This post was originally made on the 4Ps Marketing Knowledge Base.
If you weren’t sure about the pros outweighing the cons of migrating to HTTPS when Google first announced their SEO boost to secure sites back in 2014 then nobody would have blamed you for being cautious. Now, however, I’ve officially updated my recommendation to advise all brands to migrate to HTTPS for reasons that go far beyond just SEO considerations.
HTTPS Migration Checklist
- Get your certificate, install and ensure it is configured properly by using a test server first.
- Using the test server, ensure that all HTTP to HTTPS 301 redirects are implemented correctly.
- This should be a server/CDN level rule.
- Do not make use of canonicals to indicate the HTTP version – the HTTPS URLs should be the only ones that are accessible.
- Do not just 301 your entire HTTP site to the new HTTPS homepage – this can cause drastic organic visibility drops.
- Ensure server settings are forcing HTTPS URLs using a 301 – don’t play about with things like trying to block HTTP URL versions or anything similarly complex.
- Update/check all ad codes, analytics, social sharing and other external plugins to ensure they are compliant and will support your new HTTPS URLs.
- Update all internal links, XML sitemaps, canonicals, structured markup and your internal site search to the HTTPS versions of URLs.
- Everything check out okay? Right, you’re ready to deploy from the test server to your live environment!
Next you need to monitor and measure carefully.
- Validate your new HTTPS site version in Google Search Console/Bing WMT but also keep the old HTTP versionvalidated so that you can monitor impressions/clicks dropoff and transition.
- Consider updating your disavow file if you have one (this is less critical since Penguin 4 but depending on past “activity” you may want to keep your disavows on record).
- Note there is now no need to do a change of address in Search Console/WMT – in fact if you try it you’ll get stuck because Google doesn’t consider HTTP to HTTPS to be one so you won’t be able to select the necessary URLs.
- Keep an eye out for any rogue 404s or broken backlinks in Search Console and other tools – large volumes can indicate a systemic problem with your HTTP to HTTPS 301 implementation, but the odd cheeky one can still crop up and should be mopped up as per normal housekeeping.
- Monitor both analytics traffic and any organic visibility tools like rank samplers carefully so you can pounce on any issues.
- Keep a close eye on your site speed – one of the main issues we’ve seen when migrating to HTTPS is post-launch problems with response times and corresponding performance drops, so consider getting in a specialist monitoring tool or just keep an eagle eye on site speed sampling in Google Analytics.
Congratulations! You’ve now future-proofed your site against Google’s push to the secure web.