Converting Your Website From HTTP to HTTPS (A Very Simple Guide)

by

This past weekend I finally got around to converting one of my fairly large websites (over 600 pages) from HTTP to HTTPS.  I’d been postponing the conversion for over a year due to nerve damage in my hands and forearms that prevented me from doing basic tasks like using a phone or computer.  Now that I’ve finally recovered some hand function, I’ve been able to do some computer work and typing (albeit the numbness and pain can be wicked).

Anyways, back to the topic at hand: HTTP to HTTPS conversion.  Prior to my HTTPS implementation, I was nervous about: possibly wrecking my site in the process; drops in Google search engine ranking positions (SERPs); and corresponding reductions in Adsense income (as a result of falling off the map in Google search).  I contacted a web developer and designer that I’ve worked with over the years and initially asked him if he’d help me with it.

From what I read, the process of converting a website to HTTPS was relatively simple.  However, the website that I was updating had over 600 pages with an absolute internal linking structure (e.g. hardcoded full URLs) – rather than relative internal linking.  The developer that I knew recommended that I use a plugin called “Better Search Replace” and the rest is history: I converted my website from HTTP to HTTPS in less than 2 hours (probably less than 1 hour but I wasn’t really timing – so I’ll say 2 to be on the safe side) with zero problems.

Because I’m no expert, I figured I’d share exactly how I switched to HTTPS with others who are non-experts.  I originally wasn’t going to write this up because most new websites are now implementing HTTPS automatically, but then I figured there might be someone else in my position who could use a simple, straightforward conversion guide (without the BS).

Why convert a website from HTTP to HTTPS? (2 Reasons)

If you’re reading this page, I’m assuming you already know the benefits of using HTTPS (or switching to HTTPS from HTTP).

  • Security for visitors: In brief, using HTTPS on your website provides a direct, private connection between your website and the device of the website visitor. This means that if someone were to enter information into your website, 3rd parties (e.g. hackers) would have a more difficult time intercepting data from the visitor.  With HTTP domains, visitor data can be easily intercepted (e.g. name, social security number, credit card information, etc).
  • Ranking signal: Google is now using HTTPS as a ranking signal. It won’t significantly boost your traffic, but if all things are equal between a site with HTTP and HTTPS – the one with HTTPS will rank higher.  Assuming you give a damn about where you rank in the search engines – this is something you should be cognizant of.

How to Convert a Website from HTTP to HTTPS

Although there are millions of “HTTP to HTTPS” guides that’ve been spammed around every mega content farm on the internet explaining why you should convert your website from HTTP to HTTPS – most of these guides provide too much information about why you should convert to HTTPS (e.g. the advantages) and skirt around the actual process (or use generalities in explaining).

Upon reading a few of these guides, I understood that converting to HTTPS is important… but I also felt slightly anxious, had a headache, and was nauseated by the sheer length of these guides – it seemed as though they were competing with each other to provide the longest Wikipedia-entry-like tutorials – rather than something straightforward and simple that would help someone (e.g. a total noob like myself) trying to make the conversion.

Unless you’re familiar with SEO, code, etc. – you’ll probably have an inclination to vomit after attempting to decipher some of the conversion guides online.  Unfortunately, this excessive nausea may deter you from even attempting to make the conversion.

Luckily, for most people, converting a website from HTTP to HTTPS is pretty damn simple – or at least I thought it was.  After converting my website to HTTPS, I figured I should spam out my own, simplified guide for those who are interested in making the conversion on their own (without headaches attributable to other guides).  Final note: If my conversion guide gives you a headache – I apologize; find another one that doesn’t (and consider some Tylenol).

  1. Create a backup of your website

The first thing you should do before converting your website from HTTP to HTTPS is create a full database backup of all your website files.  Personally, I use the WordPress plugin called “Backup Buddy” on all my sites… (it costs a bit of money, but is a great value).  I had the plugin create a full database backup of my website before the HTTPS conversion.

Thereafter, I had my host create a backup copy of the website on the server (you should be able to do this too if you ask your host).  Even though I didn’t need to use the backup, if I would’ve royally effed something up – this backup would’ve become helpful for restoration.  Because something could go wrong, just do yourself the favor and create a website backup.

