How to translate a site to HTTPS: procedure, features of the translation and recommendations of specialists

Many modern sites use the HTTPS protocol as an extension, which allows you to protect information and data about users who visit the Internet resource. Most recently, a massive transition to the HTTPS protocol has begun, which is encouraged by search engines, increasing the ranking of sites. You can find more about how to transfer the site to the HTTPS protocol, as well as recommendations of specialists in this article.

HTTPS protocol

What is the HTTPS protocol? Many have heard of it, but have a misconception about its structure. Back in the 90s, when the Internet was just beginning to spread, a data transfer protocol was developed that allowed computers to download information from a browser. He received the abbreviation HTTP, which can be decrypted as a "hypertext transfer protocol." It is through this mechanism that sites can send hyperlinks to other pages or resources.

How does the HTTP protocol work? For example, you click on a link on a site. The application (browser) generates a request and sends it to the server. The program then processes the user’s request and returns a response back to the client. In this way, data is exchanged between the application (user) and the server. The HTTP protocol makes this exchange possible, but does not perform one important function - it does not protect user information. At the same time, it is on the Internet that people often leave their contact details, disclose personal information and make purchases with credit cards. Attackers can easily intercept this data and use it for personal purposes. That is why HTTPS was developed. In fact, it is the same “initial” protocol, but sends data through special mechanisms that encrypt data in such a way that they cannot be intercepted.

Data is encrypted using SSL (or TSL), which is an improved version of the first mechanism. As a rule, in all browsers, next to the search bar, you can see a small icon that shows whether the site has a digital security certificate or not. If you just went to the site to read news or an article, and the resource does not have a certificate, then this can be relatively safe. But on such sites in no case can you make purchases or enter passwords and other personal data. Therefore, the HTTPS protocol is currently used on all sites related to finance, as well as on government resources, in social networks and search portals, in most online stores. But at the same time, the usual information portals also wonder about how to transfer a site from HTTP to HTTPS. What gives a digital security certificate ?

Why go over?

Why translate a site to HTTPS? The most serious projects switched to the HTTPS protocol at the beginning of the 21st century. But there are still many who "caught the wave" only after 10-15 years. It was during this period that the history of Marlinspike from Iran, which developed utilities for stealing personal data via HTTP, thundered to the whole world. They were called Firesheep and SSL Strip.

To steal data, utilities use protocol spoofing that imitates a security certificate. Thus, by deceiving the program, they copy all the information that passes through the user's browser. The US government, which is seriously concerned about the security situation of its sites, insisted on the mandatory transfer of all government Internet resources to the HTTPS protocol. Although it does not eliminate the likelihood of data theft, it significantly reduces it. Not every country has a programmer who is capable of developing utilities like Marlinspike.

Should I translate the site to HTTPS? To this question, everyone gives himself an answer. Search engines provide many benefits when changing the protocol. Yandex and Google expressly declare that the type of protocol used affects the rating. Although this is not a very serious argument (after all, changing the protocol by only 1% will increase the popularity of your resource), it is better to pay more attention to user security for better ranking.

Most recently, Yandex has stopped updating the issuance, and Google has threatened HTTP supporters with reduced traffic. Nevertheless, there are no laws on the obligation to switch to a secure protocol, so everyone decides on this issue for himself. What are the pros and cons of switching to HTTPS?

Pros and cons of transition

Do I need to translate the site to HTTPS? This question is asked by many programmers. If we summarize all the conclusions, then the unequivocal answer is yes, it is necessary, and as quickly as possible. HTTPS is not only the protection and safety of site visitors, but also the area of ​​the future. Very soon, almost all sites will switch to this protocol, so there is no reason to clutch at the old. Nevertheless, translating a site to HTTPS has a number of disadvantages.

• Many site owners think that when translating their resource to the new protocol, almost nothing changes. But this is fundamentally wrong, as search engines perceive the old site as HTTP and the new one translated to HTTPS as two different sites. In this regard, the ranking changes slightly, there may be a subsidence in traffic. Therefore, experts recommend switching sites to new protocols in the "low season" - in the summer.
• A variety of problems can arise during the site transfer process itself. Some links may become broken, so after the process of changing the protocol, you must carefully check the health of all sections.
• Before moving the site, you need to carry out thorough preparation, and during this process follow the instructions on how to transfer the site to HTTPS.
• Switching to a new protocol may take some time, because, unfortunately, this is not the fastest process. It will be necessary to wait until the search robot again indexes the site.

