Just recently, in 2014, Google changed its ranking algorithm to favor websites that have HTTPS encryption, and since 2018 they have been marking all HTTP websites as insecure. To redirect HTTP to Https, however, there are many types of SSL certificates in the market, but getting a cheap SSL certificate or an EV SSL certificate will keep your website on the safe side and will not be marked as insecure. Safari, Mozilla, and MS Edge have followed suit and now mark unsecured websites. Visitors to your site will feel much safer when they see the HTTPS suffix to the first portion of the URL and thus building a good rapport with your clients.
It does not matter if your website is in the business of handling sensitive information like credit cards, passwords, and so on. If your site is not SSL secured, it will be marked as not secure by popular browsers. Getting an SSL certificate also comes with its benefits, one is you get a higher search engine ranking as compared to sites without. Secondly, your website is less susceptible to cyber-attacks, and also your customers are more confident using your website.
Let us now look at the difference between HTTP and HTTPS
HTTP is an abbreviation that stands for the hypertext transport protocol. This has been the traditional form of transmitting data between a server that has the website files and a browser. Here, information is in plain text that is not encrypted in any way. This has been a significant setback because a third party can easily access the information and use it for malicious gain. That is why these websites are marked as insecure by most browsers.
It is, however, no longer a gloomy affair because the concept of encryption came along. How this works is that it encodes all data, thus rendering it unreadable by third parties. It is entirely irrelevant to them even if they get the information. The last letter S added to the protocol name that means secure; this is because all the messages shared between the server and browser are encrypted. That is https for you!
If you are looking to migrate your website from HTTP to HTTPS, here, is a step by step guide to achieving this:
1. Select an SSL certificate
This certificate is a small file that has the encryption key along with verified data on the website owner. This certificate makes it possible for your website to get an encryption connection; it is called an SSL certificate.
These certificates work the magic in ensuring your website is kept safe and sound from any harm that may be brought about by hackers.
There are three types of certificates:
- OV ( Organization Validation)
This particular certificate verifies two things; domain ownership and a legal organization that own the website. It is a bit costly and takes some time before being issued.
- DV (Domain Validation)
This is the most common type of certificate. It verifies a person requesting a certificate owns the domain and is quite cheap. It is also issued pretty quickly and with no hassle.
- EV(Extended Validation)
This is the highest level of certification. The CA does a thorough check on the governmental records of the organization seeking the certificate. It also goes a step further to check the independent business listings and will make a phone call to the applicant. These extended validation certificates take the longest time to get issued and are usually the most expensive type of certificates on the market. They are strictly for banks, big websites, and governmental projects.
2. Install an SSL certificate
After coming to the decision of what SSL certificate you want to use, check to see what your Webhosting provider has to showcase. You will be looking for the pricing and if it suits your pocket and make the order.
Additionally, here is the entire procedure of getting and installing an SSL certificate.
- Select the type of certificate that best suits you
- Get the private encryption key and a certificate signing request (CSR). This is possible in consultation with your hosting provider.
- Make the purchase of the SSL certificate from a verified vendor and upload the CSR obtained earlier.
- Upon signing the sent request, go through the verification procedure. It will depend on the category of certificate you desire (OV, DV, EV SSL certificates)
- Once the validation procedure completes, download the SSL certificate from the vendor’s site and upload it to the hosting server.
There are also other methods of acquiring this certificate in the unfortunate event your hosting provider cannot sort you out. You can:
- Buy from the certificate authority or other specialized stores dealing with SSL certificates.
- Get it for absolutely free- there is a Let’s Encryptcampaign that issues SSL certificates for free. But they are only valid for 3 months to 12 months after which you will have to renew.
3. Force using HTTPS
After successfully installing the certificate, the website is accessible to both HTTP and https. This may pose a problem because the search engine regards these as two separate websites. Thus you will have to set up a redirect.
It may take some time before your website reads https because as these pages get indexed, their HTTP version will get phased out of the SERPs, and their link will start working on the https version of your website.
4. Implement Relative URLs:
Once you enabled Force HTTPS, you will have to replace absolute URLs to relative URLs as it can cause a mixed content error in the future. The mixed content error refers to those URLs that start with HTTP instead of HTTPS. Scripts, images, videos can be run on HTTP sites that need to fix. When you use a relative URL, the browser will add protocol and domain name to the web address. If you have a website with multiple links, then you need to start implementing relative URLs before SSL installation.
5. Settings Up 301 Redirects:
You should set up 301 redirects to redirect users and search crawlers as it will show the search engine that the page permanently moved to HTTPS. Here, we take the Apache server, and for that, you need to add codes to .htaccess file that can found in the website’s root folder. It would help if you went to Admin Panel>> settings>> check the “Show hidden file” box. Keep a backup of this file before any alteration.
You need to add the below code to .htaccess file. Replace https://example.com with your website address. Once it is done, check the website address with HTTPS in the browser.
6. Update Google Search Console
After setting up the redirect, the HTTP will still be ranking on Google. You need to index and crawl them so you can replace them with https. This can be done by uploading an updated version of the XML sitemap to Google Search Console. Also, you can add your https website to GSC, and that will verify the website ownership.
7. Debug your Website
After setting up the redirects, it should be smooth sailing, but it is always a smart move to run a site audit before launching the website. There are plenty of audit tools on the internet, and they are mostly free. Here are some things to look out for:
- https should not block by robots.txt or meta no-index tags
- Pages are not supposed to return mixed content errors.
- Existing pages should return the 200 status code
You should debug the error if you saw any of the above.
It is paramount to keep your website safe and secure and even more important to keep your clients’ data safe and secure. If you follow all the above steps, you will swiftly migrate to https without losing any traffic.