Learn why and how to migrate your site to HTTPS – WAU
Migrating your website to HTTPS is very important for the security of your website. Understand everything about this process in this post in an uncomplicated way!
Internet purchases are increasing every day. As a result, users’ concern for their own security also grows.
On the one hand, people are increasingly willing and searching for goods and services online. On the other hand, everyone wants to ensure that their information – such as personal data and credit card numbers – will not fall into the hands of malicious individuals or institutions.
In this scenario, it is essential that website owners do their best to reassure their users and to show them that the website is, in fact, a protected place to browse and make transactions.
That’s where the online certifications, such as HTTPS, which has the function of making your site more secure, in addition to contributing to the website’s own performance.
From now on, you will be able to understand everything about HTTPS and learn how to add this certificate to your website. Follow!
What is HTTPS?
It is a secure hypertext transfer protocol. The name sounds complicated, but in practice it is easy to understand.
HTTPS adds a extra security element to the already known HTTP. That is why, if you notice, countless websites and portals have already migrated to the new modality.
HTTPS uses encryption, protecting the confidentiality and integrity of the data between the user’s computer (visitor) and the website.
In other words, it means that only these two ends are communicating and are able to decode what is being transmitted. This greatly reduces the chances of an attacker intercepting the data sent.
Which sites should migrate to HTTPS?
Contrary to what some people believe, HTTPS is valid for all types of websites, not just for e-commerce. This is because, in addition to security itself, it contributes to other factors that we will see below.
How do I know if a website uses HTTPS?
In addition to the “https: //” in the navigation bar, sites with HTTPS usually have a green padlock next to the address.
Why migrate your site to HTTPS?
The number 1 reason for migrating your site to HTTPS – using the SSL certificate – is, as already mentioned, the security of the site. For e-commerces it is essential to be certified to process credit card payments.
For other sites built on WordPress, HTTPS brings more security to the login page.
Have you ever imagined having your blog login data discovered? The damage can be huge.
In addition to being secure, it is also important that the website transmits this security to users. That is where the question of credibility comes in. Sites with HTTPS display the green lock in the address bar, conveying professionalism and confidence to visitors.
Increasing the speed of the site is a little-publicized benefit of using HTTPS, but it is also present.
Matt Cutts, Google’s software engineer, announced in 2014 at Google Webmaster Central that HTTPS can benefit the ranking of websites (SEO) in the search engine. The fact is that, among survey leaders, most sites have already adopted the protocol.
How to migrate your site to HTTPS
Step 1: Buying an SSL Certificate
You can buy the certificate directly from the company responsible for hosting your website (but you can also buy from other hosting companies).
There are a few different types of certificates and the choice will depend on your needs. For e-commerce and EAD platforms, it is recommended to buy certificates with Organization Validation – fully authenticated.
Step 2: checking the compatibility of your website features
One of the important steps of the migration is to make sure that the site will continue to function properly after the move. For this, it is necessary that all external resources that your website needs to operate can be served under HTTPS protocol.
Step 3: organizing the migration
The complexity of the migration depends a lot on the size of your site, that is, on the number of existing pages. A small website can be migrated at once.
However, depending on the number of existing URLs, you can choose to migrate in parts. For example, starting with specific subdomains or with the most important areas.
It is also possible to enable the HTTPS protocol without disabling HTTP. In that case, you can use Canonical Tags to avoid duplicate content.
Remember that you will end up losing social media metrics, such as the number of shares and likes of posts.
Another point to be taken into account is the time of migration. This naturally varies from market to market. In general, especially for e-commerce, it is preferable to avoid migrating the site on promotional dates.
For many companies, weekends or long holidays are periods of less access and allow for smoother migrations.
Anyway, prepare your psychological (and that of your team), as there can always be some unforeseen or delays. This guide serves precisely to minimize unexpected situations.
Step 4: enabling the HTTPS protocol
After organizing and planning the migration, it is time to enable the new protocol (HTTPS).
With the protocol working and with the correct implementation of all settings, it is now possible to access the site through HTTPS. For this, it is necessary to check if the SSL certificates are installed correctly.
To test, you can leave the two protocols running in parallel for five to ten minutes, both HTTP and HTTPS. After verifying that everything is correct, you can now migrate permanently.
Step 4: updating resources for HTTPS
Is the site running on HTTPS? Great!
Now is the time to update internal links and resources. The goal is to organize the architecture of the site, making it as lean as possible and facilitating the work of search engines.
This means avoiding redundancy of redirects, for example. In this step, take the opportunity to check the Canonical Tags, as already mentioned. Google thanks you and your site’s SEO too!
