For Professional Web/App Designers and Developers

It’s time to move your business website from HTTP to HTTPS


Using the HTTPS protocol to secure your business website is becoming increasingly important, providing assurance to visitors and a potential improvement in search visibility. Here we explain what HTTPS does and how to migrate your site.

As a business or website owner you have a responsibility not only to protect yourself but also the visitors to your website. As well as storing any user and order details securely, any communication through the website also needs to be secure as insecure connections can be intercepted and even modified by a malicious third party.

The easiest way to protect the traffic to your website is using the HTTPS protocol. The majority of websites today still use the traditional HTTP unsecured protocol, in fact, only 0.1% of websites online today are using HTTPS.

That is not many websites and it reflects the current issue with the internet and how vulnerable people are online, especially those that are less familiar with how hackers work and what makes a website or connection secure.

So what is HTTPS exactly?

There are plenty of articles online to explain this and Google’s own tips are a great place to start. Essentially, HTTPS is comprised of the traditional HTTP connection which is then encrypted using TLS (Transport Layer Security). As Google states, there are three core benefits that HTTPS provides:

Encryption: The data is sent and received in an encrypted format, so that third parties can’t listen in or steal data such as the username and password you enter on a website

Data integrity: This ensures that the data to and from the browser is not modified or corrupted, and detects if issues have occurred

Authentication: This ensures that you are communicating with the website you were intending to communicate with

These are mainly the technical and security benefits but there are also direct benefits to a business associated with a move to HTTPS.

How HTTPS helps your business

There are two main ways that having your website address prefixed with HTTPS instead of HTTP helps your business.

Firstly, a secure connection gives visitors to your website increased trust and confidence in your website when interacting or buying through it. A secure website can, therefore, lead to increased sales or leads. This is especially true in Google Chrome, the most popular browser, which will soon start flagging unsecured login pages as “Not secure”.

Eventually Google will roll out this notification to all pages on websites still using HTTP which could further negatively impact sales and leads.

And, the second main benefit to a business is that Google now applies a search ranking benefit to HTTPS sites. When Google first announced this benefit we tested it on some sites but we didn’t see any corresponding ranking benefit. However, in more recent transitions to HTTPS we have seen the benefit applied to the website’s rankings. The ranking benefit is very real:

Note, however, that ranking increases vary from keyword to keyword and it really depends on the competition in the search results. It doesn’t appear to be a very strong positive ranking signal, but it’s definitely a signal and it helps to improve overall rankings.

Where to begin to enable HTTPS on your website

There are so many guides out there to help you move your website to HTTPS and often they can be quite confusing, especially when the articles become unnecessarily technical.

What you will need are the following:
A web server (host) that can accept secure connections. Most hosts will have enabled this already

A security certificate. You will need to buy this, usually from your host, or you can get a free one from Let’s Encrypt

An hour or so to update your website and other resources accordingly, depending on the size of your website.

Let’s look at each of these in turn.

Website hosts like 123 Reg, GoDaddy and 1&1 generally already have their servers configured to accept secure connections. This shouldn’t be a concern, but it’s worth checking first in case you’re on an old server which isn’t.
Then you need to buy your security certificate. I often feel that this is an area that causes the most stress! For simplicity of implementation, the first port of call should be your web developer. They should be able to advise you where to buy it and how to get this configured on your server for your website. A certificate can typically cost £5 to £10 per month.

There is the possibility of installing a free certificate from Let’s Encrypt, which is an online initiative to prevent the cost of a certificate stopping people or businesses from being able to secure their websites. It does require some technical knowledge to implement and it needs updating every 90 days, so it’s probably best if it’s done by a web developer.

Some host companies, such as Siteground, pre-configure websites on their servers with free Let’s Encrypt certificates, which means it’s all done and you don’t have to do anything apart from make your website default to HTTPS. This is very handy indeed and it would be great if more hosts did this.
Other hosts, such as GoDaddy, Hostgator and 1and1, have options to buy and install certificates directly through them. This is often the easiest route to get the certificate installed if you are doing it yourself.

You should start by checking what products your host company offer for installing and configuring the certificate on the server for your website. Note that they are often called SSL Certificates.
In terms of certificates and how to configure them it’s worth checking Google’s tips again.

I have my HTTPS certificate, what now?

Once you have your certificate installed on your server you should now be able to access your website with HTTPS in front of the website address, such as:

Now you need to take some additional steps to complete the transfer and preserve your Google rankings:
All traffic to the HTTP version of a page needs to be 301 permanently redirected to its HTTPS equivalent. For most websites, a simple bit of code in the htaccess file like this will do the job:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This is quite a technical change and it’s key that it’s implemented 100% correctly. Without this it could significantly impact the rankings of a website.

Update all hard coded internal links to use HTTPS instead of HTTP, including canonical tags, hreflang tags, images and sitemap. With most CMS systems, such as WordPress, you can install a ‘Find and replace’ plugin to look for “” and replace it with “”. CAUTION: There is no undo function when performing a find and replace like this so you need to ensure you do it correctly. It’s always wise to make a backup of the website before doing this! You may need your developer to assist you with this

You may need to adjust the website setting in the CMS, such as these in WordPress:

If your website is pulling in scripts, such as javascript files, from external sources, these all need to be HTTPS too as just one unsecured HTTP connection will make the entire website unsecure

Go through the website and check everything! Ensure that the browser shows the website as secure and that there aren’t any non-secure resources causing an issue. In Chrome you will see this in the browser bar if there’s an issue:

In Google Analytics you will need to update the default URL to be the HTTPS version of your website as well as any Google Adwords campaigns and in Google My Business. You should update any other paid media, email marketing and social media accounts at this stage. Note that sometimes the social sharing buttons on your web pages may show zero likes when you change to HTTPS as some networks treat them as new pages. There are some hacks around this but it’s often more hassle than it’s worth

Making post-HTTPS migration check

That may all seem quite a lot to go through, but the most time-consuming aspects are changing the internal links, ensuring all resources are HTTPS and getting the redirects set up and working.
However, what happens after all of this is even more important. Over the next couple of months as Google picks up the redirects and starts ranking the HTTPS pages, you will need to be monitoring your rankings across the board and checking for any errors in search console. Errors should be addressed straight away.

Keep looking in Search Console at least two or three times a week for any messages or errors and if you see any significant shift in rankings, traffic or conversions then go back through the list above and ensure everything is set up properly.
If you do run into any problems you can always post your questions on UK Business Forums as there are some very experienced people there who will be able to advise and help you.

So, as you can see, it’s not that complicated to transition your website to HTTPS. I would definitely recommend that all businesses move to HTTPS this year, so plan to do this in the coming weeks and enjoy improved Google rankings and hopefully increased sales and leads!

About the author


Fancy you stumbling on my piece of the internet. Bonjour! My name is Hash and I’m the Blogger-In-Chief of this joint & CEO/Founder at Azoora, Inc.

I’m putting up my views here trying to help creative solopreneurs build their business using the power of websites, apps & social media, this, is, my jam.

Get in touch with me on Skype: hashmoody or drop me an email hash [at] azoora [dot] com

Add comment

By hashmoody
For Professional Web/App Designers and Developers


Recent Posts