  1. Buy an SSL certificate

Your next step is simple – buy an SSL certificate through your host.  Although you can get a free SSL certificate various places, I’d recommend steering clear of the free SSLs.  There’s nothing inherently wrong with free SSL certificates, however, you need to update the keys every 90 days.

Assuming you slip-up and forget to enter the updated SSL key after 90 days, your entire website will crash.  Instead of going the free route, cough up some of your hard-earned dough and buy one… Get the cheapest version that complies with Google’s 2048-bit SSL recommendation.

Moreover, so that you don’t need to constantly remember to renew your SSL, I recommend buying the SSL for several years in advance.  I purchased a 3-year SSL certificate for just under $100.  This way I won’t need to remember to renew my SSL on an annual basis – it’s already paid for.

  1. Install the SSL certificate

If you have a reliable web host, they should install the certificate for you.  I’m using Hostgator for the site that I installed my SSL – and they had it installed within 24 hours of my purchase.  Most hosts should be able to install your SSL for you between 24 and 72 hours after your purchase.  If your host insists that you install the certificate on your own – you probably have a garbage-eating host (or are not using a paid SSL).

Most hosts will send you an email or give you a phone call letting you know when the SSL has been successfully installed.  There may be a delay in installing your SSL certificate if you haven’t provided your host with an email account for the specific website with the SSL.  If your website is DrewIsDope.com – you’d need to provide them with some sort of email associated with that domain for the SSL such as: “[email protected]” (no that’s not my email)… and no you cannot use a “Gmail” or “Yahoo” email for your SSL (haha).

  1. Update URLs in WordPress Admin

Assuming you’re living in the 21st century like the rest of us, you’re probably using WordPress for your website or blog.  Login to your WordPress Dashboard, then click on “Settings” and from settings click “General.”

  • WordPress Address (URL): Change from HTTP to HTTPS (e.g. http://drewisdope.com to https://drewisdope.com)
  • Site Address (URL): Change from HTTP to HTTPS (e.g. http://drewisdope.com to https://drewisdope.com)

After making these adjustments, you’ll probably be automatically logged out of your website (or at least I was when I made the switch).  Simply log back into your HTTPS version and double-check that the website URLs you entered were correct.  Give yourself a pat on the back – you’re making some progress through this HTTP to HTTPS conversion.

  1. Update internal links (and database links)

Next, you’re going to want to update all internal links (and other links) on your website in which URLs with HTTP were utilized.  This is the step that I was personally dreading like crazy because I thought I’d have to go through each of my 600+ articles and manually edit the links (this probably would’ve taken me months).

I emailed a guy who normally does some design and coding for my sites and asked him if he could update these links for me – but he saved me money and recommended the plugin “Better Search Replace” (it’s a free plugin that you’ll easily find if you search WordPress).

  • Download the “Better Search Replace” plugin (it’s free)
  • Adjust plugin settings to the lowest possible maximum page size
  • Enter your old URL (with the HTTP) in the “Search for” box
  • Enter your new URL (with HTTPS) in the “Replace with” box
  • Select all tables in the database (they should all be highlighted)
  • Do a “dry run” first to determine whether everything goes well
  • Uncheck the “dry run” box and do a real run, letting the plugin make changes
  • Clear your cache and evaluate the changes

When this step is complete, you should be able to view your website links and see that they’ve all been updated to HTTPS.  If you’re still seeing HTTP – you either had an error while running the plugin OR you need to simply clear your cache via your browser, your caching plugins, Cloudflare, and/or a CDN.

Note: If while using Better Search Replace you’re getting the error message: “An error occurred processing your request” (click the link I’ve provided for more information)… You’ll probably want to smash your head through the screen (or just smash your computer monitor).  Don’t stress… you’ll probably just need to login to your cPanel (or contact your host) and increase memory limits for the following files: .PHP; .HTACCESS; and .WP-CONFIG.  (I had to do this and it was somewhat of a pain in the arse, but it got the plugin working).

