Adding an SSL: HTTP To HTTPS Migration Guide [2023]

When Google decided to offer a secured environment to its visitors, it took advantage of an encryption-based security protocol for enhancing internet and web security. 

This encryption-based security protocol is none other than an SSL (Secure Socket Layers) certificate. Google announced that this encryption-based security protocol is compulsory for search engine visibility and gaining a higher SEO (Search Engine Optimisation) rank.

What is an SSL certificate?

An SSL certificate is a digital security certificate that ensures data privacy, integrity, and authentication when installed on a website. Using cryptographic algorithms, it secures all the data exchanges between the user’s browser and the web server with robust 256-bit encryption technology.

In the modern world, the SSL has been renamed to TLS (Transport Layers Security) certificate.


When an SSL certificate is installed on a website, it turns the HTTP (hypertext transfer protocol) into HTTPS (hypertext transfer protocol secure). This visibility of HTTPS in the address bar and a tiny padlock in the URL are symbols of a secured connection.

SSL certificate can be many types from reputed SSL brands like RapidSSL certificate, Comodo SSL Certificate, GeoTrust SSL certificate, Thawte SSL certificate, etc. A site owner can choose any of these SSL certs and secure the website.


When the padlock is clicked, it shows “Secure Connection,” whereas, in the case of unsecured sites, there is an exclamation mark in a circle. When it is clicked, it shows “Connection is Not Secure”.

Importance of SSL:

By securing all the data communications between the server and the browser, SSL certificates prevent intruder entries into the network.

It also prevents cyber-criminals from misusing data because even if they gain access to the data, it’s in encrypted (coded) format and can’t be decrypted (decoded) without the private key (decryption key).

Securing client-server communications, enhancing customer trust, complying with PCI (Payment Card Industry) standards, and helping in getting better SEO rankings are the most prominent benefits of using an SSL certificate.

How to Migrate from HTTP to HTTPS?

Warning: Many factors must be considered and taken care of while migrating your site from HTTP to HTTPS. Adding an SSL certificate is enough for HTTPS migration; if the same is not configured correctly, it can impact your SEO and site visibility.

Only site backup is insufficient since you mess with URLs indexed by Google. This migration guide is specifically for those who are ignorant about the process.

Migration Process:

  1. Acquire an SSL Certificate:

The foremost step in the process is to acquire an SSL certificate. There are ample cheap SSL certificate providers who can be approached for purchasing an SSL certificate. Once you have bought it, install the same on your website.

All the SSL certificates offer the same encryption security.

  • The basic SSL comprises Domain SSL wherein the domain name is secured.
  • The organization’s SSL requires robust verification of the company and domain name.
  • The extended validation SSL also involves a thorough verification process and is more expensive than the previous two.

Hence, Domain SSL are quickly issued, whereas the other two take a couple of days since verification of documents and locations is involved.

  1. Install the SSL Certificate:
  • Login to the cPanel and go to the Security section.
  • Click on SSL/TLS and later go to “Install and Manage SSL for your site (HTTPS)”


  • Click on “Certificate Details”.
  • Go down and click “Install an SSL Website”
  • Select your domain name from the dropdown menu and click Autofill by Domain.

  • You will receive a message stating that the certificate field is completed.



  1. Backup your Site:

Migration of your HTTP website to HTTPS is a significant change; hence, a complete site backup is essential to prevent data loss. You can also check out your hosting company and see if it offers backup services for securing your data or not.

  1. Change Site’s HTTP links to HTTPS:

While making your final move to make your site HTTPS, all the internal site links must be updated to HTTPS. If some links are pending, your browser may display an error.

Changing site links to a secured protocol depend on the website’s size. If only a few pages are involved, then the same can be done manually. But, if the site size is huge, i.e., it involves thousands of pages, an automatic process by installing a plugin for the same is preferred.

Example: Migrate Guru is a WP plugin that helps in the quick migration of WordPress sites.


  • Login to your Admin panel, and click on Settings > General.


  • Change the URL values of the WP address and Site Address to https.
  • Later, Save the changes.


  1. Take Care of External Links:

Ensure that all the external links, i.e., links of social media accounts connected to the website, are updated to https. In short, ensure that all HTTP traffic of your site is redirected to https.

  1. Create 301 Redirects:

301 Redirects are used in case of permanent redirecting of URLs. Since your site URLs are permanently shifting from HTTP to HTTPS, create 301 redirects so that all the hundreds and thousands of internal, external, and backlinks are automatically redirected to the secured protocol.

Creating a 301 redirect varies from server to server.


In the case of Apache, an update of the htaccess file is needed, whereas if your site is on the Nginx server, then the Nginx Config File needs to be updated. For Windows, update the web.config file.

  1. Fix Mixed Content Errors:

In many cases, even though an SSL certificate is installed on the website, the padlock is not visible, and the site owner sees an exclamation mark. This is a Mixed Content Error.

This error is visible when some site content is loaded on HTTP, whereas some on HTTPS. To fix this error, ensure all the site content is loaded on HTTPS. You can Google to know the process to eliminate this error warning.

  1. Add your HTTPS Site to Google Webmaster:

To make your site foolproof, get it registered in Google Webmaster Tools. Using Google Webmaster tools helps you detect bugs and missed defects of your site. It also helps in better optimization of the same.

In short, the Google Webmaster tool is a helpful platform for site owners to know how their site interacts with Google.


  • Sign in Google Webmaster account.
  • Since only HTTP and www are seen in the above image, click “Add A Property”.
  • Fill in your site’s address, and click “Add”
  • Click the Alternate Methods tab and select your method. I prefer the HTML upload method wherein a file after the download is placed in the /public_html file located on the site’s server.
  • Later tick “I’m not a robot” and click “Verify.
  • You will receive a message stating that the site ownership is verified.
  • Perform the same process for the site’s HTTPS version, but ensure the delete the “www” in each site address. Also, ensure that your site’s address which is registered in Google’s Search Console consists of both www and non-www URLs.
  • Later click “Search Console” to view the overview page comprising the list of domains registered on Google Webmaster.


Below is an image of how your site will be shown in Google Webmaster listings.

Both the HTTP and https versions, with and without www are listed.

The migration process is now complete.

Wrapping Up:

The migration process from a non-secured protocol (HTTP) to a secured protocol (https) needs to be carried out sooner or later. So rather than postponing the same, go through the above-stated guide which will help you in carrying out the same smoothly.

If your site is on WordPress, you can use the Simple SSL plugin, which automatically detects your site settings and configures the same for running over the HTTPS version.

In case you are still having doubts about the process and its functionalities, kindly hire an SEO expert or a computer technician who can guide and help you in migrating your site on a secured protocol.

I am a computer engineer holding a bachelor's degree in Computer Science, complemented by a Master's in Business Administration from University of Strathclyde, Scotland. I currently work as a Senior IT Consultant in Melbourne, Australia. With over 15 years of...