But despite all the disadvantages, more and more webmasters are switching sites to a secure protocol. What is the reason for this?

• When visiting sites with the HTTP protocol, the browser notifies users that being on this site is not safe. As a result, traffic is reduced, since if there is reason to leave the resource, a person will do it.
• All information of users accessing the site with HTTPS is protected, therefore such a resource will enjoy great confidence and will receive a higher rating in search engines.
• If the transition to HTTPS has practically no effect on the ranking in Yandex, then Google may increase the site’s ranking.
• The HTTP2 protocol allows you to download information from sites faster.
• Using the optional Service Worker utility, you can configure the display of notifications for your visitors.

Thus, the question of whether to translate the site to HTTPS, everyone answers himself. This is by no means necessary, but if you own a commercial site and are concerned about the safety of your customers' data, then the transition to a secure protocol is best done in the near future.

We translate the site into HTTPS

When transferring a site to a secure protocol, the owner of the resource may not be afraid of sanctions from search engines and loss of customers. How to transfer a site from HTTP to HTTPS? This is not a very complicated process, but during the transition to a new protocol it is advisable to follow a strict sequence of actions. Unforeseen circumstances may arise during the “relocation”, therefore it is better to prepare for all problems in advance.

1. The preparatory work is to test the loading of images and styles using the new protocol. If everything is in order, then you can start checking SSL support by your hosting.
2. Replace all complete links with relative ones. Thus, you exclude the name of the protocol from the addresses, and this will not become a problem in the future.
3. The same thing should be done with all the media files that are on the site. You need to fix each address on a relative.
4. Make an SSL certificate.
5. Install a certificate.
6. Enable HTTPS on the site server.
7. Restrict access to the site only for HTTPS to protect it from attacks that steal information by spoofing a security certificate.
8. Notify search engines.
9. Check sites and all its sections.

How to transfer a site to HTTPS? Follow this instruction, and transferring the site to the new protocol will not take you much time. If you doubt your actions, you can read a more detailed outline of the actions for each step.

Site preparation

Site preparation is one of the most important stages on which the successful transition to HTTPS will depend. The actions at this stage will help to properly prepare your resource and eliminate the likelihood of errors. What factors can determine the success of a move?

• Type of hosting.
• Control Panel.
• Type of SSL certificate: paid or free.
• Site software.
• Help desk support.
• Type of hosting (dedicated or virtual).
• Type of CMS (wordpress, modX, etc.).

The first step in preparing for the site migration is to replace the link addresses. Absolutely all links on the site should be replaced with relative ones. Relative are those links that do not contain a domain address, but simply indicate the name of the page. For example, instead of http://website.ru/ you need to specify //website.ru/. You can change the links even after the transfer or not change them at all, but then the transition of the site to HTTPS itself makes no sense. Also, on some CMS there are special programs that allow you to do this automatically. Do not forget to change the links in the same way to pictures, audio and video files. Otherwise, during the transition to the site with such pictures or videos, the message “Connection is not secure” will pop up.

The next step in preparing the site transfer should be the change of links in external scripts. If you use services such as Yandex.Direct, Webmaster or similar programs from Google, then it’s also worth replacing the address of your site with them so that they continue to work correctly. An important stage in the preparation of the site is the creation of backups or its copies. Backup must be done immediately before changing the protocol in order to save the most complete information.

Creating a backup will help you restore the site not only in case of an unsuccessful attempt to move, but also after a hacker attack or server failure. How to make it? Go to the control panel on the hosting and find the Backup, or “Backup” section there. The provider will create a copy that you can download to your computer.

Install SSL Certificate

The next step in moving your site from HTTP to HTTPS should be to acquire a security certificate. It can be obtained in two ways: buy or purchase for free.