  1. Set up a 301-Redirect in .htaccess file

Now that you’ve updated your internal links and database links to HTTPS, you’ll want to ensure that nobody continues using the old HTTP version of your site.  To ensure that all visitors are directed to the HTTPS version, you’ll need to force HTTPS via logging into your hosting account.  Certain hosts make it easy for their customers and have a simple box that can be checked such as “force SSL” for the site that you’re hosting.

  • Log into your hosting account
  • Force HTTPS (SSL) with: a checkbox OR by editing .htaccess

I should note that some hosts automatically take care of this step for their customers.  In other words, if all pages on your website are automatically redirected to the HTTPS version – your host might’ve implemented automatic 301 redirects after installation of an SSL certificate.

I should also note that there are WordPress plugins that you can download and install for the redirect, but I do not recommend any of them.  Why? Because you don’t want to rely on a plugin for the redirect.  Plugins not only slow down your site, but they could be prone to a future error or something (and damage your site)… the fewer the plugins you use – the better your site performance will end up.

Editing the .htaccess file associated with your domain is relatively simple.  Login to your control panel, view your website files.  If you aren’t seeing the .htaccess file, ensure that it isn’t hidden by checking a box that says “show hidden files” (or something).  Once you’ve found the .htaccess file – you’ll need to insert the proper code for redirection.  I used the following for mine (sans the bullet points on the left).

301-redirect .htaccess code:

  • # Always use https for secure connections
  • # Replace ‘www.example.com’ with your domain name
  • # (as it appears on your SSL certificate)
  • RewriteEngine On
  • RewriteCond %{SERVER_PORT} 80
  • RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

In the above example, just be sure to replace the website in the final line of the code (https://www.example.com) with your domain (e.g. https://drewisdope.com).  If you were using “www” then keep the “www” – if you were using a non-www domain (like me) you’ll want to avoid using the “www.”  Once you’ve replaced it with your domain, copy the code and paste it into your .htaccess file (anywhere is fine – just don’t delete other code), then save the file.

Assuming you did this correctly you will have implemented a proper 301 redirect to ensure that all of your HTTPS domains get the “link juice” from the HTTP domains.  Moreover, you’ll no longer have “mixed content warnings.”  (Note: The code that I referenced above was for my host – yours might be slightly different depending on your host… Contact them or view their website if you’re unsure).

  1. Check for mixed content errors & fix them

At this point, you’re nearly done with the HTTPS (SSL) implementation, but you shouldn’t get too excited yet.  You’re going to want to visit a couple of websites that analyze your HTTPS implementation to ensure that there aren’t any errors (e.g. mixed content).  Mixed content errors simply mean that some pages and/or coding on your website is still using HTTP instead of HTTPS, hence a “mixture” of HTTP and HTTPS content – this isn’t what we want.

To check for mixed content errors, I recommend 3 websites: 

Enter your website URL (with the HTTPS) on these 3 websites and let them scan your site.  If there’s a problem, they’ll let you know what it is.  For example, on one of my sites I had one mixed content error associated with an outdated piece of code that I had on my sidebar Widgets.  To fix this I simply updated the code, rescanned my website, and the mixed content error disappeared like magic.

You’ll want to solve whatever errors here as quickly as possible… You don’t want Google crawling your website to find mixed content – this may penalize your website in the search engine rankings.  Get your code and URLs consistent with the HTTPS version and you should be ready to rock n’ roll (almost time to celebrate).

If for whatever reason you’re still having issues fixing mixed content errors or warnings – you could hire an SEO expert or web developer to take a look at it.  (If you’ve spent a long time working on this and can’t fix it – hire someone that you trust rather than stressing yourself out).  Another option that might prove effective is to use a free WordPress plugin such as: “SSL Insecure Content Fixer.”

  1. Update social share counts (Social Warfare share recovery)

Assuming that you’re still logged into your WordPress dashboard, you’re next going to want to update your social sharing counts.  I recommend purchasing Social Warfare Pro if you haven’t already (it’s a good value).  With the professional version of this plugin, you can go into “Advanced” settings and under “Activate Share Recovery” click “ON” – then where it says “Previous Connection Protocol” select “HTTP” (the old insecure version of your URL).

