In 2017, Many Web Designers, webmasters, Bloggers thinking to migrate their blog or website from HTTP to HTTPS. In Article we will cover How to Migrate to HTTPS Without Losing Website Natural SEO?
If you intend to redesign your site, the question of switching it to HTTPS or not should arise, especially from January 2017. A site migration is already a delicate step from the point of view SEO, and it is not Rare to see disasters when the issue of SEO is not properly controlled. And if we add to this a migration from the HTTP site to a secure version (HTTPS), we must be doubly careful, otherwise, we lose our SEO.
Through this guide, I will give you the necessary steps to properly migrate an HTTP site in HTTPS so SEO friendly way. But before going straight to “how”, let’s make a little point about the definition of HTTPS and why HTTPS is important to Google and your natural SEO.
Definition of HTTPS, SSL, and TLS
The HTTPS protocol is the same communication protocol as the HTTP with the ready difference that the information flows on a Transport Layer Security (TLS). You may have already heard of SSL certificates, and the TLS (version 1.2 currently) replaces the SSL (SSL 3.0 is the latest version) because it has vulnerabilities and was recently disapproved by the IETF in 2015. Currently, the use of the phrase “SSL certificate” is often an abuse of language.
Moreover, Recent browsers display in the URL bar, a padlock or HTTPS barred with a security warning when the website uses these old SSL protocols.
We’ll also see how to disable SSL at the server level.
The green lock of an HTTPS site indicates that the information is not altered between the server and the browser and that the TLS certificate of the site is validated by a trusted third party. A right click on the padlock allows you to have more details about the authority that issued the certificate and the security of the connection. Most authorities issuing security certificates are charged but there is an open source project Let’s Encrypt which issues free certificates. Since its launch in 2015, it has already delivered more than 5 million certificates thanks in particular to the massive deployment by big boxes like WordPress or Akamai.
Why is HTTPS so important to Google?
At the annual Google i / o conference in June 2014 , Google encouraged webmasters to upgrade their site to HTTPS. They started with their own services like Gmail, Google Calendar to secure their data. Simply go to Google Dashboard to see the confidential data they have and the need to secure that data.
But they want to go further, and secure access to the web sites of the world since their search engine. So, in August 2014, Google announced that the HTTPS represents a positioning signal , and since then it has consistently encouraged webmasters to migrate their site to HTTPS.
The effects of this HTTPS boost, so far, are hardly visible, but what is certain is that Google’s campaign to run since more than 30% of the results on page 1 of Google are in HTTPS. (See the moz study )
In addition, 60% of the pages loaded on browsers are in HTTPS (see the study on the use of the https protocol ):
But the best is coming, Google announced that as of January 2017, the browser chrome would report unsecured sites in several steps:
- Initially, non-HTTPS sites that pass passwords or credit cards will be reported as “unsecured” in the address bar.
- Then, it wants to penalize all sites when navigating in “private navigation” mode, assuming that users who navigate in this incognito mode are more demanding in terms of confidentiality
- And later, he wants to mark all HTTP sites, without exception.
What push grow more and more the sites to pass in HTTPS, they are smart in google anyway 😉.
Good reasons to migrate to HTTPS
In fact, migrating to HTTPS is not only important for SEO but also for these reasons:
- Security: Well, yes, it’s still the main reason, especially at a time when attacks are increasing, not just on big sites. Even if a site is never immune from a security threat, a well-configured HTTPS site is always safer than an HTTP site and less easily hackable. A pirated site is harmful for your traffic, your turnover, your image and for your SEO if a malware is detected by Google.
- Retrieve your referral traffic: On your analytics, as sites pass HTTPS, referral traffic from these sites passes into direct traffic instead of being counted as referral traffic. Passing your site to HTTPS will reassign traffic from HTTPS sites to referral traffic and not to direct traffic.
- E-reputation: If the brand image of your site matters to you, the little green padlock is more confident (litote) than an exclamation point or soon the marking of your site in “insecure” on Chrome.
- The SEO positioning boost:
The direct effect of the HTTPS on the ranking in the results pages is quite low, on the order of a few percent if one believes the study of searchmetrics. At least for now, it’s possible that the boost in Google results will be more important in the future.
