It has now become obvious that all websites should move from HTTP to HTTPS, especially now that Google Chrome has started delivering warnings within the browser when visiting unsecured websites. Whilst most of the work will be done by your web design company, it is extremely important that whoever deals with your SEO knows the details and checks everything from CMS settings to the config file redirects.
So that you can track the progress, here is a simply step-by-step guide:
Step 1: Backup your website
Yes this is obvious to everyone but you shouldn’t just have a backup. At JKA we recommend having a backup on another server or even your PC or Mac. Don’t forget to backup the Database too.
Step 2: Buy a certificate and install it
There are numerous ways to buy certificates and most of the time we recommend simply using the company who host your website. However, you can actually get a basic certificate for free. We have done this ourselves quite often via Let’s Encript. This is quite straight forward and sometimes this is built into your hosting control panel.
It is normally quite simple to install certificates but sometimes you will need to add files to your website home directory. However, the certificate suppliers normally have a step-by-step process for this.
Step 3: Updating your website URLs
When you first install your certificate you will load your website as normal and nothing will be different. However, when you visit the https:// version of your website although your website will load it may show as Not Secure.
When you first load your website, as https, it won’t display the green padlock to show that it is secure. This is because, although you have a certificate, you haven’t secured your website properly, or to be more specific, you are still loading non-https pages (http pages).
There are different ways to address this depending on your website platform:
Step 3a: Static Websites
If you have a website that doesn’t use a database – such as a basic html/htm website then you have to simply search and replace all instances of http:// with https://. Packages like Dreamweaver make this very easy.
Step 3b: WordPress Websites
It’s no secret that WordPress is our favourite website platform, and with good reason. Website amendments like this are a prime example of why.
There are 2 changes to make here:
Firstly, visit Settings -> General. Here you can replace http:// with https:// on your WordPress Address (URL) and Site Address (URL)
The next step is to replace all instances of http with https. The best way to do this is to add the plugin Better Search Replace and run a “Search/Replace” on all tables.
Step 3c: Other Content Management Systems
Here you will need some tech knowhow, because you will have to access the website database – normally via SQL – and run a search and replace in all of the tables. Replacing http:// with https://
Once Step 3 is complete you should see a lovely green padlock….
Step 4: Bye Bye HTTP
Although you have a fully working HTTPS website, you need to let everyone know. Yes you guessed it, it’s 301 redirect time. This is normally done via the .htaccess file and has code similar to this:
Step 4: Update Analytics
Now you need to let Google Analytics know that your website is secure. This is done by logging into Analytics and visiting Admin -> Property Settings. Here you can change references from http to https. This will ensure the tracking is smooth.
Step 5: Add Google Console
The last step is to login to your Google Console account and add your new HTTPS website in the same way that you added the http website initially. Once this is done you can visit the http website in Webmaster Console and redirect it to HTTPS.
Other areas to consider…
Sometimes that will be the end of the transfer. We hope this isn’t the case, however, as it would mean that you haven’t been following our advice over the years!
Other areas where you will need to make changes, include:
- Google AdWords (Google Ads) URLs in the Ads
- Social Media Company Information
- Any important links coming into your website. Actually where possible you should visit all links to you website and change them to HTTPS to save them going through the redirect, where possible.
- Any other advertising – AdRoll etc