How to Move to HTTPS in 12 Hours Without Losing Organic Traffic
Moving everyone to a more secure web was one of the main Google's objectives of the last few years. If in 2014-2016 there were doubts as to whether moving to HTTPS worth it, in 2019, it is a must.
If you still using HTTP being afraid of rankings drop and traffic loss, keep reading this post. As I'm going to show you how to migrate to HTTPS in half a day without waste.
If you still using HTTP being afraid of rankings drop and traffic loss, keep reading this post. As I'm going to show you how to migrate to HTTPS in half a day without waste.
Why HTTPS?
Using HTTPS means to be secure and trusted as it guarantees protection of the privacy and integrity of the exchanged data. Moreover, trying to encourage people to move to HTTPS, Google offers some significant benefits like indexing HTTPS websites firstly and marking HTTP sites that collect sensitive information like passwords and credit cards as non-secure. The algorithm I'm going to describe includes 4 main steps, let's start.
Preparatory phase
Before you start moving to HTTPS, I strongly recommend you to replace all internal absolute paths on your website by relative ones. Thus, for example, the link to this article
https://serpstat.com/blog/how-to-move-to-https-in-12-hours-without-losing-organic-traffic/
should be replaced with/how-to-move-to-https-in-12-hours-without-losing-organic-traffic/
If there are remarketing tags or different scripts on your site, you have to change their paths to relative ones with domain name but without https, i.o.
//serpstat.com/blog/how-to-move-to-https-in-12-hours-without-losing-organic-traffic/
The same works for the media content.
https://serpstat.com/blog/how-to-move-to-https-in-12-hours-without-losing-organic-traffic/
should be replaced with/how-to-move-to-https-in-12-hours-without-losing-organic-traffic/
If there are remarketing tags or different scripts on your site, you have to change their paths to relative ones with domain name but without https, i.o.
//serpstat.com/blog/how-to-move-to-https-in-12-hours-without-losing-organic-traffic/
The same works for the media content.
This step takes approximately 5 hours:1 hour for writing a technical task and 3-4 hours it takes to programmer to implement this.
Choosing the SSL-certificate
Don't use free SSL-certificates as it's insecure, which is exactly the opposite of what we intend to do. The browsers may warn your visitors that the website's security certificate is not trusted:
There are three types of SSL-certificates that offer 3 levels of user trust:
1
Domain Validation — is the first-level certificate and the most common one. Certificate Authority confirms your rights on using this domain name. It's given for one domain thus if you decide to change domain name, you'll have to pay again. The average price is $10-$30 per year. To order a certificate, contact any certification center (i.o. Comodo or Symantec).
2
Organization Validation — CA checks whether you have a right to use this domain plus it conducts some vetting of the organization (may check mentions in the press, Whois info, сertificate of state registration). The average price is from $40 to $300.
3
Extended Validation — the third level certificate. Obtaining this type of certificate requires verification of the requesting entity's identity by CA. Here certificate authority conducts a thorough vetting of the organization defined within EV guidelines. It's all to get the green address bar in all major browsers. The average price is $120-$300.
Certificates are also classified by functionality:
We used the common one. You should have no trouble moving to HTTPS as hosting sites usually help here. But, unfortunately, not all hosting providers support HTTPS, thus some domains have to change the hosting provider. Note if you change the hosting while moving to HTTPS, the website will be available at the old ip address. Thus you have to set 301 redirect to the new one. Double check whether the certificate is installed correctly. There are tons of services to help you here. Besides performing a deep analysis of the configuration of the SSL web server, they also give recommendations on how to correct the existing errors. We used SSL Server Test.
- Common certificates;
- Wildcard certificates — are used to install HTTPS on subdomains;
- SAN certificates — used for several domains.
We used the common one. You should have no trouble moving to HTTPS as hosting sites usually help here. But, unfortunately, not all hosting providers support HTTPS, thus some domains have to change the hosting provider. Note if you change the hosting while moving to HTTPS, the website will be available at the old ip address. Thus you have to set 301 redirect to the new one. Double check whether the certificate is installed correctly. There are tons of services to help you here. Besides performing a deep analysis of the configuration of the SSL web server, they also give recommendations on how to correct the existing errors. We used SSL Server Test.
