Sitewide HTTP to HTTPS Migration: Complete Checklist

https lock

Way back in 2014 Google announced that they would start to use HTTPS as a ranking signal. This was said to affect only 1% of global queries, giving webmasters time to switch over to HTTPS. Fast forward 3 years and Google has announced that they will be marking HTTP pages as “Not Secure“, forcing the hand of anyone not running sitewide HTTPS.

Beginning in October 2017, Google Chrome started to show the “Not Secure” warning on all HTTP pages where users enter data. In steps towards more connection security, Google is looking to protect all types of data – not just passwords and credit card info.

There are 3 key reasons why you should make the move to HTTPS:

  1. Encryption. Exchanged data can be kept safe from eavesdroppers. Nobody can “listen” to conversations, track activities or steal information.
  2. Data Integrity. Data cannot be modified or corrupted during transfer without being detected.
  3. Authentication. Proves that your visitors are communicating with the intended website. This can build user trust, which translates into other business benefits.

Difference between HTTP and HTTPS

HTTPS or Hypertext Transfer Protocol Secure is an agreed secure ‘code’ used to scramble and encrypt the data between two servers so that no one can read the messages. It is the industry standard for anyone with a checkout element on their website to protect data such as credit card info.

If you’ve purchased anything online from a reputable retailer you will have seen that the checkout is always protected by a padlock and HTTPS.

HTTPS Checkout

Switching to sitewide HTTPS

Making the switch to HTTPS on your site is surprisingly easy. If you’re an ecommerce retailer with an SSL you can set your existing certificate to run sitewide. If you’re not yet running HTTPS, you’ll need to buy a security certificate, activate, and install it.

This process will vary depending on your hosting and server set up. Please get in touch if you would like some assistance with this. 

After installation of the certificate, you’ll be able to reach your new HTTPS site directly. The next step is to make sure that visitors are accessing your site through HTTPS URLs.

Sitewide HTTPS Update Checklist

In this section we will show you our complete checklist you can follow to make sure you have updated your site to HTTPS sitewide.

Now your site is secure, you will need to set up 301 redirects from your HTTP site to your HTTPS site, so that visitors are automatically redirected to the HTTPS version. This is all covered in the checklist below.

To cover all bases we are going to create the checklist around 4 key areas; Server Side, Webmaster Tools, Bing Webmaster Tools & PPC.

Server changes

HTTPS server changes

Server side changes are key to redirect all of your sites traffic to the updated HTTPS version.

They will capture 3 types of traffic:

  • non-www HTTP
  • www HTTP
  • non-www HTTPS

And redirect to:

  • www HTTPS

Here’s some examples of host names the traffic will be arriving through


And where they will be redirected to:


Webmaster Tools

Google Webmaster Tools

Webmaster Tools is a free tool set provided by Google that helps you evaluate and understand your website’s performance in search results.**

Making changes to your Webmaster Tools account will help force Google to notice redirects and begin re-crawling and indexing your whole site. It will also inform Google to crawl new HTTPS URLs, which speeds up reindexing.

Bing Webmaster Tools

Bing Webmaster Tools

Bing webmaster Tools works in exactly the same way Webmaster tools does for Google, but for the Bing search engine. The same advantages will be gained from the changes as the previous section.


If you’re running any PPC ads, whether that be Google Shopping, Google Adwords or Bing ads, they are probably a significant traffic driver for your site. Making changes to send PPC traffic to your updated HTTPS urls is a must and Google and/or Bing will disapprove ads with a redirect in place.

The Checklist

Server Side

  • Configure server side services to capture all non-www HTTP traffic and redirect to www HTTPS
  • Configure server side services to capture all www HTTP traffic and redirect to www HTTPS
  • Configure server side services to capture all non-www HTTPS traffic and redirect to www HTTPS

Webmaster Tools

  • Add HTTPS website property and verify
  • Submit the new HTTPS sitemap and test

Bing Webmaster Tools

  • Add HTTPS website property and verify
  • Submit a new HTTPS sitemap and test


  • Generate new Google Shopping Feed with HTTPS
  • Fetch new feed in the Merchant Centre
  • Update all Google AdWords destination URLs (you can do this in bulk using the AdWords Editor)
  • Update all Bing Ads destination URLs (use the Bing Editor to update in bulk)

After completing this checklist, your website will be accessed at all times as it’s HTTPS version and you can start to enjoy the benefits of the improved trust and visible security.

Need Any Help?

If this post has shown you how important HTTPS is and you want to migrate your site over, then we can help. Call us directly today on 01183 805 705 or visit our Website Maintenance Page.

Find out more