to make my site more accessible to a larger and ever expanding audience, I’d add HTTPS to my website if I haven’t already.
- HTTPS pages load faster: Because HTTPS allows the adoption of HTTP/2, HTTPS pages load faster than HTTP. So if page speed is as important to you as it is to me, you should upgrade to HTTPS.
In this age when everyone is impatient and ready to opt for a faster option, ask yourself, “Why would anyone visit your site for the same information they can get on a faster and more secure site?”
How to change from HTTP to HTTPS
Changing from HTTP to HTTPS is straightforward:
- Purchase an SSL certificate
- Install said SSL certificate on your website’s hosting account
- Ensure all your website links are edited from HTTP to HTTPS. This is to ensure you have no broken links after your site becomes fully HTTPS .
- Put in place 301 redirects from HTTP to HTTPS. This will notify search engines that your website’s address has been changed and will make sure anyone that’s bookmarked any of your pages automatically gets redirected to your new HTTPS address.
A hosting company can manage the entire process for you
While migrating to HTTPS might seem pretty straightforward, there are certain aspects you might find daunting and even a little confusing, especially when it comes to picking the right SSL certificate. It’s advisable to engage the services of a professional hosting company, with a good history across the web domain, to handle the more intricate aspects of upgrading to HTTPS.
Other services a professional would offer:
- Take the new HTTPS site for a test run: It’s important to do this because it lets you get everything right and work out the kinks before your site becomes fully functional, thus avoiding errors in real time.
- Crawl the new website to ascertain the current state and to make sure there aren’t any missing or broken links.
- The professionals have a better understanding of all documentation concerning your server or CDN for HTTPS. Any CDN issue will be easily dealt with by a professional without you being hassled.
- Get a security certificate and install on the server.
- Update references in your content, references in templates (using Git or Notepad++). Also update canonical tags, update hreflang tags or OG tags, and update any plugins / add-ons / modules to ensure nothing is broken or contains insecure content.
- CMS-specific settings might require getting changed.
- Monitor every aspect during migration and double-check to ensure everything is working smoothly.
- Update sitemaps to apply HTTPS versions of the URLs and update robots.txt file to include new sitemap.
Common problems with HTTPS migrations
Problems can be avoided if migration is handled by a professional web hosting company. If a migration to HTTPS isn’t properly handled, the following might go wrong:
- Google might be unable to crawl both the HTTP and HTTPS version of the site because of failure to update test server to allow bots.
- On-page HTTP URLs not being replaced with their HTTPS counterpart.
- Duplicated content showing on both HTTPS and HTTP.
The immense benefits of moving from HTTP to HTTPs and Google’s position on HTTPS means you cannot afford to ignore it anymore. The importance is more highlighted in today’s world where cyber security concerns permeates all spheres of the web space. The complexities of the migration process should not deter you from making the switch as professionally backed migrations are often without hiccups.