Hooray, your website is already secure, but it's not the finish yet.
This stage took us 30 minutes.
How not to lose traffic while migrating to HTTPS?
Update your robots.txt file
Add HTTPS to your domain name to the host and sitemap lines:
Host: https://site.com
Sitemap: https://site.com
Host: https://site.com
Sitemap: https://site.com
Google Search Console
As your site is now running on HTTPS, you need to create a new Google Search Console profile. Then, you need to update the sitemap.xml file, set the region if necessary. And don't forget to update the links at the disavow tool if required.
Set 301 redirect
Setting 301 redirects (permanent redirection) is probably the most crucial step while moving to HTTPS. Failing this, your site will be available both at HTTP and HTTPS versions, and as you know, two completely similar duplicates is one of the worst things you can do for SEO.
If you don't want your site to drop out of SERPs overnight, don't miss this step. Double check whether all page types are redirected to HTTPS (filter pages, product pages, categories, website search results pages and etc). Note that robots.txt and sitemap.xml files must be available both at HTTP and HTTPS. While setting redirects you can exclude robots.txt file at htacess using this:
RewriteCond %{REQUEST_FILENAME} robots.txt$ [NC]
If you don't want your site to drop out of SERPs overnight, don't miss this step. Double check whether all page types are redirected to HTTPS (filter pages, product pages, categories, website search results pages and etc). Note that robots.txt and sitemap.xml files must be available both at HTTP and HTTPS. While setting redirects you can exclude robots.txt file at htacess using this:
RewriteCond %{REQUEST_FILENAME} robots.txt$ [NC]
Time spent: 30 minutes.
Website edits
Seems you've done everything possible and it's time to wait until search engines will re-index your website. But in reality, no matter how hard you try to prepare your site for moving, you'll face that some links are still available at HTTP. In our case it happened with the links at link rel="canonical", thus all website pages were referred to 301 redirect. The same happened with the absolute pagination links. Note, if your website has several language versions, replace
"<link rel="alternate" hreflang="ru" href="http://site.com/" />"
by
"<link hreflang="ru" href="https://site.com/" />"
Although all mentioned steps are completed, you still may see a warning at the address bar. Most likely, it has to do with the scripts that parse data from pages. Replace the links on these pages by the relative ones without protocol. Then check whether all existing pages response 200 code and all non-existing 404/410 ones. That's finally it! Relax and wait until search engines will re-index your website.
"<link rel="alternate" hreflang="ru" href="http://site.com/" />"
by
"<link hreflang="ru" href="https://site.com/" />"
Although all mentioned steps are completed, you still may see a warning at the address bar. Most likely, it has to do with the scripts that parse data from pages. Replace the links on these pages by the relative ones without protocol. Then check whether all existing pages response 200 code and all non-existing 404/410 ones. That's finally it! Relax and wait until search engines will re-index your website.
5-6 hours spent: 1 hour for writing a technical task and 4-5 hours for implementation.
Our results
Using this method we moved the website dealing with the seeds sales to HTTPS. The work was finished at February, and as you may see the visibility did not drop but rather grew up.
The same with organic traffic:
Hope this piece of content was useful for you. Don't hesitate to ask is you have any questions ;)
Found an error? Select it and press Ctrl + Enter to tell us
Discover More SEO Tools
Backlink Cheсker
Backlinks checking for any site. Increase the power of your backlink profile
API for SEO
Search big data and get results using SEO API
Competitor Website Analytics
Complete analysis of competitors' websites for SEO and PPC
Keyword Rank Checker
Google Keyword Rankings Checker - gain valuable insights into your website's search engine rankings
Recommended posts
Cases, life hacks, researches, and useful articles
Don’t you have time to follow the news? No worries! Our editor will choose articles that will definitely help you with your work. Join our cozy community :)
By clicking the button, you agree to our privacy policy.