How do I convert my website to https?

Since the first publication of this popular HTTPS Blog by Elevated in 2014, most important browsers have increased restrictions and public disgrace on unsecured websites. In July 2018, Google confirmed that all non-HTTPS sites viewed in Chrome would be branded as’ Not secure.’ In order to help you navigate this, we have refreshed the following article and added a handy downloadable list for ease of reference: Elevated’s Essential HTTPS Conversion Checklist Where it all began… Sites converting to SSL sites were shown as https:\\elevated.com vs http:\elevated.com. Why is it important? This additional security layer prevents unwanted access to data collected from your site as it is transmitted.

This protocol now needs Stick Google, Safari, Firefox and many other popular browsers for better rankings, geo-location, credit card data entry and more. The https safety protocol also protects your site from unwanted ad injections that place intrusive, ugly, uninvited advertisements on your visitors that may contain a malware.

This is how the rest of the story is going to be played by Google in October 2018: “In the end, our goal is to make sure the only tags you see in Chrome are when a site isn’t secure and that the default unmarked state is secure. This will be completed over time, beginning with the removal of the wording “Secure” in September 2018. And in October 2018, we will begin to display a red warning “not secure” when users enter data on HTTP pages.

This is a relief from a developer’s point of view. I’m glad that Google still pushes HTTPS and I’m glad that HTTP connections go on disappearing.

Let’s take a look at some steps for making the move to a safe website setup: Get ready to buy the SSL Certificate Configure hosting with SSL Certificate Change all HTTPS 301 website links or consider HSTS Conclusion

Step 1: Get ready

Consider the task as a whole before setting any money on an SSL Certificate and changing your website.

Is it ready for sales?

If you run a seasonal site, it is not recommended to timeline the HTTPS conversion at peak times. It is intelligent to expect downtime, so that you are ready to do it during an off-time day and during a sales cycle.

Is it ready for your host?

Make sure the host is able to provide an HTTPS website before you spend any money or configure your site. Some hosts may have additional configuration and should help you with this.

Is your team prepared?

Make sure that everyone involved in the switch is informed that the website is being maintained— sales teams, the website developers you might need help or work with and visitors. Communication is a long way away.

Are you ready? The process takes time and a lot of work simultaneously. When you begin this process of changing links and setting up redirects, it may be difficult to reverse everything quickly and usually the best way is to go ahead. Therefore, be prepared to monitor the website and be available for problems. And you might not start this task at 3 p.m. on a Friday — this is not the task.

Step 2: Purchase an SSL Certificate

This is the fastest of all steps. Website hosts generally sell SSL certificates and even configure most of them for you— Nexcess is a good example of it. About the cheapest certificate can be obtained at $10. You must know the address of your websites and the difference between www.example.com and example.com—Don’t assume that both have a standard SSL Certificate! The priest certificates of Wild Card cover both but may not be necessary for your setup. If you think your website needs a special type of SSL certificate, consult a professional company you believe in, but this is a relatively rare requirement. See our HTTPS Conversion Checklist for more information about various types of SSLs.

A quick note on SSL pricer certificates, in particular “Extended” types: some show a green lock in the address bar, see bellow: the green lock may somehow boost sales, but it is hard to say. Increased sales or not, now you know why certain sites appear green like that.

Step 3: Configure SSL Certificate Hosting

If your web host doesn’t establish an SSL Certificate for you, the seller generates keys and pastes them into the host control panel of the web site. Keep in mind the fields and ask for support if necessary — part of your hosting costs pay for your assistance in these situations.

Once your website is properly configured, no more messages will be displayed warning of invalid certificates when you visit HTTPS pages. You may need to clear your cache (not use only a private browsing window) in full to view these changes — when in doubt, ask someone to visit the Website’s HTTPS page that you’ve never visited before. Also, you may be redirected to the HTTP site if you have not configured the actual website to be HTTPS friendly. Each website host is somewhat different–some of them have a completely separate HTTPS folder–so be open when you set up things.

Step 4: Change all website links to HTTPS

All these years of listening people say “use relative links” and “never code your links hard.””Will come into play (and now you can say it too and feel well knowing why). Here is also why it saves time by using a Content Management System (CMS). You will start to fix any links that are generated by non-CMS to how they should be: find all website links that are not generated by a CMS. This includes links to a CDN, pages links, pictures, JavaScript or whatever your website uses.

Change to relative link paths: If the link is “http:/www.example.com/link” rather than”/link “— these links are still workable for the HTTP site, despite you’re not being ready to switch everything to HTPS. Make sure the first”/” links start, otherwise you will have problems. Stumped? Stumped? Let’s talk about it.

Test it out: Refresh your browser and the website cache, then go to the page on which the link is linked and click it. To ensure that this works on an HTTP or HTTPS Website, you can test it as a test either way.

Change connections generated by CMS: this varies between platforms. Here is how to do it on regular installs in Magento and WordPress. It is advisable to check support forums for any other tips if you have any caching plugins or extensions. You may need to consult their documentation for other CMS platforms.

Look through your CMS pages, posts, static blocks (for Magento), template files, and other for unsuitable update links. Some links are generated by your CMS, but the wrong URL can be generated.

For instance, if a URL on the Magento CMS editor is”{{} secure base url}} example.html,” it should be a relative connection such as “/example.html” The next step for Magento users is: log in to the backend and go to System-> Configure-> Web-> Secure to cheque for correct configuration. Essentially, you will need to change the website URL, add code in your administrative area to force HTTPS, and possibly install this plug-in. Because the WordPress website varies so much in their caching plugins, look for assistance from the documents of your plugin.

Look for errors: Hopefully at this point, all your links and linked files have been changed into HTTPS, but it’s fortunate to try them all first. Therefore, one way to find them is to visit your website. See Chrome / Safari / Firefox for your website, right click an item, and click Inspect element. Element. From there, look for errors in the Console: if HTTP-related files are incorrect, an error is generated for each file. Another way to look for HTTP links is to pull a “HTTP” source code and look for something… hoping nothing will be found and your work will be complete. Mixed content (pesky browser warnings) can harm your experience and hurt your SEO rankings.

Step 5: 301 redirects from HTTP to HTTPS or considers HSTS

To redirect all incoming traffic to Apache-based sites, e.g. from old Google links or dated links on other sites, redirecting for all HTTP requests can be easily accomplished. Here is a number in your.htaccess file: RewriteEngine On RewriteCond percent{ HTTPS} off RewriteRule.(*) https:/%{ HTTP HOST}%{ REQUEST URI}[ R=301,L] Once there your website remains operational and your site has any requests redirected to an HTTPS URL.

If you are the one who wants to be on the frontlines of technology and does not worry about affecting a few users, HTTP Strict Transportation Security (HSTS) is for you. A guide with setup steps can be found here. HSTS is a way of forcing all connections to be HTTPS — essentially, but standardized, in the same way as the redirect above. Internet Explorer has unfortunately not yet implemented a solution, but most other browsers are already up to speed. HSTS is likely to be the standard for reputable websites in future.

Was this article helpful?

Leave a Reply

Your email address will not be published. Required fields are marked *