Starting a new website with a secured protocol (HTTPS) is very easy but when it comes to migrating an old website or blog from HTTP to HTTPS, things are not easy. To be honest, the migration from HTTP to HTTPS might end up destroying your whole SEO traffic in just a few hours if the right steps are not considered.
But, it doesn’t mean you stop thinking of migrating your website to a secured connection due to the fear of traffic loss. You shouldn’t now refuse to get this migration done as Google Chrome in its upcoming versions started notifying its users with a “Not Secure” warning in the tab for all HTTP websites.
So, migrating your website from HTTP to HTTPS is now not only a ranking factor but also a need these days. I also successfully migrated my WordPress blog a few days ago to secure connection when I heard of this “Not Secure” warning in Chrome’s new versions.
In this tutorial, I will guide you on how to successfully migrate your WordPress site from HTTP to HTTPS without losing your traffic. It’s factually proved that if you take the right steps in HTTPS migration, the SEO traffic will not be affected. Yes, it’s possible you might feel the traffic drop for 2 to 3 days but after that, it will again be normal.
What Are The Risks & Challenges in HTTPS Migration?
To be honest, there are no risks in setting up HTTPS on your website if you take the right steps, but the fact is that over 90% of beginners forget many important steps while migrating their website from HTTP to HTTPS and that causes a huge traffic loss.
Here in this part of this post, I’m going to share some of the main risks and challenges you might face while migrating your WordPress website to a secure connection.
Mixed Content
One of the biggest challenges I faced while setting up HTTPS on my WordPress site was mixed content. As the name suggests, it’s a kind of error that occurs especially when the content of HTTP and HTTPS protocols are mixed in your website.
Migrating your website from HTTP to HTTPS simply means replacing all the occurrences of HTTP with HTTPS in your website URLs. But, most of the time only initial HTML loads with HTTPS whereas other resources such as images, videos, stylesheets, scripts still load with insecure HTTP. This is when the mixed content errors occur.
To, avoid mixed content on your website, you must make sure that every occurrence of HTTP in your website URLs is replaced with HTTPS. I will tell you some effectively proven methods to do so with less effort.
Search Engine Optimization
When the URL of your website is changed, it’s time to optimize this new URL for search engines. Most people forget to submit this new URL to Google Webmaster Tools, submitting a sitemap for this new URL, and asking Google to Fetch the new URL causes a severe impact on your search engine rankings after migration.
But, if you take care of these things, there’s no impact on SEO after migration. Also, you should recheck the settings of the SEO plugin you’re using on your WordPress blog.
Loss of All Existing Traffic
However, if the SEO of your website is affected, traffic automatically starts falling down slowly but if you won’t redirect all the HTTP URLs to HTTPS, you will face a sudden drop in your website traffic.
So, another very important thing after HTTPS migration is redirecting all the traffic to the secured version of your website. This article will also guide you on how to 301 redirect all the HTTP pages to HTTPS so that you won’t lose any of your website traffic even after migration.
What Are The Benefits of HTTPS over HTTP?
However, there’re many benefits of using a secured connection on your website but now it’s the need for time. Without thinking much practical, it’s simply now every important for every webmaster to be on the top of search results and prevent the warning “Not Secure” added in the Chrome browser in its updated versions.
Back in 2014, Google announced the fact that HTTPS would be a ranking signal for search results. So, it’s beneficial for all webmasters to run their websites on HTTPS, and this is not a new thing.
But, now when Google added the “Not Secure” warning in its Chrome browser for all HTTP pages, it’s now become must use secured protocol for all webmasters in order to survive on the Internet.
Practically thinking, the HTTPS itself is very helpful for keeping the websites and their visitors secure from harmful activities especially when information like login credentials or credit card details are asked on the website.
HTTPS (Hypertext Transfer Protocol Secure) adds an extra layer of security when the data is being transferred from point A to Point B so that the information submitted to your website by visitors will reach to destination securely.
HTTP to HTTPS Migration Without Losing Website Traffic: Step-by-Step Guide
Migrating your WordPress site from HTTP to HTTPS might be difficult and even risky for most cases but if you follow all the necessary steps carefully, it becomes very easy.
In this post, now I’m going to share the complete step-by-step guide for migrating your WordPress website from HTTP to HTTPS without any traffic loss.
This is actually how I migrated my WordPress blog from HTTP to HTTPS without losing traffic. In the following steps, I’m assuming that you’re having a WordPress blog accelerated with Cloudflare.