This will add all of the “share counts” from your old HTTP domain to the new HTTPS one.  And yes, you must keep this activated if you expect to retain all of your old shares.  If you don’t have this plugin – you’re missing out.  There may be no way to recover all of your shares… Or you might need to do some Googling (and find out if share recovery is possible for you).

  1. Update Google Search Console

Assuming you use Google Search Console, you’ll need to update your website under your account.  Hopefully you’ve already had a Google Search Console account for awhile now with both the “www” and “non-www” submitted.  Now that you’ve updated your website to HTTPS, you’ll need to submit 2 new HTTPS domains of your website (e.g. “https://drewisdope.com” and “https://www.drewisdope.com”) – then verify each.

  • Create new website profile: Submit 2 versions of your new HTTPS site (one with “www” and one “non-www” version).
  • Resubmit XML sitemap: On the left hand side of your Google Search Console, you’ll see a link allowing you to check and/or submit a sitemap. Click this link and resubmit your website’s sitemap.  (You don’t need to upload anything, just type in the address of your sitemap… for example, mine is: https://drewisdope.com/sitemap.xml).  If you’re using Yoast SEO, your sitemap might be slightly different – so double check before submitting).
  • Resubmit disavow requests: If you had any preexisting disavow requests associated with your old HTTP domain, you’ll need to resubmit these requests to your new HTTPS domain. If you don’t know what a disavow request is and/or have never submitted one – skip this step (it doesn’t apply to you).
  • Delete old HTTP profiles: Once you’ve completed the above steps, you can delete the old HTTP profiles of your website. (Just be sure you keep the HTTPS ones).

  1. Update Google analytics

Now that you’ve taken care of business in the Google Search Console (GSC), you can hop skip and jump your way over to your Google Analytics profile (assuming you use this). If you don’t use Google Analytics, you should.  Below are the steps you’ll need to take (this should be really simple).

  • Login to Google Analytics
  • Admin > “Property Settings”: Update the domain URL from HTTP to HTTPS (dropdown menu).
  • Admin > “View Settings”: Update the domain URLs (there may be multiple) from HTTP to HTTPS (dropdown menu).

  1. Clear and Update Cache plugins, Cloudflare, and/or CDN

After you’ve finished messing around in Google Search Console and Google Analytics, it’s time to do one final purge and configuration of your cache plugin, Cloudflare, and/or CDN (content delivery network).

  • Cache plugin: Purge all cache for desktop and mobile devices. This will eliminate the possibility of someone continuing to view your website in HTTP because the cache wasn’t cleared.  You may need to “check” or “uncheck” certain boxes within your caching plugin to reflect your new HTTPS (non-HTTP) website.  In the plugin I use there were boxes that needed to be unchecked because they were only compatible with HTTP domains.
  • Cloudflare: Cloudflare should automatically detect your SSL installation and this will be reflected in your Cloudflare account. If you don’t have a caching plugin synced with your Cloudflare, you’ll want to purge all of your Cloudflare caching so that no visitors end up on the cached HTTP domain.
  • CDN: If you use a CDN (content delivery network), login to your account and update it with your new HTTPS domain. Moreover, purge your CDN cache and update all settings to reflect your HTTPS status.

  1. Update social media accounts

Your final step should involve updating all of your social media account profiles and/or pages that link to your website with your new HTTPS domain.  Login to all of your accounts and update your respective profiles and BAM! You’re done.  Fortunately I only use Twitter for the website that I updated so I just had to login and change my Twitter domain to the “HTTPS” version.

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter

You’re done! (SSL certificate)

At this point, I’m sure you’ll be ready to party (full send with nose beers, eh? – NELK).  You’re officially a 21 S(SSL)avage and rockin with the big dogs on HTTPS.  Google is happy, you’re happy, and your visitors are at lower risk of having their personal information intercepted by a 3rd party while browsing your website.

Still have miscellaneous HTTPS problems (or confusion)?

Pay someone (save yourself the headache).  If you have a website that you want converted from HTTP to HTTPS, and don’t want to spend your personal time doing the conversion, just pay someone to do it for you.  Most web developers and SEO specialists will be able to do the conversion flawlessly in a minimal amount of time.  Additionally, if you still have miscellaneous problems with your HTTPS implementation, just pay someone to fix them (don’t waste hours of your time stressing yourself out trying to do something you don’t understand).

