How to move your business website from HTTP to HTTPS

  1. Website from HTTP to HTTPS

    justinaldridge UKBF Enthusiast Full Member

    669 252
    5 |

    Using the HTTPS protocol to secure your business website is becoming increasingly important, providing assurance to visitors and a potential improvement in search visibility. Here Justin Aldridge, SEO director at Artemis Marketing, explains what HTTPS does and how to migrate your site.

    As a business or website owner you have a responsibility not only to protect yourself but also the visitors to your website. As well as storing any user and order details securely, any communication through the website also needs to be secure as insecure connections can be intercepted and even modified by a malicious third party.

    The easiest way to protect the traffic to your website is using the HTTPS protocol. The majority of websites today still use the traditional HTTP unsecured protocol, in fact, only 0.1% of websites online today are using HTTPS.

    That is not many websites and it reflects the current issue with the internet and how vulnerable people are online, especially those that are less familiar with how hackers work and what makes a website or connection secure.

    So what is HTTPS exactly?

    There are plenty of articles online to explain this and Google’s own tips are a great place to start. Essentially, HTTPS is comprised of the traditional HTTP connection which is then encrypted using TLS (Transport Layer Security). As Google states, there are three core benefits that HTTPS provides:

    • Encryption: The data is sent and received in an encrypted format, so that third parties can’t listen in or steal data such as the username and password you enter on a website
    • Data integrity: This ensures that the data to and from the browser is not modified or corrupted, and detects if issues have occurred
    • Authentication: This ensures that you are communicating with the website you were intending to communicate with

    These are mainly the technical and security benefits but there are also direct benefits to a business associated with a move to HTTPS.

    How HTTPS helps your business

    There are two main ways that having your website address prefixed with HTTPS instead of HTTP helps your business.

    Firstly, a secure connection gives visitors to your website increased trust and confidence in your website when interacting or buying through it. A secure website can, therefore, lead to increased sales or leads. This is especially true in Google Chrome, the most popular browser, which will soon start flagging unsecured login pages as “Not secure”.

    Eventually Google will roll out this notification to all pages on websites still using HTTP which could further negatively impact sales and leads.

    And, the second main benefit to a business is that Google now applies a search ranking benefit to HTTPS sites. When Google first announced this benefit we tested it on some sites but we didn’t see any corresponding ranking benefit. However, in more recent transitions to HTTPS we have seen the benefit applied to the website’s rankings. The ranking benefit is very real:

    Note, however, that ranking increases vary from keyword to keyword and it really depends on the competition in the search results. It doesn’t appear to be a very strong positive ranking signal, but it’s definitely a signal and it helps to improve overall rankings.

    Where to begin to enable HTTPS on your website

    There are so many guides out there to help you move your website to HTTPS and often they can be quite confusing, especially when the articles become unnecessarily technical.

    What you will need are the following:

    • A web server (host) that can accept secure connections. Most hosts will have enabled this already
    • A security certificate. You will need to buy this, usually from your host, or you can get a free one from Let’s Encrypt
    • An hour or so to update your website and other resources accordingly, depending on the size of your website.

    Let’s look at each of these in turn.

    Website hosts like 123 Reg, GoDaddy and 1&1 generally already have their servers configured to accept secure connections. This shouldn’t be a concern, but it’s worth checking first in case you’re on an old server which isn’t.

    Then you need to buy your security certificate. I often feel that this is an area that causes the most stress! For simplicity of implementation, the first port of call should be your web developer. They should be able to advise you where to buy it and how to get this configured on your server for your website. A certificate can typically cost £5 to £10 per month.

    There is the possibility of installing a free certificate from Let’s Encrypt, which is an online initiative to prevent the cost of a certificate stopping people or businesses from being able to secure their websites. It does require some technical knowledge to implement and it needs updating every 90 days, so it’s probably best if it’s done by a web developer.

    Some host companies, such as Siteground, pre-configure websites on their servers with free Let’s Encrypt certificates, which means it’s all done and you don’t have to do anything apart from make your website default to HTTPS. This is very handy indeed and it would be great if more hosts did this.

    Other hosts, such as GoDaddy, Hostgator and 1and1, have options to buy and install certificates directly through them. This is often the easiest route to get the certificate installed if you are doing it yourself.

    You should start by checking what products your host company offer for installing and configuring the certificate on the server for your website. Note that they are often called SSL Certificates.

    In terms of certificates and how to configure them it’s worth checking Google’s tips again.

    I have my HTTPS certificate, what now?

