+216 50 039 939
hello@hazguiwp.com

July 8, 2021

How to Redirect Website from HTTP to HTTPS?

What are the benefits of HTTPS for site owners and regular users?

HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP, a protocol that’s used to protect the integrity and confidentiality of data over the Internet. Our chat guests named multiple benefits that moving your website to the HTTPS protocol provides for you and your site visitors. Here they are.

Security

Obviously, when users are interacting with your site, they expect a secure and private online experience. According to Google, HTTPS protocol helps you protect your users’ connection to your website. However, some experts pointed out that even after you switch to HTTPS, you may still be vulnerable to some issues, such as downgrade attacks, DDOS attacks or hacks of your site, server or network.

Encryption, data integrity, and authentication

Google identifies three main reasons why you need to move your site to HTTPS, which are encryption, data integrity and authentication. These are the three layers of protection for your and your users’ data.

Trust

Debi Norton pointed out two reasons for using HTTPS. First of all, it adheres to Google’s Webmaster Guidelines. Also, from the user experience point of view, it helps your site gain a higher level of trust with your users. “Security equals trust and might equal making more money.”

Pre-launch checklist: What factors need to be considered when preparing for the move to HTTPS?

You have to realize that a successful website move depends on proper — and up-to-date — Google Search Console settings, formerly Webmaster Tools, so if you haven’t already completed the site verification of your http domain variant, then I urge you to do it today.

Important: You should always use the same email address when verifying your site URLs variants in Google Webmaster Tool. Not doing so can result in failed domain ownership verification and you could get annoyed very fast because you will find out that Google will be unable to recognize that all the URLs variants of your domain are actually referring to the same website.

Also, to simplify the domain ownership verification process, please use the same email address that you have connected your Google Analytics accounts with.

Fix anything that might not be functioning correctly

To begin, you need to fix everything that might be broken or functioning improperly before initiating a migration.

301 redirect

Identify all existing 301 redirects on your website and then update them to their HTTPS version. All 301 redirects that are implemented on 404 pages should be updated to this version.

What are the benefits of HTTPS for site owners and regular users?

HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP, a protocol that’s used to protect the integrity and confidentiality of data over the Internet. Our chat guests named multiple benefits that moving your website to the HTTPS protocol provides for you and your site visitors. Here they are.

  • Security
    Obviously, when users are interacting with your site, they expect a secure and private online experience. According to Google, HTTPS protocol helps you protect your users’ connection to your website. However, some experts pointed out that even after you switch to HTTPS, you may still be vulnerable to some issues, such as downgrade attacks, DDOS attacks or hacks of your site, server or network.
  • Privacy
    Some of our chat guests mentioned that using HTTPS provides privacy for your site visitors. Sean Van Guilder also explained that when users click on an ad and then land on a site that doesn’t use HTTPS, they will see a security warning message from Google. This will make them click back, which means that the site owners will have to pay for clicks without any benefit.
  • Encryption, data integrity, and authentication
    Patrick Stox remarked that Google identifies three main reasons why you need to move your site to HTTPS, which are encryption, data integrity and authentication. These are the three layers of protection for your and your users’ data.
  • A lower bounce rate
    In August 2014, Google announced that moving your site to HTTPS will give you a slight ranking boost. Even though there’s no certainty whether or not the search engine rewards HTTPS or punishes the lack of it, it’s a fact that warning messages from Google can scare some of your site visitors away.
  • Trust
    Debi Norton pointed out two reasons for using HTTPS. First of all, it adheres to Google’s Webmaster Guidelines. Also, from the user experience point of view, it helps your site gain a higher level of trust with your users. “Security equals trust and might equal making more money.”

Even though HTTPS cannot protect you from all problems and your site may still be vulnerable to some issues, it’s being actively pushed by Google. So, if you haven’t switched to HTTPS yet, it’s time to do so.

Pre-launch checklist: What factors need to be considered when preparing for the move to HTTPS?

Fix anything that might not be functioning correctly

To begin, you need to fix everything that might be broken or functioning improperly before initiating a migration.

301 redirect

Identify all existing 301 redirects on your website and then update them to their HTTPS version. All 301 redirects that are implemented on 404 pages should be updated to this version.

Certification setting

You need to buy and install an SSL certificate. When installed, it activates the HTTPS protocol and allows secure connections between a web browser and the server. There are three different types of certificates: domain validation, organization validation, and extended validation. Once you have installed an SSL certificate, you need to check whether or not there are any issues with it.