HTTP to HTTPS Tutorial: Final thoughts

Yes, this tutorial ended up a bit longer than expected.  Yes – it might’ve not covered a few things… but it’s as simple and straightforward as it gets.  Most tutorials on the internet confused the heck outta me – and that’s why I created this one.  If this one is confusing for you – then follow someone else’s.  (I just walked you through exactly what I did for a perfect SSL implementation in under ~1 hour on a very large high-traffic website (~1M visitors per month); there was zero website “downtime.”

How much time did it take to convert from HTTP to HTTPS?

Less than 2 hours.  If I had to do it again (now that I’ve done it), I could convert my entire website to HTTPS in under 1 hour, possibly in under 30 minutes.  Keep in mind that the website I converted had a lot of pages and data.  If I were to have performed the conversion on a website with significantly less content, I might’ve been able to complete the entire operation in under 15 minutes.

Why I was initially afraid to convert my website from HTTP to HTTPS

There are many reasons as to why I was initially afraid to convert my website from HTTP to HTTPS.  The chief reason being: I had used “absolute internal links” such that all of the internal links on the website I was converting would need to be updated from HTTP to HTTPS.  Thanks to the “Better Search Replace” plugin, this ended up being an insignificant issue.  I was also slightly worried about potential drops in SERPs (search engine ranking positions) and corresponding earnings declines.  Other worries included slower load times and potential website errors (after the conversion).

  1. Absolute internal links: For the website that I converted, I used “absolute” or hardcoded internal links. This means that all of my website’s internal links (hyperlinks from one page of my website to another) included the full URLs (e.g. https://drewisdope.com/example-post-1) rather than a portion of the URL (e.g. /example-post-1) – the latter being classified as “relative” internal links.  Absolute internal links are superior for SEO (from what I’ve read), but can sometimes be a pain in the arse if you’re modifying your website URL (such as converting it from HTTP to HTTPS).  That said, all of my fears were unjustified.  Initially I thought I’d end up having to upload a plugin to my server called “Interconnect It Database Search and Replace” and figure out how to properly run it.  Luckily there was an easier option recommended to me by a guy I usually hire: “Better Search Replace” plugin for WordPress – this made the conversion of absolute internal links from HTTP to HTTPS a piece of cake.
  2. Potential rankings & traffic decline: Another one of my big worries was that my website rankings (and traffic) would decline after the HTTPS update. However, I figured that I’m already late to the HTTPS conversion party and that Google search engine algorithm programmers have probably worked out the kinks in terms of ranking adjustments post-HTTPS conversion.  While it’s possible that my rankings could decline from the HTTPS conversion, I suspect that because my implementation is perfect, rankings probably won’t drop much.  Moreover, it’s also possible that my rankings could improve… Anyways, I had to convince myself that I would accept a potential short-term rankings decline for the long-term betterment of my site.
  3. Lower earnings: With a decline in rankings and traffic usually comes a decline in earnings. In my experience, website earnings are directly proportionate to website traffic.  If you get 1 million visitors per month, you can make a lot more money than if you’re getting just 500,000 visitors per month.  Assuming my website traffic were cut in half from the transition, this would not reduce my earnings by half – this would likely reduce my earnings by well over 60%.  Intuitively it would make sense that half the traffic equals half the earnings, but if you’d double your traffic from 500,000 to 1M – your earnings will more than double (in my experience).  Moreover, I had read that various advertising platforms exhibit lower ROIs with HTTPS versus HTTP (due to incompatibility with HTTPS).  According to Google, this is no longer the case with AdSense, however, some remain skeptical.
  4. Slower load time: Switching from HTTP to HTTPS will likely slow your website down. Anyone who tells you otherwise is completely full of you-know-what.  Why? The slowing is related to the SSL certificate, as well as the 301 redirects that’ve been implemented.  After implementing my SSL certificate, my website load time slowed by 1-3 seconds (which is a big deal).  I ended up having to remove one of the advertisers on my site temporarily due to the fact that their JavaScript code with HTTPS implementation contributed to the slower load time.  I got the website loading in under 3 seconds, but prior to HTTPS the site was loading in under 1 second (from certain locations).  I could probably speed this up by using Cloudflare plus a CDN, but right now I’m using just Cloudflare.
  5. Potential website errors: Another major reason I didn’t want to switch my website from HTTP to HTTPS is due to potential website errors. In other words, I didn’t want to break my site in the process and/or end up with mixed content errors.  Let’s face it, I’m not a technical coder and probably wouldn’t be able to fix things on my own.  Yes, I could’ve hired my coding guy to help, but I was afraid that even he would be swamped with hours of troubleshooting after the conversion.  Thankfully I experienced just 1 error after the conversion and there was a simple fix: updating one piece of code in my sidebar.  The horror stories suggesting that “many things will go wrong” didn’t apply in my case.
  6. Buying the correct SSL certificate: Forking up some money for an SSL certificate isn’t a big deal, however, I wasn’t sure if the certificate I was buying would be what Google wanted. Thankfully the certificate I purchased was a 2048-bit key and is exactly what Google wants.  Yes, there are even better certificates for large brands and web stores, however, the one I purchased was plenty good to enhance security on a standard non-store type website.

