Michael O'Neill

In 2022, Capterra conducted a study of over 1000 customers who shop online once a month or more and their comfort level with data privacy. They found that 63% of Aussies are nervous about sharing their personal information. With an increase in cybersecurity attacks and big box companies falling victim and losing customer data, shoppers are on high alert regarding their online privacy.

In 2014, Google announced its intent to make the internet more secure. To do so, it moved its Google domain-specific websites over to HTTPS with the goal of forcing other sites to do the same.

Default HTTPS protocol worldwide has steadily grown since then and is now at 81.7% as of early 2023. Meaning, we’ve reached a promising tipping point for global internet security. It also means that sites that don’t currently utilise HTTPS gain the reputation of unreliability and lax customer privacy standards.

For marketers, converting from HTTP to HTTPS is a business decision that impacts every user (and prospect) that comes to your site. So make the switch now, mate.

No woz — we know that change can be intimidating. But understanding how to convert HTTP to HTTPS is a smart digital marketing move that will benefit you in the long run. We’ll cover everything you need to know, step by step:

  1. Buy an SSL Certificate.
  2. Install an SSL Certificate on Your Web Hosting Account.
  3. Ensure Internal Links Direct to HTTPS.
  4. Set Up 301 Redirects.
How to convert http to https infographic

Terms to Know

Making the HTTPS conversion starts with familiarising yourself with the standard lingo. To navigate the transition from HTTP to HTTPS, let’s walk through the key terms to know:

  • HTTP (Hypertext Transfer Protocol) — The foundation of online communication (how information is sent from a server to a browser).
  • HTTPS (Hypertext Transfer Protocol Secure) — HTTP but within an encrypted layer of security.
  • Encryption — Encoding information so it’s only accessible by authorised parties.
  • SSL (Secure Sockets Layer) — Technology protocol that creates encrypted communication links between servers and browsers.
  • SSL Certificate — Data files that encrypt digital information and activate secure connections when installed on web servers.
  • DNS (Domain Name Servers) — Directory of domain names that are translated to IP addresses.

What’s the Difference Between HTTP and HTTPS?

At the basic level, HTTPS is HTTP but with encryption enablement. HTTPS uses TLS, or Transport Layer Security, which is designed to protect communications within a computer’s network. It’s the type of security protocol that is used in email and text messaging. Secure Sockets Layer (SSL certificate) was the standard, but in conjunction with TLS, HTTPS is more secure.

Why the Change?

The three primary reasons Google has pioneered the push toward HTTPS are encryption, data integrity and authentication.

By making online information encrypted and authentic, sites contain a higher level of integrity. Google rewards sites with integrity, as they have proven to be more valuable to searchers and are more likely to serve relevant content that is free from errors or potentially suspicious activity.

Just as you wouldn’t purchase items from shady online stores, you wouldn’t hand over your personal information to websites that don’t convert to HTTPS. And it’s very clear to see who has made the switch and who hasn’t.

Google Chrome defaults to showing “Secure” and a green padlock as well as clearly labelling “HTTPS” before a URL. You know this site is good to go.

http to https brafton

On the other hand, we see the URL below does not contain these security features and instead has an “i,” which provides information on why this domain is not secure.

http to https example

For unsecure sites, Google sends you to this page for more support:

to check a site's security google

For sites that have even greater security flaws, the red warning triangle appears in front of the URL.

Importance of Updating to HTTPS

Some cyber experts have taken to calling these designations “security-shaming.” Google has, in effect, security-shamed sites to switch to HTTPS or else risk the Scarlet Letter of insecurity.

An unsecured HTTP site will likely be ranked lower than one that’s secured with HTTPS, all other factors withstanding. This shift prioritises HTTPS over SEO conversion. That’s because Google provides a rankings boost to HTTPS sites but only does so if the content is relevant.

An HTTPS version of a site, however, can not only carry on with marketing best practices like it always has, but it’ll continue to rank and generate organic traffic once the HTTP has been upgraded to HTTPS. 

Easy 4-Step Process

HTTPS redirection is simple. For safer data and a secure connection, here’s what you need to do to redirect a URL.

1. Buy an SSL Certificate

SSL Certificates help ensure that any third party trying to hack your network is kept from intercepting information.

Tip: It’s best to buy an SSL Certificate directly from your hosting company as they can ensure it is activated and installed correctly on your server.