What is SSL? This abbreviation stands for Secure Sockets Layer. This is a cryptographic protocol that provides encrypted data transfer. An SSL certificate is an individual digital signature that confirms the security of data transmitted over the network. As a rule, this certificate is issued by authorized trusted sources whose opinion is trusted by browsers. Of course, you can sign an SSL certificate yourself, but in this case it will not be a guarantee of security, that is, it is practically meaningless. Therefore, in order to get a real certificate that will be read by browsers, several conditions must be met:

• The applicant must have confirmation that the site belongs to him.
• The company that the site presents must be an officially registered company.
• The details of this company have been verified by a certification authority.

Thus, the protection of the interests of Internet users is ensured, and the certificate is not issued to unscrupulous owners. But, besides this, the SSL certificate on the site shows that being on it is safe, and the user did not go to the phishing page or a third-party resource. In most cases, “frivolous” companies that do not expect to stay on the market for a long time are usually not puzzled by the acquisition of a certificate, therefore its presence serves as an additional “brick” in the foundation of customer loyalty. But this is not all that you should know before buying a certificate. They come in different types. The most common is the Esential type, which attracts with its affordability and low price. It is issued to both individuals and legal entities.

A few more popular types are Instant and SGC certificate. For sites related to Internet payment, it is recommended to purchase Extended Validation, which can not boast of cheapness, but it has an extended check, which makes it an order of magnitude more secure than the rest. This certificate is available only to legal entities. The cheapest certificates are available from Geotrust and Rapid SSL.

Where to get a certificate? It is issued by certification authorities. If you doubt the authenticity of the center from which you purchase the certificate, you can check it for authenticity on Google. Different companies differ only in price, but it is by no means a guarantee of high quality. It’s more worth trusting customer reviews and ratings.

Obtaining an SSL certificate is quite simple. You need to select the type of certificate, and then enter the personal data that the system will require. As a rule, they request a passport and an extract from the register. Checking your data can take anywhere from half an hour to several days, so you should not expect a lightning fast result. If your data is verified, then certificate files will be sent to your mail, which will then need to be installed on the site. Installation instructions are usually sent by a certification authority, as well as in the documentation of panel developers.

Site setup

As you can see, translating a site from HTTP to HTTPS is a rather troublesome, but feasible, task. And the most difficult part of the transfer is setting up the site. First of all, you need to configure 301 redirects. This is the response code that is used when redirecting users from one page to another.

Despite the fact that outwardly sites can have exactly the same address for the user, some will contain direct links, while others will be relative, and for search engines they will be two different resources. When configured correctly, 310 redirects transfer from 90 to 99% of the referenced material.

There are several ways to set up a redirect. The longest of them is to change the address in the code of the site page. But for this you will have to apply input for each individual page, which may be hundreds. Therefore, most often webmasters prescribe 301 redirects in the .htaccess file using a special command. You must enter Redirect.permanent / old.php / new.php, and the module will automatically translate all the pages of the site. If you have problems with setting up a redirect, it is best to turn to technical support of the hosting.

The next step in setting up the site is checking its operation. Try typing in the search bar the site address with HTTP. If you are automatically transferred to HTTPS, then all the work is done correctly. A green lock will appear next to the search bar in the browser, hovering over it will display information about the SSL certificate. It’s best to check all the pages of the company.

Search Engine Notification

The main stages of the site transfer were left behind. Now it remains only to inform search engines that your site has changed the security protocol. To speed up this process in the main search engines Yandex.Webmaster and Google Search Console, the site address is changed. Without notifying search engines, your “new” site is likely to sag significantly in traffic.

How to transfer a site from HTTP to HTTPS using Yandex.Webmaster? Open the "Moving the site" section, then specify the preferred site address and check the "Add HTTPS" box. After that, Yandex will glue both site mirrors (after all, a site with HTTPS is a mirror of the same site, but with HTTP). After that, you need to check the correctness of the region that is displayed in the settings, as well as disable support for HTTP links. The translation of the site on HTTPS on Yandex is almost completely automated, so no errors should occur during the change of protocol. If you still have difficulties, then technical support of the search engine will help you.

To transfer a site to HTTPS in the Google admin panel, you need to add the new version of the site to the Google Search Console, while confirming your rights. Now in the lists of sites will be one and the other version. You don’t need to do any more settings for Google, just set up a 301 redirect before that, which will redirect users to a new address.