After updating the internal links, it is also important to pay attention to external resources. This update will ensure that your site maintains load times. That’s because, again, you will avoid redundant redirects.
After checking and updating all internal links and external resources, you can still test the certificate’s implementation on the server.
This test allows you to identify potential adjustments to be made, such as browser support restrictions.
You may also be interested in these other content!
How to change your WordPress URL: 4 quick methods!
URL Builder: learn how to create a crawlable URL!
Step 5: adding the new version of the site to Google Search Console
You may have noticed that Google Search Console considers versions with and without “www” as two different sites, requiring ownership verification on both. The same is true for the HTTP and HTTPS protocols.
Therefore, you’ll need to add the HTTPS version to Search Console and verify your ownership. To do this, just follow the instructions on the Google platform itself. When moving your site to a new property in Google Search Console, you’ll also need to update any settings.
No less important is the creation of an XML Sitemap for the new URLs, that is, those with HTTPS.
The XML Sitemap helps to speed up the crawling and indexing of your website pages by Google and other search engines, making it an important part of your SEO (take advantage and see our Definitive SEO Guide).
But be careful: it is recommended to stick with the XML that contains the HTTP URLs. So, instead of removing it, just add a new XML Sitemap with HTTPS URLs and upload the file to Google Search Console.
Step 6: enabling HTTP / 2 and HSTS
HTTP / 2
Once you have the HTTPS protocol working, you can now use a new feature that increases the loading speed of your website: HTTP / 2. In fact, most modern browsers already support this format, but only when the site has HTTPS.
While HTTP / 2 can help a lot in the loading speed of your website, HSTS seeks to prevent redundancies in requests made to servers that operate only on HTTPS. This is an advanced feature that can be used by your webmaster, as it is highly unlikely to be reversed once installed.
Step 7: redirecting HTTP content to HTTPS
When migrating a website to HTTPS, it is important to map the URLs that were accessed by the HTTP protocol and redirect them to HTTPS. In this step, you should pay attention mainly to the most accessed pages of the site (those that receive more organic traffic). See if they are being redirected to the new URL (in HTTPS) using code 301.
Usual difficulties when migrating your site to HTTPS
As previously mentioned, it is common that during the migration, not everything goes exactly as planned.
If unforeseen events occur, the best thing to do is not to lose your mind. Migrations involve several variables and it is essential to remain calm in order to finish the job correctly.
However, so that you can prevent yourself and be aware of unforeseen circumstances, it is useful to know what are the most common difficulties and problems to be encountered in migrations from HTTP to HTTPS.
The first common problem occurs with some website owners who, for some reason, decide to reverse the migration, returning to HTTP. In such cases, it is common to remove the SSL Certificate when returning the site from HTTPS to HTTP.
However, this must not be done: once installed, the certificate must always remain active.
The second problem is having a request to remove URLs, either in the HTTP or HTTPS protocol. Removals affect both protocols. So, if you’re going to request URL removals, keep that in mind.
The third common problem is to use 301 redirects on the pages and forget to change the Canonical Tags. This makes it difficult for search engines to work and can end up damaging your site.
Other changes and updates you might consider
Google Analytics update
In addition to updating Google Search Console, you are likely to want to update your Google Analytics with the new protocol. After all, for the tools, it’s like this is a new website.
Within your account, you can access the “Admin” part and the settings. There, just change the URL to the HTTPS version. The same can be done in the property settings. So you don’t lose any history and can start analyzing the data right where you left off.
Update your Disavow file
This is a step recommended only for experienced webmasters. However, if as a site owner you have suffered from negative SEO and had to remove a backlink, it is likely that your webmaster used a Disavow file.
If this has been done at some point, you will need to update the file within the new configuration. Otherwise, the next time Google’s algorithm crawls your site, it won’t see the Disavow file and you’ll have problems with negative SEO again.
Conclusion: is it worth migrating to HTTPS?
Surely the migration to HTTPS can bring countless benefits to your website.
If everyone is migrating today, this will be a question in a while. So, the question remains: should I migrate myself or is it better to hire someone?
The answer to that question depends on how familiar you are with the technical part of your website.
For those who are not programmers, it is valid to hire a specialized professional to perform the migration. However, it is still important that you know the necessary steps so that you can protect your content and make the migration as smooth as possible.
Migration can be more complicated for online stores and for tracking metrics. So, if you have an e-commerce, it is essential to integrate your Analytics with your website, right? Download our Google Analytics e-commerce ebook and learn how!