2. Install SSL Certificate on Your Web Hosting Account

Have your hosting company install the SSL Certificate. If you purchased from a third party, you’ll have to import the certificate into the hosting environment, which can be quite tricky without support. A simple SSL plugin can ease the transition.

Tip: Use secure File Transfer Protocols (FTPs) when transferring large files. FTPs are the default when migrating information, but they don’t protect your data from hackers. 

If you’re in the process of making the switch from HTTP to HTTPS, check out this list of the top 10 best web hosting Australian services.

3. Double-Check Internal Linking is Switched to HTTPS

Before going live with the conversion, ensure every website link (internal) has the proper HTTPS URL. Going live with links that mix HTTP and HTTPS will confuse readers, impact SEO and cause some page features to load improperly. Following HTTPS protocol is essential to the success of your conversion.

Hard-coded links will require a full sweep of all of the links within your website. If you have an exact list of links within your website, this will help a lot. If you don’t, it may be helpful to utilise third-party software for your migration to HTTPS so you don’t miss any pages.

Tip: It’s always recommended to backup your server to a safe space while migrating or updating anything.

4. Set Up 301 Redirects So Search Engines Are Notified

Through a CMS plugin, you can automatically redirect all server traffic to the new secure HTTPS protocol. Sites that don’t use a CMS will need to be updated manually. 301 redirects alert search engines that a change to your site has occurred and that they will need to index your site under the new protocol. Users who had previously bookmarked your site under the old unsecured protocol will now be routed to the proper secure URL.

Your dev team could support the security migration by implementing .htaccess into the data script. The dot before .htaccess ensures that whatever file it’s attached to is hidden under Unix-based environments. If you’ve conducted URL redirects or link shortening, you’ve defo used .htaccess.

In addition to providing server-to-browser security, activating and installing SSL certificates improves organic rankings, builds trust and increases conversion rates.

Tip: At the end of your migration, it’s important to do a site audit. Use website crawler software that can ensure all of your pages have converted to HTTPS properly without broken links. 

Troubleshooting and Hosting Concerns

Though it may be an easy process for an experienced developer, the average marketer with little tech support can run into a few problems. If you’re taking on the HTTPS redirect for the first time, here are a few key things to know in advance:

Shared Hosting Solutions Can Make Conversion Difficult

GoDaddy, Cloudways, DreamHost and other shared hosting models require a dedicated IP for SSLs. As such, if you’re changing your IP in the process of converting to HTTPS, your DNS records may need to be updated accordingly and your hosting provider will need to be much more involved in the conversion process.

Confusion With CMS or Lack Thereof

Sites on CMS platforms like WordPress HTTPS or Joomla often have modules or plugins that can successfully convert protocols. However, assets on the site that aren’t uploaded to those platforms may still be directing traffic to unsecured connections. Further, sites that are custom-built without a CMS will either need a third party to oversee the entire manual updating to secure protocols or will need to transition to a CMS with a plugin.

Each option is different. Marketers that have the same company’s experience with an HTTPS conversion will likely only get so far before needing assistance.

Third-Party Resources Accessing Insecure Assets

Some third-party resources not only host assets on secure URLs but also separately on other servers depending on location. Other third parties may still be attempting to access unsecured assets (those that weren’t originally directed to HTTPS during the conversion process), thus creating a convoluted web of source traffic and routing.

Updating Search Console Is a Must

Marketers will need to ensure they submit a new sitemap from their secure URL to Google Search Console. Because Search Console views secured and unsecured sites as different properties, any protocol conversion is incomplete without your backend being able to properly track, store and measure data.

A new sitemap entry keeps your site analytics running smoothly.

HTTPS Is Great Branding

Today’s branding is all about trust. Not just in your product or your company name but in your responsibility to customers’ privacy and your technological capabilities.

An unsecured HTTP in front of your URL is essentially the same as still having a Myspace account: It clearly shows site users that you’re outdated, unserious about the future and grossly out of step with the latest security demands. You’re practically begging cybercriminals to hack your site and steal customer data, which is a huge turning point for your customers and their willingness to keep browsing your website.

HTTPS redirection is the next step to showing consumers that you’re serious about making improvements for a better consumer experience.

These are great attributes to have attached to your brand.

So don’t think of HTTPS as another tech update — it’s a full-scale business refresh.

Editor’s Note: Updated February 2023.