, HTTPS, . Sitemap URL Google. , . - , .

HTTPS ""

Wordpress is considered one of the simplest and most convenient CMS to manage. Translating a Wordpress website to HTTPS is much easier than translating to other CMS. On this platform, everything is thought out in order to transfer the site to a new protocol without any problems. The first step is to purchase an SSL certificate. If you are the owner of a simple site like a personal blog, then an inexpensive DV certificate is enough. If the site represents a company or organization, it is best to purchase OV. You can translate a site on Wordpress to HTTPS in the same way as on regular sites.

1. Install the certificate on the site.
2. Fix all links to HTTPS manually or using the program.
3. In the "Site Address" section, enter the address with HTTPS.
4. Do not forget to fix the path of links to images and other media files.
5. Notify search engines of a new protocol.
6. If you have links in scripts (for example, a counter of site visitors), then the address must also be corrected in it.

After that, it remains to check the quality of the work performed and set up a redirect. On some hosting sites, you can do this by going to the control panel.

How to transfer a site to HTTPS in WordPress, if the browser “leaves” for cyclic redirection? Go to the hosting control panel and check if the site is redirected to a new address with HTTPS. If there are similar settings on the hosting and in the “General Settings” section, then the program will redirect you endlessly, and the data from the site will not have time to reboot. But these are not all the problems that may arise when switching to a new protocol. After the question of how to transfer the site to HTTPS in WordPress, the second most popular question is the issue of problems with the new address of the resource. Very often, the ad “Connection is not secure” is displayed in the browser line. If you carried out the transfer according to the instructions, the following actions can help correct errors:

• Clearing the cache in the browser.
• Replacing links manually.
• Disabling caching plugins.

If this also did not help, then it is worth activating the code viewing in the browser. To do this, right-click on the page and click on "View Code". At the bottom you will see a toolbar that will contain information about existing certificates. If there is no such data, it means that an error was made when installing the SSL certificate.

Website transfer on other platforms

Other CMSs also need a secure protocol. How to transfer UCOZ website to HTTPS? Owners of paid packages have the opportunity to get SSL certificates for free: they are included in the price. Moreover, the certificate is installed automatically. If you own a site with a free subscription to Ucoz, then you can purchase an SSL certificate from any center. After the purchase, you will need to save it on your computer, and then paste the contents of the files into the “SSL Certificate” section of the site. For more accurate work, you need to enable the redirect option from HTTP to HTTPS, as this improves the visibility of the site by search engines. You must also enable the option "Deny HTTP for connected resources." In the event that some images have not been linked, the browser will prohibit their display, which will ensure a secure connection.

CMS ModX is another popular medium used for web applications. In order to transfer the site to ModX on HTTPS, it takes only 5-7 minutes. In the system settings there is a section “System and Server” in which you need to find the type of server and replace the protocol with HTTPS. After that, you need to configure the .htaccess file. It will be enough to add the following lines to it:

• RewriteCond% {SERVER_PORT}! ^ 443 $;
• RewriteRule ^ (. *) $ Https://site.ru/$1 [R = 301, L].

After that, you just have to check the correctness of the redirect and the correctness of the link.

Expert Advice

To the question of how to transfer the site to the HTTPS protocol, we answered in some detail. However, unforeseen problems may occur during site migration.

• Some time after installing the SSL certificate, the browser again begins to quote your site as “unsafe”. This can happen if you forget to pay it on time. Also in such a situation may be the one who bought a fake certificate.
• Loading pages on a site may take longer. Every second counts with an impatient user, and many leave such sites without waiting for them to load. The solution could be website optimization, server caching, and reducing the size of media files.
• Unfortunately, after the site’s “move” to the new protocol, many comments and user ratings (for example, likes) are lost. It is almost impossible to influence. Only on Wordpress there is a special plugin that allows you to keep the old statistics.

Moving a site from HTTP to HTTPS will be easier if you follow the following recommendations from experts:

• Switching to a new protocol is during a period of minimal site traffic, for example, in the summer.
• Using special error monitoring services greatly simplifies your work.
• Avoiding many problems will help testing site migration on a local copy. This will give you the opportunity to train not on the main resource, but on the “draft”.