Why is it crucial?

A few years ago only those developers implemented HTTPS on every site who were obsessed with security. As an SEO consultant, for a long time, I advised my clients not to use HTTPS on simpler websites. I believed applying it on admin panels was enough.

But times are changing, and data security has become extremely important. Google also prefers safer websites now and started to use HTTPS as a ranking factor.

Therefore from the beginning of 2017, I advise every client to move their website to HTTPS, if it collects user data through contact forms, order forms, or subscription pages.

Switching to HTTPS is not without risks though. And if it is not implemented appropriately it could lead to a significant drop in traffic.

A temporarily drop is going to happen even if you don't make technical errors while moving your site to HTTPS, but in this case, your traffic is going to return to normal levels soon, and in the long run, the pros of switching will definitely outweigh its cons.

How to migrate from HTTP to HTTPS

Below, you can find the steps, that I believe you should go through If you've decided to secure your site with HTTPS. Complete them in this order, for the best effect.

  1. First, you should prepare your server for handling the HTTPS requests.

  2. Using HTTPS protocol might slow down your site. As download speed could affect your rankings, this is definitely something that you should be aware of. Register your site at https://secure.webymon.com, to be able to measure fluctuations in your download speed caused by the protocol change.

  3. You should also keep an eye on your most important keywords, during the shift. If you register at https://secure.positionminer.com/login/ , you'll be able to monitor the position of every significant term, that your site ranks for.

  4. The next step is to verify that, the SSL certificate on your web server is installed correctly. You can easily test this with SSLShopper (https://www.sslshopper.com/ssl-checker.html ).

  5. Once you checked the installation and set up the measurements it's time to switch over to HTTPS. Redirect the whole site to HTTPS using 301 redirects. Make sure that the static files on your website are also served with the HTTPS protocol, and there are no elements on your site that are partially served with HTTP.

  6. Verify the 301 redirects as well. You can use Waudio to run the required tests and to check the HTTP Response headers (http://redirect.waudito.com/).

  7. Soon after you've completed the redirects, you should take a look at the changes in download speed with WebyMon. Slowing down with 30 or 40 msec is completely acceptable, but if your site is slower with more than 200 msec, than it used to be then something probably went wrong, and you'll need to find the cause of the errors.

  8. Also, try to get an overview of the shifts in your rankings at this time, with Positionminer, and find out whether you improved or fell back due to using a new protocol.

  9. Redirect errors and broken links can hurt the performance of any website, and a large number of them can appear after moving to HTTPS. Use StiemapExpert (https://secure.sitemapexpert.com/) to scan your whole site for these kinds of errors.

  10. Don't forget to change your robots.txt file, if it is required. Make sure that the URL of your sitemap.xml file also starts with https, and that, the location of the correct version is included in the robots.txt file.

  11. Also, take a look at your sitemap.xml file, and ensure that the HTTPS version of your URLs are listed in it.

  12. If everything seems to be working properly, and you set up the new sitemap, register the HTTPS version of the site, and delete old version in Google's search console.

  13. You will also need to change the type of tracking to HTTPS in Google Analytics, Findgore and other analytical tools that you use.

  14. And make sure that the marketing automation programs, that are connected to your site are still working properly.

  15. Finally,it could be a good idea to check your subscription forms and order forms as well, in order to avoid any chance of errors.

Where it could go wrong

While I believe that each of the steps, I listed are equally important, you'll need to take extra care when dealing with some of them.

The most important thing is to make sure that the settings of the certificate are appropriate.

You can spoil an expensive certificate easily, while it's also possible to achieve A+ values with a free one. Besides SSLShopper also check your certificate's setting with SSLLabs (https://www.ssllabs.com/ssltest/ ), just to make sure that everything is working correctly.

The proper 301 redirects are also extremely important. Don't forget about going through every page with wAudito Redirect Checker (http://redirect.waudito.com).

Many people also forget to change protocols in their marketing automation and analytical tools. Don't do this.

Log into each one of the apps that you use, and ensure that you are tracking the right pages and that you are directing visitors to the correct version of your site.