Step #1. Installing an SSL Certificate on Your Server
The very first step to migrate your WordPress website from HTTP to HTTPS is installing an SSL certificate on the webserver but most people take it as the first and last step for HTTPS migration and loss the website traffic.
To install an SSL certificate on your web server, you must have one. There are however many trusted SSL certificate sellers but when you’re using Cloudflare, you don’t actually need to buy any.
Cloudflare itself lets its users generate certificates from the Crypto settings that can later be installed on your web hosting server. Read Cloudflare’s official guide to create a certificate for your origin server.
Once you’ve generated the SSL certificate from Cloudflare, it’s time to install it on your web hosting server. Never mind if you don’t know how to do that because your web hosting support representative should do it for you. So, once you’re done with generating certificates from Cloudflare, contact your web hosting support asking them to install the generated certificate on the server.
After the certificate is installed on your web server, you need to enable SSL on Cloudflare as your website is accelerated with Cloudflare. To enable SSL, go to Crypto settings in your Cloudflare dashboard and choose Full (strict) under the SSL section to strictly enable HTTPS on your whole website.
This is all about installing an SSL certificate on your website running with Cloudflare. As soon as you select the Full (strict) SSL setting, your website will start rendering through HTTPS. But, it’s just the first step of migrating your website from HTTP to HTTPS and there are many big dangers and risks such as mixed content, broken site, traffic loss, sudden drop in your search engine rankings, etc. if you skip the remaining important steps.
Step #2. Replace All Hard-Coded URLs With HTTPS
Now, when you’re done with installing an SSL certificate on your web hosting server and enabled SSL through Cloudflare, it’s time to make sure that all the URLs of your website are migrated to HTTPS.
There’re big changes that you face mixed content errors. As already explained it happens because not all URLs of your website are migrated to a secured connection. Most probably the URLs of images, JavaScript files, and hard-coded URLs may still load in with HTTP.
You can use Google Chrome browser’s inspect element tool to detect mixed content errors. With this tool, you can check how many mixed content errors are there on a particular page.
But, truly it might be a very lengthy process to fix mixed content errors one by one on every page by replacing each URL with HTTPS.
You need an efficient way to replace all the hard-coded URLs in your website with HTTPS automatically so that there won’t be any mixed content error. Luckily, there’re various methods to do so.
Cloudflare’s Always Use HTTPS lets you redirect all requests from HTTP to HTTPS. You can turn this setting on from Crypto settings in your Cloudflare dashboard. It will start forcing all the URLs to be loaded always in HTTPS.
Really Simple SSL WordPress plugin is another easiest way to automatically redirect all the HTTP URLs to HTTPS without doing anything manually. The plugin automatically detects your WordPress settings and configures your website to run over HTTPS.
It will also migrate your Site Address and WordPress address into HTTPS from your WordPress settings and try to fix most mixed content errors automatically. But, the bad part of this plugin is when you’ll disable it, your site will again start loading in HTTP. And this is why most people may not want to use this plugin for migrating their WordPress site from HTTP to HTTPS. However, for beginners, it can be a great option to automatically enable SSL on the whole website.
Cloudflare’s Always Use HTTPS and the Really Simple SSL WordPress plugin helps to redirect HTTP requests to HTTPS automatically without manually fixing the URLs from HTTP to HTTPS and that’s why they might still give mixed content errors for some really hard-coded URLs.
So, to manually replace all the hard-coded URLs into HTTP, you can use Better Search Replace WordPress plugin which allows you to search for all the entries with HTTP in your database and replace them with HTTPS at once.
And the best thing is that you can disable and uninstall the plugin after use. So, when your all hard-coded URLs are migrated to HTTPS, you don’t even need to use Cloudflare’s Always Use HTTPS and the Really Simple SSL plugin.
In addition to migrating all the hard-coded URLs to HTTPS, it’s also beneficial to use HSTS (HTTP Strict Transport Security). Once it’s enabled, all the HTTP links will be migrated to HTTPS and if there is any error or warning with your certificate, it can not be bypassed by the user. So, it’s great to enable HSTS for your website if you want extended security. It can also be enabled via Cloudflare’s Crypto settings but only turn it on when you’re pretty sure because it may make your website inaccessible if the SSL gets disabled.
Step #3. Add 301 HTTP to HTTPS Redirects
However, in the previous steps, you already replaced all the HTTP URLs with HTTPS but still, you’re required to add 301 redirects to HTTPS URLs as a mandatory step. This is because not all the search engines, bookmarks by your readers, and other sources will have the index of HTTPS version of your URLs immediately.
