According to Google, there are several benefits that go with making the transition from HTTP to HTTPS for website migration. The most important benefit is protection. Data that is sent with HTTPS are protected by the Transport Layer Security protocol (TLS). This provides three significant levels of protection. Most marketers, however, are unaware of the process of how to move from HTTP to HTTPS.
How To Move From HTTP to HTTPS in 25 Steps
Encrypting exchanged data in order to keep it secure is the first level of protection. This essentially means that a user is protected from eavesdropping while they are browsing a website, and their information and activity cannot be tracked or stolen. Data Integrity ensures that corruption or modification of transferred data cannot occur, either intentionally or unintentionally, without being detected. The third level of protection is Authentication, which provides evidence that your users are communicating with the intended website, building trust with the user, and adding the potential of further business benefits.
Making the Switch
The process for switching from HTTP to HTTPS can be pretty extensive, but if you follow the following checklist, it can become much less of a hassle than need be. Be sure to have all necessary guides with you before starting the process.
1. Begin with a test server – this helps ensure you have a plan of action without making any crucial mistakes in real time, and that everything has been tested before the transition.
2. Browse (crawl) the current site to compare it with changes later on.
3. Read any and all documentation involving your CDN or server for HTTPS.
4. Install a security certificate on the server; your hosting environment and server set up will determine how you should go about this.
5. Update references in the content, as well as template references for links, images, scripts, ect. for HTTPS.
6. Check that your canonical tags are updated (some systems do this automatically).
7. Check that your hreflang tags (if you use them) are updated.
8. Check for insecure content in your plugins, modules, and/or add-ons to ensure nothing breaks.
9. Change CMS-specific settings, if necessary.
10. Browse (crawl) back through the site and check for missed links; double check that nothing is broken.
11. Make sure all required external scripts support HTTPS.
12. Use redirects to force HTTPS.
13. Remove lost links from redirects, and update older redirects still in place.
14. Crawl for broken redirects or chains among old URLs.
15. Update your site map with HTTPS versions of the URLs; include the new site map in your robots.txt file update.
16. Enable HSTS and OCSP stapling – this ensures the browser uses HTTPS and enables the server to check if security certificates are revoked, and not the browser.
17. Add HTTP/2 support.
18. Add the new HTTPS version of site to all search engine versions of webmaster tools you use; load these with the new sitemap that is already adjusted for HTTPS – you DO NOT need to use the Change of Address tool for this.
19. Update your disavow file (if you used one) for HTTPS.
20. If you had your URL parameter settings configured, make sure they are also updated.
21. Go live with the website.
22. Update the default URL in your analytics platform to ensure you are tracking HTTPS properly.
23. Update social share counts; some will do his automatically using APIs.
24. Update paid email, marketing automation campaigns, or other media for HTTPS versions of the URLs.
25. Update any remaining tools, including A/B testing software and keyword tracking for use in HTTPS, and monitor everything during migration; double and then triple check just be safe before you get started.