I have recently migrated my website from http to https( secure http). All the non-secure HTTP requests are now redirected to HTTPS. On migrating the Site I faced many problems and learnt a lot. So here’s the list of steps to perform in making the web more secure :

Selecting SSL Provider :

The first step is deciding your SSL provider. Many SSL Providers are present in the market like Comodo, Symentac, Verizon, Namecheap etc. They all charge a lot of money but also provide Extended Validation, means not only secure but also proves your legal identity as “operational and physical presence of website owner“.

For normal use you just need a Domain level Certificate. From Namecheap you can buy an SSL certificate in 600₹ for 1 year(Single Domain). For EV Certificate(Extended Validation) it’s good to buy a Certificate, but for Domain level I suggest you to use Let’s Encrypt. Let’s Encrypt is Free! and it is free because of it’s Sponsers like Google, Facebook, Mozilla, Automattic etc. So I am going with Let’s Encrypt.

Installing SSL Certificate :

Installing SSL Certificate is an easy task if your Hosting Provider support Let’s Encrypt. You can check the name of your hosting provider on the list. For non-supporting hosting providers we have certbot. You have to select your software and system. While Installing do redirect all of your traffic to https permanently. It’s an essential step because now you have two versions of your site.

Installing SSL Certificate Successfully v2
Installing SSL Certificate Successfully v2

After installing just make sure if SSL is working properly from SSL Labs.

Testing new URLs :

Mixed Content :

If your website is using some hard-coded HTTP links then the browser may show a warning for mixed content. Sometime Browser’s hides the padlock if they find any mixed content. You can check your URL for non-secure content at JitBit.
Make hard-coded links more robust by changing links:

http://google.com to //google.com . In WordPress you can install SSL Insecure Content Fixer Plugin.

Mixed Content Warning
Mixed Content Warning
Getting your Facebook likes back :

Facebook and google treat http and https links differently. Likes and Shares for a URL are for that Unique URL any change, and you will lose all your likes and shares count. Because of migrating you are now using different link so all your Facebook counts will change to “zero”.

Likes and Shares are set to zero!
Likes and Shares are set to zero!

How to get back all of your likes, you can use plugins like Warefare Plugin(expansive) of do it manually :

  • Changing .htaccess : In Facebook’s documentation they give a solution, to redirect Facebook’s crawler to the old URL. I’ve found a solution in Stack Overflow. You have to add FaceBot to the exception list of redirection. You can find your .htaccess file in your document root. CertBot uses the virtual host method instead. Both do the same thing but .htaccess method is less preferred.
  • Point og:url meta tag to old url : If you are using any kind of SEO tool or creating meta tags your self you have to change all the og:url tag to the http version again.
    So if you are using Jetpack SEO tool then Jeremy Herve created a gist for you. I am using Yoast SEO. I’ve created a small plugin for changing links in Yoast SEO.
  • Scraping : By doing both steps above you don’t get back your likes instantly but after 30 days. Facebook crawls each url after every 30 days of sharing the link. So my first step was going to open graph debug tools and fetch new info for every URL. But the problem was, many sites are too large that fetching each link is not possible.
    For overcoming this problem, I researched on “How to scrap links by script”. I’ve found a solution in Stack Overflow and tweaked it a bit with file operations. You have to make a list of your URLs in a file and pass through the script. Use your Website Sitemaps for getting all the links of your Web Site.
External Links :

Any external links to your previous http links will take your SEO juice away, So it’s good to change them all.

If you are using Google Webmaster tools, add new urls with https. Don’t delete previous urls. Submit sitemaps, and request indexing.

Facebook page and Google Analytics is the another place you want to change the link to your site.

Update! HTTPS is faster protocol then HTTP if you upgrade your apache to HTTP/2. For comparing these two go to httpvshttps .


Scintilla Leaderboard Manually configuring SSL Certificates

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.