How To Switch To HTTPS URLs For Optimal SEO


Editors note (7/29/2015): In this post the term “Webmasters Tools” is used to describe what Google now calls the “Search Console”. While the name of the interface has changed, the functioning hasn’t. 

Last week Google announced that the use of HTTPS or SSL security certificates will be added to their long list of ranking factors. How much influence will using SSL certificates have on rankings? Who knows. But because Google has formally stated that this is in fact a ranking factor, it now should be considered an important step in improving rankings and traffic. However, in order to implement this change for existing web sites, webmasters will need to change the fundamental URL structure. This in itself can be a dangerous procedure when it comes to SEO. If URLs are not redirected correctly they can be come de-indexed, or negative signals can be created.

Therefore, in this post I will go through the steps required to successfully redirect all of a domain’s URLs to HTTPS. However, before we begin you should understand that this guide is only intended for web sites hosted on Apache servers. Also if you are already working with an SEO or have a web developer, you should consult with them prior to making the changes suggested in this article. Every site is unique and what I mention in this article may not be the best course of action for everyone.


  1. Buy a SSL Certificate
  2. Edit HTACCESS For 301 Redirection
  3. Edit WordPress Or Other CMS Settings
  4. Add HTTPS To Webmaster Tools
  5. Add HTTPS To Google Analytics

1) Buy a SSL Certificate

A SSL certificate is needed to verify the authenticity of the secure connection. You can purchase one from most domain registers or your hosting company. I would recommend using your hosting company because they are likely able to help install it for free.

2) Edit HTACCESS For 301 Redirection

If you aren’t familiar with editing htaccess files, then you probably shouldn’t do it. Every htaccess file is unique and adding something in the wrong location can shut down an entire web server very quickly. therefore if you are not comfortable with this section then you should probably hire a web developer to do this part for you. Or you can always use a plugin or GUI provided by your hosting company to manage this file. Either way, proceed with caution.

Essentially what we need to do with this first step is to tell the web server that we would like any request that does not include a “https” at the beginning to be redirected via a 301 http status code to the corresponding URL that does have a https at the beginning. Because this redirection command will be “domain wide” and not based on individual URLs, we can use a simple regular expression to make these redirections all at once.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L]

As you can see on line 3 of the above code, the regular expression is relatively simple. However, it is very important that you adhere to your preferred domain structure. This mostly means that if your current URLs contain a “www” at the beginning, then it should also contain it in this directive. If your current URLs do not contain a “www”, then the domain in the above directive should not either.

3) Edit WordPress Or Other CMS Settings

If you finished the last step successfully then all of the non-https URLs should be redirecting correctly. This is awesome! :) However, now you should make sure that existing internal links, and future internal links are pointing towards the https version of the site. This might seem like a low priority now that the URLs are redirecting anyways, but historically the SEO community has believed that the least amount of internal redirects is better. This is especially true if you have a large site that includes the same internal links on every page (like a main menu).

In WordPress this task is simple. All you have to do is login to your WordPress admin interface and visit the general settings panel at: /wp-admin/options-general.php Once at the right page edit the “WordPress Address” and “Site Address” fields to include “https” at the beginning.

WPsettingsOther content management systems should have similar settings pages that should allow you to make the same changes.

4) Add HTTPS To Webmaster Tools

You should already have your site integrated into Webmaster Tools. However, now you will need to also add the https version as well. To do this, you will need to add the site as if it were a new site. addwmt

Like all new sites you will need to verify the https version as well. After you have added the https version successfully, you should keep the Webmasters Tools account for the non-https version in place to monitor how Google is handling the redirects and the future indexation of the site.

5) Add HTTPS To Google Analytics

Unlike Webmaster Tools, you shouldn’t need to setup a new profile for https. Instead login to your existing account and go the “Profile Settings” under the Admin link at the top menu. On this page you should see a bunch of settings that are unique to the domain. You can select the https version from the drop down box like so:


After selecting https from this drop down menu, you can save the settings.