Why I’m glad I finally switched from HTTP to HTTPS

Reflecting on the process, I will say that (in my case), switching my website from HTTP to HTTPS was much easier than I thought.  Perhaps I lucked out?  Or perhaps I just did things correctly?  Or maybe it was a combination of luck and doing things correctly – who knows.  In any regard, my list of fears associated with the conversion process were largely unjustified.  Now that I’ve made the conversion, there are a myriad of reasons as to why I’m glad I did, including: better security and potential ranking improvements.

  1. Browsing security: Switching your website from HTTP to HTTPS will increase browsing security for my website visitors. Although I don’t really collect personal information on the site, there are a few forms in which someone might enter something personal.  If a third-party were to infiltrate their browsing on the HTTP version of my domain, some information could be intercepted.  Now that I’ve updated the site to HTTPS, there’s a much lower likelihood of information being intercepted by third parties.
  2. Potential ranking improvement: Apparently Google is giving sites with HTTPS a ranking boost over sites that have HTTP. The HTTPS rankings boost isn’t guaranteed and probably isn’t significant, but it’s still a boost nonetheless.  In other words, all else being equal between your website (using HTTPS) and another website (using HTTP), you’ll probably outrank the HTTP site.  Thus far I haven’t analyzed my traffic closely enough to determine if the website I converted got boosted in the search engines as a result of the conversion.  That said, on many pages of my site that Google has crawled and updated with the new HTTPS URLs, there were zero drops in traffic (this is a great sign).  I’m looking forward to seeing whether my traffic jumps up in forthcoming months as a result of the HTTPS conversion.
  3. It wasn’t that difficult: The final reason I’m finally glad I switched from HTTP to HTTPS is that it wasn’t difficult – at all. I planned the day that I was going to make the conversion (this past Saturday) and knocked it out the park in less than 2 hours.  When I finally finished the conversion I was in awe by the fact that it really wasn’t as difficult as I had imagined and/or feared.  My fear of the conversion was merely the Dan Pena acronym for FEAR (false expectations appearing real).

Have you converted your website from HTTP to HTTPS?

If you’ve converted your website from HTTP to HTTPS, I’d like if you shared a comment mentioning whether the conversion was a difficult, painstaking process – or if the conversion ended up being much easier than expected (like my case).  If you haven’t yet converted your website from HTTP to HTTPS, are there any reasons as to why you haven’t made the switch?

I know how reluctant I was to finally make the change, but I also know that the conversion was much easier to perform than initially expected.  If you liked this article and/or read through it, I’d appreciate you answering some questions I’ve listed below in the comments section.

  • If you haven’t converted from HTTP to HTTPS
    • Why haven’t you made the conversion?
  • If you have converted your website from HTTP to HTTPS
    • Was it difficult converting your website from HTTP to HTTPS?
    • How long did it take you to convert your site to HTTPS and fix errors?
    • Did you end up with mixed content warnings after the conversion?
  • If you followed the tutorial that I’ve provided
    • Did you find it easy to follow?
    • Are there any additional steps you’d recommend that I failed to mention?

Related Posts:

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.