As if the world of content marketing needs more acronyms, we’re now faced with the real-world dilemma of HTTP and HTTPS. 

In 2014, Google announced its intent to make the internet more secure. To do so, it moved its Google domain-specific websites over to HTTPS with the goal of forcing other sites to do the same.

As of summer 2017, the volume of encrypted traffic surpassed the volume of unencrypted traffic, meaning we’ve reached a promising tipping point for global internet security. It also means that sites that do not currently utilize HTTPS gain the reputation of unreliability and lax customer privacy standards.

For marketers, converting from HTTP to HTTPS is a business decision that impacts every user (prospect) that comes to your site. So make the switch now.

Don’t fret — we know that change can be intimidating. But understanding how to convert http to https is a smart digital marketing move that will benefit you in the long-run. In this article, we’ll cover everything you need to know, step by step:

  1. Buy an SSL Certificate.
  2. Install an SSL Certificate on Your Web Hosting Account.
  3. Ensure Internal Links Direct to HTTPS.
  4. Set Up 301 Redirects.
How to convert http to https infographic

Terms to Know

Making the HTTPS conversion starts with familiarizing yourself with the standard lingo. To navigate the transition from HTTP to HTTPS, let’s walk through the key terms to know:

  • HTTP (Hypertext Transfer Protocol) — The foundation of online communication (how information is sent from a server to a browser).
  • HTTPS (Hypertext Transfer Protocol Secure) — HTTP but within an encrypted layer of security.
  • Encryption — Encoding information so it’s only accessible by authorized parties.
  • SSL (Secure Sockets Layer)Technology protocol that creates encrypted communication links between servers and browsers.
  • SSL Certificate — Data files that encrypt digital information and activate secure connections when installed on web servers.
  • DNS (Domain Name Servers) — Directory of domain names that are translated to IP addresses.

Why the Change?

The three primary reasons Google has pioneered the push toward HTTPS are encryption, data integrity and authentication.

By making online information encrypted and authentic, sites contain a higher level of integrity. Google rewards sites with integrity, as they have proven to be more valuable to searchers and are more likely to serve relevant content that is free from errors or potentially suspicious activity.

Just as you wouldn’t purchase items from shady online stores, you wouldn’t hand over your personal information to websites that don’t convert to HTTPS. And it’s very clear to see who has made the switch and who hasn’t.

Google Chrome defaults to showing “Secure” and a green padlock as well as clearly labeling “https” before a URL. We know this site is good to go.

Brafton HTTPS

On the other hand, we see the URL below does not contain these security features and instead has an “i,” which provides information on why this domain is not secure.

Imagination HTTP

For unsecure sites, Google sends you to this page for more support:

Google site security

For sites that have even greater security flaws, the red warning triangle appears in front of the URL.

Some cyberexperts have taken to calling these designations “security-shaming.” Google has in effect security-shamed sites to switch to HTTPS or else risk the Scarlet Letter of insecurity.

An unsecured HTTP site will likely be ranked lower than one that’s secured with HTTPS, all other factors withstanding, so SEO cannot really be discussed until after an HTTPS conversion. That’s because Google provides a rankings boost to HTTPS sites but only does so if the content itself is relevant.

Easy 4-Step Process

HTTPS redirection is simple. For safer data and secure connection, here’s what you need to do to redirect a URL.

1. Buy an SSL Certificate

It’s best to buy an SSL Certificate directly from your hosting company as they can ensure it is activated and installed correctly on your server.

2. Install SSL Certificate on Your Web Hosting Account

Have your hosting company install the SSL Certificate. If you purchased from a third party, you’ll have to import the certificate into the hosting environment, which can be quite tricky without support. A simple SSL plugin can ease the transition.

3. Double-Check Internal Linking is Switched to HTTPS

Before going live with the conversion, ensure every website link (internal) has the proper HTTPS URL. Going live with links that mix HTTP and HTTPS will confuse readers, impact SEO and cause some page features to load improperly. Following this proper HTTPS protocol is essential to the success of your conversion.

4. Set Up 301 Redirects So Search Engines Are Notified

Through a CMS plugin, you can automatically redirect all server traffic to the new secure HTTPS protocol. Sites that don’t use a CMS will need to be updated manually. 301 redirects alert search engines that a change to your site has occurred and that they will need to index your site under the new protocol. Users who had previously bookmarked your site under the old unsecure protocol will now be routed to the proper secure URL.

In addition to providing server-to-browser security, activating and installing SSL certificates improves organic rankings, builds trust and increases conversion rates.

Troubleshooting and Hosting Concerns

Though it may be an easy process for an experienced developer, the average marketer with little tech support can run into a few problems. If you’re taking on the HTTPS redirect for the first time, here are a few key things to know in advance:

Shared Hosting Solutions Can Make Conversion Difficult

GoDaddy, Bluehost, HostGator and other shared hosting models require a dedicated IP for SSLs. As such, if you’re changing your IP in the process of converting to HTTPS, your DNS records may need to be updated accordingly and your hosting provider will need to be much more involved in the conversion process.

Confusion With CMS or Lack Thereof

Sites on CMS platforms like WordPress or Joomla often have modules or plugins that can successfully convert protocols, though assets on the site that aren’t uploaded to those platforms may still be directing traffic to unsecured connections. Further, sites that are custom built without a CMS will either need a third party to oversee the entire manual updating to secure protocols or will need to transition to a CMS with a plugin.

Each option is different, so marketers believing one company’s experience with an HTTPS conversion will be the same as theirs will likely only get so far before needing assistance.

Third-Party Resources Accessing Insecure Assets

Some third-party resources not only host assets on secure URLs but also separately on other servers depending on location. Other third parties may still be attempting to access unsecured assets (those that weren’t originally directed to HTTPS during the conversion process), thus creating a convoluted web of source traffic and routing.

Updating Search Console Is a Must

Marketers will need to ensure they submit a new sitemap from their secure URL to Google Search Console. Because Search Console views secured and unsecured sites as different properties, any protocol conversion is incomplete without your backend being able to properly track, store and measure data.

A new sitemap entry keeps your site analytics running smoothly.

HTTPS Is Great Branding

Today’s branding is all about trust. Not just in your product or your company name but in your responsibility to customers’ privacy and your technological capabilities.

An unsecured HTTP in front of your URL is essentially the same as still having an AOL email address or a Myspace account: It clearly shows site users that you’re outdated, unserious about the future and grossly out of step with the latest security demands. You’re practically begging cybercriminals to hack your site and steal customer data, which is a huge turning point for your customers and their willingness to keep browsing your website.

HTTPS is the exact opposite. It’s the Tesla of security protocols, the verified blue checkmark of domains. It means your site is authentic and has integrity — just as Google intended nearly years ago. HTTPS redirection is the next step to showing consumers that you’re serious about making improvements for a better consumer experience.

These are great attributes to have attached to your brand.

So don’t think of HTTPS as another tech update — it’s a full-scale business refresh.

Editor’s Note: Updated December 2021.

Mike O'Neill is a writer, editor and content manager in Chicago. When he's not keeping a close eye on Brafton's editorial content, he's auditioning to narrate the next Ken Burns documentary. All buzzwords are his own.