- The indirect impact on your SEO . Imagine the behavior of the visitor who comes to your site, who sees a warning from the browser that the site is unsecured, chances are he will return to Google. This type of behavior (pogosticking) is detected by Google, and these usage criteria are, however, directly in the algorithmic criteria of Google. (For more information , see this article on Google and the user experience ).
I would go even further, the visitor may even click on your site from the results page because it is a good bet that Google, eventually, reports unsecured sites as early as the SERP. Besides, I do not know if you’ve noticed, but Google already distinguishes HTTP urls from HTTPS urls in its results pages:
When is the next step? An HTTPS label?
SEO friendly steps to migrate a site to HTTPS
Well, after this preamble that seemed to me indispensable, longer than expected but hopefully interesting, we finally arrived at the main topic of the article which is “How to migrate in HTTPS without losing its SEO? ”
- Install the certificate: buy a paid or free certificate (let’s encrypt), send the requested information (public key, ..) and install it on the server
- Activate HTTPS on your server: To configure your vhost file, there is the excellent SSL config generator tool . Simply indicate the version of your server, the list of cyphers desired (I recommend the list of intermediate cyphers >> see the following point), and it will give you the lines to copy / paste on your host file. This configuration given by the tool will in addition to disable the SSL protocols which are vulnerable as seen above.
- Choose the correct list of cyphers: The cypher is a cryptographic suite that allows to establish a secure exchange between the client (browser) and the server. A client, depending on the operating system, browser type (ie, firefox, chrome, ..) and its version, supports different cyphers more or less secure. The more recent the browser, the more robust the supported cyphers. The server also accepts a list of cyphers, preferring the most robust first to the lowest. There are 3 lists of cyphers with different levels of compatibility that you can choose from in the SSL config generator tool: modern, intermediate, and old compatibility.
The intermediate level, which I recommend, allows to have a good level of compatibility with more than 97% of compatible browsers, but it also means that some old browsers (<3%) will not be able to access your site.
It is a matter of balance between security and compatibility. The “modern” level allows a high level of security but a lower compatibility, whereas the level of cypher “old” is ultra compatible but safe month, the latter is also reported by recent browsers as “obsolete Cypher “and you will not have the green padlock on recent browsers. More details here
- Update your HTTP content to HTTPS: Everything that is in HTTP must make the transition in HTTPS, that is to say the internal links (where pass in the relative urls), your images, your scripts, your CSS, your canonicals , Your advertisements (adwords, display, ..), your third party services, your social sharing buttons, your opengraph markup, schema.org, your CDN, your RSS feeds, the inbound links you have control Social profiles), …
- Activate the new HTTPS site on search console: In order for Google to easily take account of the new HTTPS site, it is necessary to activate a new property for this site, which is different from the HTTP site. Take advantage to send a possible link disallow file on this new property. Warning, do not use the “change domain” option on the old search console, this is not a change of domain but a change of protocol is different.
- Send the new HTTPS sitemap: On the new search console property, send the new sitemap with the urls to HTTPS. You can leave the old sitemap of HTTP urls on the old search console property for a month, this will make it easier to take redirections into account by Google.
- Redirect HTTP urls to HTTPS urls: Essential for HTTPS urls to take the place of HTTP urls in the Google index. Here is the doc to do it on apache . For faster indexing, you can also force indexing of your most important pages by going to search console / explorer like google / requesting indexing.
- Test your new HTTPS site: You have to run a site crawl to make sure that all the resources are in https, and even do it before migration ideally. It is also necessary to launch a crawl of old urls and verify that they are redirected, without ideally redirecting chains (ex: 301> 301> 301> 200). This is all the more important for visiting urls, and thus ensures that they do not lose traffic.
Also test the validity of your certificate with this SSL labs tool , for example. At this point, the risk is to have urls that have the https barred in the address bar, this means most often that you still have http resources that are called on your pages.
- Follow-up after migration: On search console, you can follow the indexing report, the error report and check that everything is going well. Track your traffic on your analytics tool, if you have worked well, you should not see a drop in traffic and even expect a hike, eventually.
I hope this HTTPS migration guide with these good SEO practices has pleased you. If you are performing a site redesign or you want to change domain, I think it is essential to switch to HTTPS. In other cases, you should think about it quickly as unsafe sites become more and more disadvantaged.
In addition, switching to HTTPS is a prerequisite for switching your server to HTTP2. It is a “new protocol” that greatly improves the performance of the site and that I will surely make an article.
And you are ready to migrate to HTTPS?