301 redirect is a permanent redirect that means a URL is permanently redirected or moved to another destination and it’s beneficial for search rankings because it passes 90 to 99% of link equity (ranking power) to the redirected page.
So, let’s come to the point; adding 301 HTTP to HTTPS redirects all over your website. If you use the Really Simple SSL plugin, there’s no need to add 301 redirects as it does automatically. But, if you’re not using the plugin and want to do it manually (which is recommended), you can do it at the server level.
If you’re using an Nginx server, add the following code to your Nginx config.
server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}
For the Apache server, you need to add the following code to your .htaccess file.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
In case, you’re not sure how to do that, you can ask your web hosting support to do it for you. As soon as the code will be updated, your all URLs will be permanently redirected to HTTPS.
Step #4. Add a New HTTPS Property to Google Search Console
Now when your website is successfully migrated to HTTPS, it’s time to optimize it for search engines. You’re now required to add a new property of the HTTPS version of your website.
Once you’re done with adding a new property in Google Search Console and verifying it, it’s time to set the HTTPS version of the domain as your preferred domain.
You don’t actually need to delete the old HTTP property from Search Console as all your website traffic is automatically redirected to HTTPS, but if you want to delete it, do it without any confusion.
Step #5. Resubmit the Sitemap for HTTPS Property
However, it’s not that necessary to submit the sitemaps as Google itself crawls the webpages but sometimes you may need to know whether all your URLs are getting indexed or not. Sitemap helps you know how many of your URLs are indexed by Google and it also helps in fixing issues about indexing and crawling.
So, if you use the sitemap for your website, you will just need to resubmit its HTTPS version to your new HTTPS property so that Google can re-index the HTTPS version of your website’s URLs.
If you use Bing Webmaster Tools too, there’s no need to create a new property for HTTPS version of your website, simply resubmit the sitemap of new HTTPS URLs.
Step #6. Request Google to Fetch Your New HTTPS URLs
When you’re done with HTTPS migration for your WordPress website, it’s important to let Google know about this change. It’s not only enough to add a new HTTPS property and resubmit sitemap, but it’s essential to find an efficient way to let Google know about the changes you made with your site. And this can be done by the Fetch as Google tool.
With the help of Fetch as a Google tool, you can quickly and efficiently let Google know about the changes to your site and submit requests to manually index your pages.
Step #7. Replace Property & Website URL With HTTPS in Google Analytics
To get the correct analytics of the new HTTPS version of your website, it’s important to update the website URL and property’s default URL with HTTPS.
You don’t need to add any other property, simply choose HTTPS from the dropdown. In your Google Analytics dashboard, navigate to Admin » Property Settings » Default URL, and for updating the website URL navigate to Admin » View Settings » Website’s URL.
After replacing the URL with HTTPS in Google Analytics, you’ll start getting the analytics of your website traffic after HTTPS migration.
Final Words About HTTPS Migration
The above-explained 7 steps are the complete solution to your HTTPS migration. If you follow these steps as they are explained, you’ll be able to successfully migrate your WordPress website from HTTP to HTTPS without any traffic loss.
It’s possible that you may experience a sudden drop in the traffic due to migration for 2 to 3 days but if it persists then you should make sure that all the steps are followed correctly.
In addition to these above-discussed steps for a successful HTTPS migration, you’re still required to take care of a few other things such as:
- Replace your website’s link in social media accounts with the HTTPS version of the URL.
- Activate the social share counts recovery in your social sharing plugin (I use Social Warfare).
- Update all the insecure scripts and third-party URLs that belong to Google Ads, Adwords, FB Ads, Bing Ads, etc.
- Update the URLs that belong to your email marketing software.
- Try to update all the external links on your website and backlinks to your site from HTTP to HTTPS as much as possible.
- Due to negative SEO, if you submit any disavow file in Google Search Console, you’ll need to resubmit it from the new HTTPS property.
- Double-check the robots.txt to make sure all the URLs in the file are migrated to HTTPS and crawlers are not blocked from accessing your website.
That’s all about migrating WordPress websites from HTTP to HTTPS without losing your traffic. This guide is perfect for those who use Cloudflare to accelerate their WordPress blog or website and going to migrate the website to HTTPS.
Outstanding post. You covered each and everything that matters in HTTPS migration.
Thanks for your feedback.