    Once you have your certificate installed on your server you should now be able to access your website with HTTPS in front of the website address, such as:

    Now you need to take some additional steps to complete the transfer and preserve your Google rankings:

    • All traffic to the HTTP version of a page needs to be 301 permanently redirected to its HTTPS equivalent. For most websites, a simple bit of code in the htaccess file like this will do the job:

    RewriteEngine On

    RewriteCond %{HTTPS} off

    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    This is quite a technical change and it’s key that it’s implemented 100% correctly. Without this it could significantly impact the rankings of a website

    • Update all hard coded internal links to use HTTPS instead of HTTP, including canonical tags, hreflang tags, images and sitemap. With most CMS systems, such as Wordpress, you can install a ‘Find and replace’ plugin to look for “” and replace it with “”. CAUTION: There is no undo function when performing a find and replace like this so you need to ensure you do it correctly. It’s always wise to make a backup of the website before doing this! You may need your developer to assist you with this
    • You may need to adjust the website setting in the CMS, such as these in Wordpress:

    • If your website is pulling in scripts, such as javascript files, from external sources, these all need to be HTTPS too as just one unsecured HTTP connection will make the entire website unsecure
    • Go through the website and check everything! Ensure that the browser shows the website as secure and that there aren’t any non-secure resources causing an issue. In Chrome you will see this in the browser bar if there’s an issue:

    • In Google Analytics you will need to update the default URL to be the HTTPS version of your website as well as any Google Adwords campaigns and in Google My Business. You should update any other paid media, email marketing and social media accounts at this stage. Note that sometimes the social sharing buttons on your web pages may show zero likes when you change to HTTPS as some networks treat them as new pages. There are some hacks around this but it’s often more hassle than it’s worth

    Making post-HTTPS migration check

    That may all seem quite a lot to go through, but the most time-consuming aspects are changing the internal links, ensuring all resources are HTTPS and getting the redirects set up and working.

    However, what happens after all of this is even more important. Over the next couple of months as Google picks up the redirects and starts ranking the HTTPS pages, you will need to be monitoring your rankings across the board and checking for any errors in search console. Errors should be addressed straight away.

    Keep looking in Search Console at least two or three times a week for any messages or errors and if you see any significant shift in rankings, traffic or conversions then go back through the list above and ensure everything is set up properly.

    If you do run into any problems you can always post your questions on UK Business Forums as there are some very experienced people there who will be able to advise and help you.

    So, as you can see, it’s not that complicated to transition your website to HTTPS. I would definitely recommend that all businesses move to HTTPS this year, so plan to do this in the coming weeks and enjoy improved Google rankings and hopefully increased sales and leads!

  2. Connexions

    Connexions UKBF Enthusiast Free Member

    924 165
    We are definitely getting more customers moving onto https, especially with the mobile version/friendly websites google are also pushing.
    Posted: Jan 25, 2017 By: Connexions Member since: Aug 13, 2008
    ChrisGoodfellow likes this.
  3. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    5,686 1,716
    Many thanks Justin for such a useful article and I'll now go through it all line by line to make sure that my site is converted correctly
    Posted: Apr 4, 2017 By: Ian J Member since: Nov 6, 2004
  4. bobrudolph

    bobrudolph UKBF Newcomer Free Member

    26 3
    While I agree that it's high time for sites to switch to https, I can't say that this sole factor would give you a boost in Google SERPs. Company representatives have stated that secure protocol itself is a weak ranking factor right now, though its importance may change over the time.
    Posted: Apr 17, 2017 By: bobrudolph Member since: Mar 10, 2015
  5. Pat Walsh

    Pat Walsh UKBF Contributor Full Member

    55 18
    I recently moved my 3 main business websites from http to https and I finally got around to doing it for these main reasons:
    1. https provides secure connection and communication between the user and the website. It won't magically make your website secure as some people think, but it's a step in the right direction.
    2. Google have previously announced https as a ranking signal (back in 2014) and it may give a slight SEO advantage over http sites.
    3. The cost barrier for moving to https is now mostly removed, as many web hosts offer free security certificates as part of their hosting package. The main cost is your time actually carrying out the process, with some preparation beforehand and some admin/testing afterwards.
    Posted: Apr 21, 2017 By: Pat Walsh Member since: Apr 14, 2017
  6. 1marinette

    1marinette UKBF Newcomer Free Member

    0 0
    this was really simple to understand. i did the lets encrypt method and to say it wasn't easy
    Posted: Jun 27, 2017 By: 1marinette Member since: Jun 26, 2017