HTTP to HTTPS Migration Tips

HTTP to HTTPS Migration Tips

With the recent Google Chrome 56 update, migrating your HTTP site to HTTPS is more important than ever.

There’s many things to consider and action when migrating your site over to HTTPS. Use the HTTPS migration tips below and ensure your site is up to scratch and migrated successfully.

1. Purchase and install an SSL certificate

Before you can migrate your site over the the HTTPS protocol, you need to have purchased and installed an SSL certificate. You can purchase these from many different providers such as Memset, Namecheap and GoDaddy.

Ensure you purchase an SSL with a high level of encryption. We recommend getting the strongest, SHA-2 & 2048-bit encryption.

Once purchased, many SSL providers also provide installation services to install the certificate on your server. However, if not, get in touch with a web developer to install this on your behalf.

Note: Do you need a Wildcard certificate?

If you have a website which uses multiple subdomains such as, or you might need to purchase a wildcard certificate. A wildcard certificate will ensure you can use the HTTPS protocol on your subdomains as well as your primary domain (* Most SSL certificates allow www. to be protected using a standard certificate but please check before you make the purchase.

2. Change your base website URL to use HTTPS.

Ensure that the base URL for your website is updated to use HTTPS. For websites using a CMS you should be able to simply change your base URL setting to take of care of this work for you. However, any of your website URLs within your code which are absolute rather than relative will need to be manually updated.

You need to ensure that the ALL links use HTTPS within your website. This includes images, links, PDFs, videos etc.

3. Check your iframes are using HTTPS

Browsers such as Google Chrome will block content from an iframe using HTTP is it’s being loaded on a site using HTTPS.

If your website uses iframes ensure you check that the iframes are using HTTPS or have HTTPS equivalents that you you can use. There are a few workarounds for this if you absolutely must link to an insecure iframe, however it’s best not to.

4. Update your sitemap XML file

Make sure you have updated your sitemap.xml file to include the new HTTPS links so that they can be correctly referenced by Google when crawling your website.

5. Update your robots.txt file

Ensure that your robotst.txt file is updated and referencing the new HTTPS version of your sitemap using the following line:

6. Add 301 redirects for all HTTP links to go to HTTPS

It’s important to let the search engines know that your content is now available at a new secure URL using HTTPS. A quick way to do this is to use a rule in the .htaccess file for your website.

Add the following rule to your .htaccess file ensuring your replace with your own URL.

7. Avoid mixed-content errors in your website

Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.

Therefore, always use HTTPS URLs when loading resources on your pages.

8. Update your Google Analytics settings

Ensure you login to your Google Analytics admin area and update your primary domain to use HTTPS.

9. Create a HTTPS Google Search Console property

It’s important to set up a new Google Search Console property for the HTTPS version of your website. You should setup all variations of your domain (www. etc).

Make sure that your resubmit both your updated robots.txt and sitemap.xml files in these new and updated properties.

10. Update all external links to your website

When migrating your website to use HTTPS all external links which link to your website, such as links on social media profiles, should be updated too. Try to contact any other websites which link to your own and ask them to update their links to use HTTPS.

11. Update URLs in any AdWords/Bing campaigns

If you run PPC campaigns on services such as AdWords or Bing Ads, make sure that your landing page URLs are updated to HTTPS.

We hope these points help you when migrating your website over to use HTTPS.

Don’t forget to follow us on Twitter for more guides or join the rest of our community using the form below:

Leave a Reply

Your email address will not be published. Required fields are marked *