Monitor Closely

At this point you are finished. However you should continue to monitor Webmaster Tools and Google Analytics on a regular basis to verify that you aren’t loosing traffic or rankings.



  1. Why does your form make me type all caps…??

    Also.. where are your share buttons?


    i.e. Tweet…

    How To Switch To HTTPS URLs For Optimal SEO by @joehall -> #SSL #SEO

  2. I recently switched to https (15 sep) and my website has been gradually getting lower every day. (see screen shot here

    I did have steps 1 & 2 done already. But not steps 3, 4 and 5.

    I am guessing steps 3 & 4 could be really important as I have not done them yet, and since implementing step 3 I have noticed that as mentioned above, now all internal links are https including media. I also did not have a new webmaster tools account for https version setup (step 4), just did that now. I hope this helps as I am a little concerned. Any feedback from others about this?

    ALSO, I want add a couple extra steps I had to do ontop of these 5 steps.

    6. After setting up a new webmaster tools for https version, re-submit your sitemap

    7. Review your robot.txt file. In the new https webmaster tools version, it appears my robot.txt fetch has failed. Might want to get that reviewed by an expert in case.

    • Hey Paul, did your site speed drop a bit after the migration? I was doing soe research on the migration and I read via this post from Yoast earlier this year that some SSL certificates can actually slow down your site, which might have an impact on your positions.

      Thanks Joe for the info, makes a lot of sense to migrate it this way.

  3. Thanks for the excellent info Joe, I’m so glad I found this article. We were seeing a minor drop in traffic in Google Webmaster Tools and Analytics and I wasn’t sure what’s going on until I read this.

    Thanks again :)

  4. Hey,

    I have a question about step 4 “Add HTTPS To Webmaster Tools”.
    What do I do with my sitemaps that I added? Do I remove them from the old http version and add them to the new http version?
    Keeping the old http version is just temporary? In the long run we can remove it?


    • Joe Hall says:

      Yes you should resubmit your XML sitemaps, but make sure that the URLs in it are for the HTTPS version.

  5. I just moved my WordPress site to the HTTP version and found the tips on this page to be more useful than any other.

    The most challenging part of the move was getting W3 Total Cache and Cloudflare to accept the new https version of the site without breaking the CSS. All good now.

    Thanks again!

  6. We already convert our website to secure SSL version. Nice tip!

  7. Thanks for this, helped me set up my site, and all seems to be working great.

  8. Thank you for this helpful article, Google ought to hire you to simplify things!

  9. Can’t we just use

    RewriteEngine On
    RewriteCond %{HTTPS} !on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    or does this not do the same thing?

    • Joe Hall says:

      Honestly I have never done that… It looks logical, but I would want to test it first before full implementation.

  10. Thanks you i just switch to https and needed informations about google webmaster tools and analytics :)

  11. Hello,
    I have a question about step 4 “Add HTTPS To Webmaster Tools”.
    Keeping the old http version is just temporary? What about duplicate content ?
    May i have to redirect the http version or desindex it ? (Sorry for my english).
    Thanks for your answer.

    • Joe Hall says:

      No, its not temporary. When you 301 the non-https URLs Google reindexes them, and changes them in the index. Therefore there are no duplicate versions. The way I wrote #4 does look a bit misleading… what I meant was you should keep the old web master’s tool account active for awhile to monitor changes from the old to the new accounts. I am going to change the wording of that right now to make it more clear.

  12. Hey Joe!

    Should i use this method if i am just wanting to redirect my http:, www, ip and non-www to the https url? All my pages ect inside my website are running on the https already, its just my website can still be accessed via the 4 other urls.


  13. Thanks a lot, it is helpful~


  1. […] Jak přejít na https s ideálním efektem pro SEO od Joe Halla […]

  2. […] sure to follow Joe Hall’s great guide to SSL implementation to avoid mistakes that may kill your […]

  3. […] How To Switch To HTTPS URLs For Optimal SEO by Joe Hall […]

Speak Your Mind