Moving WordPress blog from HTTP to HTTPS safely

Moving your website from HTTP to HTTPS is very similar to migrating your website to a new URL structure, or a new domain. In my experience, there’s so many things that can go wrong if the migration isn’t handled efficiently, which can have a detrimental impact on a website’s rankings. To avoid as little disruption as possible to your search engine rankings, you should ensure you plan each stage of the migration in detail, as I’ll go on to explain.

Firstly, you’ll need to choose the right level of certification for your website (i.e. 2,048 bit certificate) from an accredited/trusted provider. You’ll find a detailed explanation of all the different levels of certification here. One thing to note is that you’ll only get the green padlock bar in the browser if you install an extended SSL certificate. Most providers include a free installation service with the purchase of an SSL certificate, so the initial stage is often taken care of.

Once you have installed an appropriate SSL certificate for your website, there are a numerous steps you’ll need to take to ensure your website functions as it should, and that search engines are made aware of the change in your site structure.

ssl ceritficates

1. Check Internal Links

Ensure all your internal links point to the new HTTPS URLs – this includes navigation/menu links, images, css references on the website etc. If the website still references http files, it will break.  On WordPress websites, it is often just a case of doing a find (http) and replace (https) in the database to resolve this issue.

2. Change External Links

Ensure any external links and local directory listings are edited to point to your new HTTPS website, including links from your social media profiles.

3. Check Canonical references

Ensure that all rel=canonical references point to the new HTTPS version. Once you move over to HTTPS these tags often still point to the HTTP version, leading to Google becoming confused over what page should be indexed.

4. Implement 301 redirects

Ensure that you implement a permanent 301 redirect on a page by page basis – meaning every HTTP page should be redirected to it’s HTTPS counterpart. You must not 301 redirect everything (either via global or via a wild card redirect) to the home page as this can have a negative impact on rankings.

5. Set up HTTPS site in Webmaster Tools

Add the HTTPS website as a new property in your webmaster tools account, and submit sitemaps accordingly. At present, the change of address tool doesn’t support http > https requests, so Google will rely upon the proper implementation of 301 redirects to understand your new site structure. Once set up, keep an eye on your Webmaster Tools account and monitor any issues Google may be having with your new HTTPS website.

HTTP to HTTPS 301 redirects

Implementing 301 redirects from your HTTP pages to the new HTTPS versions is an essential to retaining your search engine rankings and traffic. Moving to HTTPS is not as easy as simply buying the certificate and relying on Google to index your new HTTPS website – you instead need to indicate that your URLs have changed through the use of 301 redirects.

Google will expect to see a direct replacement for the content on the HTTP URL if you use 301 redirects to a HTTPS URL, so if you redirect all HTTP URLs to the HTTPS homepage, you risk impacting the rankings of all the pages on your website. It is therefore strongly recommended that you redirect all HTTP pages directly to their HTTPS counterparts.

If your website is running on an Apache server, you can implement a site wide redirect from all HTTP pages to their HTTPS counterparts by adding a snippet of code to your .htaccess file. Brian K Ross has provided some great advice here on using rewrite rules to redirect any http requests to their https counterpart on your website.

Use the following code in htaccess to redirect visitors to https version using 301 redirect:

RewriteEngine on 
RewriteCond %{HTTPS} off 
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,R=301,L]

It should be noted that this is not the W3C recommended method of redirecting to SSL. Their recommended method of implementing site wide redirects (using virtual hosts) can be found here.

If you’re a little unsure how to implement these redirects on your website, I’d suggest contacting an experienced web developer or SEO consultant to avoid any issues.

Potential negative impacts

I have thus far talked about the pros of moving over to HTTPS, but I must warn you it is not always a straightforward process.

The reason I say this is because with Google, any major changes to a website’s structure, even if done correctly as outlined above, can still result in a short term drop in rankings. It often takes a few days (weeks even) for Google to understand complex changes in website structure, and it can take time for these changes to be reflected in their results. This often depends on how often Google crawls your website, but you can make their life easier by submitting up to date XML sitemaps for your HTTPS pages to webmaster tools as I have suggested.

The important thing to remember is that you should treat the migration from HTTP to HTTPS just like you would a migration to a new domain. Helping Googlebot to find the new HTTPS pages on your website by updating your navigation links and removing any references to your HTTP content will reduce any confusion and speed up the time it takes for Google to update your website listings in their search results.

Leave a Reply

Your email address will not be published. Required fields are marked *