Editors note (7/29/2015): In this post the term “Webmasters Tools” is used to describe what Google now calls the “Search Console”. While the name of the interface has changed, the functioning hasn’t.
Last week Google announced that the use of HTTPS or SSL security certificates will be added to their long list of ranking factors. How much influence will using SSL certificates have on rankings? Who knows. But because Google has formally stated that this is in fact a ranking factor, it now should be considered an important step in improving rankings and traffic. However, in order to implement this change for existing web sites, webmasters will need to change the fundamental URL structure. This in itself can be a dangerous procedure when it comes to SEO. If URLs are not redirected correctly they can be come de-indexed, or negative signals can be created.
Therefore, in this post I will go through the steps required to successfully redirect all of a domain’s URLs to HTTPS. However, before we begin you should understand that this guide is only intended for web sites hosted on Apache servers. Also if you are already working with an SEO or have a web developer, you should consult with them prior to making the changes suggested in this article. Every site is unique and what I mention in this article may not be the best course of action for everyone.
Contents:
- Buy a SSL Certificate
- Edit HTACCESS For 301 Redirection
- Edit WordPress Or Other CMS Settings
- Add HTTPS To Webmaster Tools
- Add HTTPS To Google Analytics
1) Buy a SSL Certificate
A SSL certificate is needed to verify the authenticity of the secure connection. You can purchase one from most domain registers or your hosting company. I would recommend using your hosting company because they are likely able to help install it for free.
2) Edit HTACCESS For 301 Redirection
If you aren’t familiar with editing htaccess files, then you probably shouldn’t do it. Every htaccess file is unique and adding something in the wrong location can shut down an entire web server very quickly. therefore if you are not comfortable with this section then you should probably hire a web developer to do this part for you. Or you can always use a plugin or GUI provided by your hosting company to manage this file. Either way, proceed with caution.
Essentially what we need to do with this first step is to tell the web server that we would like any request that does not include a “https” at the beginning to be redirected via a 301 http status code to the corresponding URL that does have a https at the beginning. Because this redirection command will be “domain wide” and not based on individual URLs, we can use a simple regular expression to make these redirections all at once.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
As you can see on line 3 of the above code, the regular expression is relatively simple. However, it is very important that you adhere to your preferred domain structure. This mostly means that if your current URLs contain a “www” at the beginning, then it should also contain it in this directive. If your current URLs do not contain a “www”, then the domain in the above directive should not either.
3) Edit WordPress Or Other CMS Settings
If you finished the last step successfully then all of the non-https URLs should be redirecting correctly. This is awesome! 🙂 However, now you should make sure that existing internal links, and future internal links are pointing towards the https version of the site. This might seem like a low priority now that the URLs are redirecting anyways, but historically the SEO community has believed that the least amount of internal redirects is better. This is especially true if you have a large site that includes the same internal links on every page (like a main menu).
In WordPress this task is simple. All you have to do is login to your WordPress admin interface and visit the general settings panel at: /wp-admin/options-general.php Once at the right page edit the “WordPress Address” and “Site Address” fields to include “https” at the beginning.
Other content management systems should have similar settings pages that should allow you to make the same changes.
4) Add HTTPS To Webmaster Tools
You should already have your site integrated into Webmaster Tools. However, now you will need to also add the https version as well. To do this, you will need to add the site as if it were a new site.
Like all new sites you will need to verify the https version as well. After you have added the https version successfully, you should keep the Webmasters Tools account for the non-https version in place to monitor how Google is handling the redirects and the future indexation of the site.
5) Add HTTPS To Google Analytics
Unlike Webmaster Tools, you shouldn’t need to setup a new profile for https. Instead login to your existing account and go the “Profile Settings” under the Admin link at the top menu. On this page you should see a bunch of settings that are unique to the domain. You can select the https version from the drop down box like so:
After selecting https from this drop down menu, you can save the settings.
Monitor Closely
At this point you are finished. However you should continue to monitor Webmaster Tools and Google Analytics on a regular basis to verify that you aren’t loosing traffic or rankings.
Richard says:
So you do not need to build redirects for every single URL? What about link juice from your backlinks? And social media links back to your site? Is the 301 redirect a blanket for every URL both internal links and external back links?
Joe Hall says:
The redirect provided is a blanket redirect that should redirect every URL.
Kathy says:
This is a really informative article — I’m going through the steps and have the forced redirection done (by my hosting company, thankfully). Before I change the website URL in the General Options section, is there any risk that this will “break my site”?