CDN

If you use a CDN (Content Delivery Network), ensure that it won’t cause any issues, and will properly serve the HTTP domain version of your site and handle SSL when the website is migrated to the new version.

Internal links

The internal links on your website also need to be updated to their HTTPS URLs, image files, video files, JavaScript files, etc.

Robots.txt

Make sure to update your site’s existing robots.txt file and update the new sitemap that is configured for the HTTPS version. Once you have done this, verify that robots.txt isn not blocking any important files, like CMS or product page.

Disavow configuration

You need to copy any existing disavow files and upload them to their HTTPS version in Search Console.

What technical aspects need to be configured to ensure there is no content duplication?

When you move your site from HTTP to HTTPS, you can end up with two versions of the same the website. This means that two identical sites will be indexed in Google and the duplicate content will confuse the search engine. Duplicate content is a red flag that can hurt your site’s capacity rank.

First of all, to avoid duplicate content issues, you need to update canonical tags to make them point to the HTTPS version and update all the implemented 301 redirects to the new version.

You should configure a new sitemap for your site’s HTTPS URLs and submit it to Google and Bing.
Make sure that the robots.txt file on the HTTPS version is updated. Copy the file from the HTTP version to HTTPS and update the Sitemap reference to the new Sitemap file.

Which tools should site owners use for each stage of the migration process to ensure it's successful?

  • Screaming Frog. SEO Spider, Screaming Frog’s website crawler, allows you to easily and quickly find broken links, audit redirects, review robots.txt and discover duplicate content to name a few.
  • Ahrefs. Ahrefs provides a whole toolset for SEO, including a powerful backlink checker.
  • Majestic. Majestic’s Backlink History is another effective tool that lets you determine the number of backlinks detected by its web robots.
  • Google Search Console. Using Search Console, you can easily monitor Google Search results data for your properties.
  • Bing Webmaster Tools. Use Bing’s reporting and diagnostic tools to get more insights into your website.
  • Observatory by Mozilla. The Observatory Tool launched by Mozilla is designed to help developers, website owners, and security professionals configure their sites securely.
  • DeepCrawl. Besides the above-mentioned tools, Modestos Siotos recommended using DeepCrawl, a website crawler that enables you to analyze your site architecture and monitor potential technical issues to improve your site’s performance.

HTTPS should be everywhere, and lately, Google has considered this as a ranking signal to their search engine results.

There are two primary reasons you should consider securing your website with an SSL certificate.

Apache

  • Login to your Apache server and go to the path where it’s installed.
  • Go to the conf folder and take a backup of httpd.conf file
  • Open httpd.conf using your vi editor (choose your favorite editor)
  • Ensure mod_rewrite.so module is loaded
LoadModule rewrite_module modules/mod_rewrite.so

  • If you see above line is commented then uncomment it
  • Add the following at the end of the file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
  • Restart Apache webserver to test it.

A configured website should be able to redirect and accessible on https.

Nginx

Login to the Nginx web server and take a backup of nginx.conf or default.conf file (whatever file you are using for server directive)

Add the following in server directive

return 301 https://$server_name$request_uri;
  • Save the file and restart Nginx web server.

Restart Nginx to test the site.

Cloudflare

If you are leveraging Cloudflare for performance and security, then having a website through HTTPS is very easy.

  • Login to Cloudflare >> select the site
  • Go to SSL/TLS tab >> Edge Certificates
Cloudflare SSL
  • Ensure it turned ON

There is another way, page rules.

  • Go to Page Rules
  • Click “Create Page Rule”
  • Enter the URL (put the asterisk, so redirection happens for all the URI)
  • Click “Add a Setting” and select “Always Use HTTPS” from the drop-down
Cloudflare page rules

Click “Save and Deploy”
It will take a few seconds, and you are all set to have your website accessible through https. After using Cloudflare, if your site breaks due to mixed content, then check out the following guide.

What’s next?

Once you setup the redirection, ensure all the resources are getting loaded over HTTPS. You can use the Mixed Content Testing tool to verify if any resource is still getting loaded over HTTP.

Mixed Content Testing tool

Leave a Reply

Your email address will not be published. Required fields are marked *

HAZGUI WP

HAZGUI WP mission is to create custom websites and marketing plans for businesses of all varieties. Regardless of your size, you should have a website that speaks your ideas and helps you grow.
PRICING
hello@hazguiwp.com
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram