A Step-by-Step Guide to Migrate Your Site to HTTPS Switching out of HTTP is a smart security move as well as a stated Google-ranking factor.

By Tony Messer Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

Online security is becoming an increasingly important area for businesses of every size. And one of the most basic forms of online security entails switching to HTTPS hosting.

Of course there are loads of factors to consider, but aside from the advantages of presenting a safe and secure website to your visitors, switching to secure HTTPS hosting (as opposed to HTTP) is good for business. Along with the reasurrance it gives your visitors, HTTPS is actually a stated Google ranking factor.

And, in the coming years, the question isn't going to be so much whether you need to migrate to HTTPS, as when you are going to switch.

But if you're not prepared for it or unfamiliar with this technology, then all you need to do is to follow the following steps to ensure that your site is migrated safely, securely and with the minimum of impact.

Image Credit: Pickaweb

Step l. Buy An SSL certificate

The first point is to buy the right SSL Certificate for you. Without getting too technical, the way that an SSL certificate works is that it creates an encrypted, impenetrable link between the browser window and the web server.

There are all sorts of different SSL certificates available, and they vary in cost. The important point is that fundamentally they all work under the same principle. You don't get "more security" just because you are paying for a more expensive certificate.

What they will offer are different sets of features.

The entry-level SSLs are Domain SSLs. These are issued instantly and require only email verification. They offer HTTPS browsing with a padlock but there is no in-depth verification process, just a domain-ownership check. They're ideal for smaller businesses on a budget that aren't taking online payments.

Next in line are Organization SSLs, which require a higher degree of verification which includes checking company ownership. As a result, they take longer to be issued, typically two to three business days. WIth this type of certificate, the company name and domain name appear in the browser bard.

Finally, there are Extended Validation SSLs, which allow you to use a "green browser" bar. These are more expensive than Domain or Organization SSLs and involve a verification process to check the company in more detail; that process includes legal, operational and physical verification.

It is for this reason that these SSLs can take between three and five days to be issued, and they will require that various legal documents be produced.

Step 2. Acquire an SSL certificate installation.

Once you've purchased your SSL Certificate, you'll need to approve it. As the graphic shows, there are different levels of verification before the certificate is issued; but if we use the example of a Domain SSL, this can be issued instantly once the domain owner verifies his or her email address.

This is done by the SSL issuer; the issuer sends an automated email to one of a pre-determined set of email addresses such as webmaster@TheDomainName.

If you're using shared hosting, then your hosting company will assist you as it administers the server. It will set everything up for you once you have approved the certificate.

Step 3. Do a full back-up.

Whenever you make major changes to your website, it's always worthwhie to run a full back-up of all of your website files. If you use cPanel hosting, for example, there is a built-in cpanel back-up feature that you can use, whiich is easy to configure.

Otherwise, check with your hosting company to see if it offers a managed back-up service, and use that.

Either way,, doing a back-up is a belt-and-braces approach.

Step 4. Change your HTTP links To HTTPS.

Before you switch to HTTPS, you'll need to update all of the internal links in your website. Later, we'll look at a way to globally achieve this, but it is still good practice to go through your website and change any links that point to HTTP pages inside your site to the new HTTPS links.

How you do his depends on the size of your website. If you just have a few pages, this is just a manual process. If you have hundreds, even thousands of pages, there are tools that can automate this process for you (especially if you are using WordPress).

Step 5. Check code libraries.

This is an optional step that really only applies to more complex sites that use additional software, like JavaScript or Ajax, behind the scenes. If you take this step, you'll probably need to check with your developer to make sure he/she updates any software that refers to or generates HTTP pages -- and change them to HTTPS.

Step 6. Update any external links that you control.

All of the links pointing to your site from your social media accounts and listings in authority directories need to be updated. Just focus on the ones that you have under your control.

You'll be redirecting HTTP traffic to the equivalent HTTPS page shortly, so there's no need to stress about getting them all 100 percent updated -- just focus on the main ones.

Step 7. Create a 301 redirect.

This sounds complicated but it is quite straightforward, really. A 301 Redirect is a method of redirecting traffic from one web page (URL) to another. It is effectively a "permanent" redirection because your website is permanently switching from HTTP to HTTPS.

This is a really important point because if your website has dozens, hundreds or even thousands of backlinks pointing to it from other websites, hey will be set to point to the HTTP pages. If your searc- engine ranking depends on the number and quality of backlinks, then you don't want to lose the power that they give you.

Therefore, a 301 redirect means you don't have to go and change all of these links, which would often be impractical, if not virtually impossible.

Setting up a 301 redirect depends on the type of web server that you use. The most popular type of web servers are Apache, NGinx and LiteSpeed and Windows. With Apache and LiteSpeed, you need to update the htaccess file. With NGinx, you need to update the NGinx Config File. With Windows, you need to update the web.config file.

Step 8 (optional). Update CDN SSL.

If you are using a content delivery network (CDN) like CloudFlare, you will also need to synchronize your SSL with that system. A CDN is a globally distributed network of servers that stores copies of your web pages on its servers so that your pages are presented by the server closest to the person browsing your files.

This offers advantages not only in terms of speed but also of security, as it can recognize various malware patterns and prevent your site from being hacked. You just need to double-check with your hosting company or developer if you are hosted on a CDN. If you are, then you'll need to check with the CDN's technical team for its instructions.

Most websites don't use a CDN, though so this step is included for the purpose of completeness.

Step 9. Update any other tools and transactional emails.

These days, many businesses use a whole plethora of additional tools around their websites, such as email marketing, marketing automation and landing-page generators.

You'll need to prepare a list of these software programs and look for any mentions of web pages that refer to HTTP; then update them to HTTPS.

Another area is transactional emails: things like welcome emails, invoices and forgotten password emails. These all need to be updated. Sure, the 301 redirect will usually take all of these into account but it always looks more professional to present your clients with the correct URL.

Step 10. Update Google (Analytics and Search Console)

Last and not least, you'll need to update your Google accounts -- Analytics and Search Console. In Analytics, you just need to change the Default URL to HTTPS. In Search Console, you'll need to add the new site with HTTPS.

Wrap-up

Switching to HTTPS is the direction of travel when it comes to online security. You're going to have to do it sooner or later.

But it doesn't need to be a complex matter. If you're not a technical person, you may need some help from a web professional. But, as long as you follow the steps outlined here, you'll be fine.

Tony Messer

Co-founder and CEO of Pickaweb

Tony Messer is the co-founder and CEO of UK web hosting company Pickaweb. Having worked with thousands of small businesses, ecommerce retailers and startups, Tony knows what it takes to grow an online business. He is the author of two books on online marketing.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

JPMorgan Shuts Down Internal Message Board Comments After Employees React to Return-to-Office Mandate

Employees were given the option to leave comments about the RTO mandate with their first and last names on display — and they did not hold back.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Business News

Zillow Predicts These 10 Places Will Have the Hottest Housing Markets in 2025

Zillow predicted that the hottest housing market of 2025 will be Buffalo, New York. Here's why.

Business News

'Masculine Energy Is Good': Mark Zuckerberg Tells Joe Rogan He Thinks Companies Need More Aggression

On the most recent episode of "The Joe Rogan Experience," Meta CEO Mark Zuckerberg said corporate culture has become "neutered."

Business News

'More Soul-Crushing Than Ever': Popular Hiring Platform Finds Around 20% of Its Postings Were 'Ghost Jobs'

Is that job listing too good to be true? There's a one-in-five chance that it might be.

Growing a Business

5 Risk-Taking Lessons From Founders Who Bet Big and Won

Discover the bold moves and strategic risks that catapulted these entrepreneurs to success. Learn how their fearless decisions can inspire your own path to growth.