Http to https for large ecommerce - our steps taken (any others recommended?)
-
**Here is the message from our technical team for the http to https migration; are there any other http to https migration steps recommended? **
Http to https migration steps (for this large ecommerce site):
We implemented HTTPS (HTTP over TLS) protocol today (5/4/2017).
- Applied a patch to ensure that HTTPS pages did not have NoIndex, NoFollow and tested before and after .
- Added new IIS HTTPS Redirect to enforce HTTPS from HTTP and changed others, including the WWW redirect
- Changed HTTPS only for Cookies as required as per new PCI vulnerabilities
- Changed the Basepage HTML template to use Relative Paths or Absolute URLs with HTTPS only (to prevent mixed content)
- Created and ran a SQL Script to cleanup 16 tables from HTTP to HTTPS (about 20,000 of them, including internal URL links, site settings, etc)
- Ran Google Sitemap Generator to create new sitemaps with HTTPS
- Added new HTTPS instance of the site into Webmaster Tools, then added verification code to master page, verified and then submitted the sitemaps to Search Console (QUESTION: will historical data in Google Console/ WMT be preserved for https?)
**Follow up steps for http to https migration for large ecommerce: **
- From this point forward, to avoid “mixed content”, the Marketing team must use either Relative Paths or Absolute Paths with HTTPS only in any customization (i.e. Basepage) or any new link, such as created in Content Management (i.e. Long Description). Any mixed content will make the website look not secure to customers and search engine spiders – so it is very important to be disciplined and diligent about this.
- Contact Salesforce to change the protocol to HTTPS only. Meanwhile, to prevent mixed content, we put in a temporary custom javascript change as workaround – but this should not be permanent especially as to the next upgrade will remove it – so we need Saleforce to make a change ASAP.
- We did not change Blog site (on sub domain), but we should even though it is only a Content site because it will not be signaled as Secure. This means we need to have someone make the changes to WordPress to enforce HTTPS and then change any links.
In terms of impact to page ranking due to Google’s treatment of HTTPS over HTTP and due to some impact to page speed – we will need to monitor closely to see how indexing, organic traffic and page ranking goes and take any additional actions as necessary.
-
You can try the service of Salesforce with the help of Axis consulting. I have tested it on my site.
-
Aleyda Solis has a pretty solid http to https checklist: http://www.aleydasolis.com/en/search-engine-optimization/http-https-migration-checklist-google-docs/
-
It looks like you followed a pretty good plan, the only thing I would recommend at this point would be to make all of your 301 redirects are 1 to 1. What I mean is, go over your 301 redirects to remove redirect chains, so you will update all of your old redirects that are pointing directly to the new https pages instead of chaining those redirects.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Fundamental HTTP to HTTPS Redirect Question
Hi All I'm planning a http to https migration for a site with over 500 pages. The site content and structure will be staying the same, this is simply a https migration. Can I just confirm the answer to this fundamental question? From my reading, I do not need to create 301 redirect for each and every page, but can add a single generic redirect so that all http references are redirected to https. Can I just double check this would suffice to preserve existing google rankings? Many Thanks
Technical SEO | | ruislip180 -
Our homepage url has been 301'd to the new https version - as our MD wanted us to have the secure protocol
Hello Mozers I'm just checking whether it is good practice to 301 the main homepage url to its https version. Will this have any detrimental effect on ranking and DA?
Technical SEO | | Catherine_Selectaglaze0 -
JSON-LD meta data: Do you have any rules/recommendations for using BlogPosting vs Article?
Dear Moz Community. I'm looking at moving from in-line Microdata in the HTML to JSON-LD on the web pages that I manage. Seems a far simpler solution having all the meta data in one place - especially for trouble shooting! With this in mind I've started to change the page templates on my personal site before I tackle the ones for my eCommerce site. I've made a start, and I'm still working on the templates producing some default values (like if a page doesn't have an associated image) but have been wondering if any of you have any rules/recommendations for using BlogPosting vs Article? I'd call this type of page an Article:
Technical SEO | | andystorey
https://cycling-jersey-collection.com/browse-collection/selle-italia-chinol-seb-bennotto-1982-team-jersey Whereas this page is from the /blog so that should probably be a BlogPosting:
https://cycling-jersey-collection.com/blog/2017-worldtour-team-jerseys I've used the following resources but it would be great to get a discussion on here.
https://yoast.com/structured-data-schema-ultimate-guide/
https://developers.google.com/search/docs/data-types/data-type-selector
https://search.google.com/structured-data/testing-tool/u/0/ I'm keen to get this 100% right as once this is done I'm going to drive through some further changes to get some progress on things like this: https://moz.com/blog/ranking-zero-seo-for-answers
https://moz.com/blog/what-we-learned-analyzing-featured-snippets Kind Regards andy moz-screenshot.jpg1 -
Will Switching to HTTPS Lower My Domain Authority?
Hi All, I had a quick look online but couldn't find any information regarding this so thought I would ask. Please point me in the right direction if it has been asked before of if there are any useful articles online. We are currently in the process of switching one of our clients old sites from http to https, we have done all of the steps except from making the https version the main domain, or 301ing the http version to the https version. If we were to do this would we expect to see a drop in domain authority? a drop in keyword rankings? or is there anything else we should be worried about? Thanks Mozzers
Technical SEO | | O2C0 -
Mass HTTP to HTTPs move
Hi, As as part of an on-site SEO optimisation process, we've identified moving over from http to https - this is also in part to ensure our on-site forms are secure. In our industry our website has a high traffic volume (top 2 in the industry), we are concerned what impact the 301-redirecting from http to https would have on our organic traffic, both in terms of how Google would react to this mass-301 redirect plus the loss of 'search value' of inbound links. Privacy issues aside, would the minor quality-signal improvement be worth the move? Anyone have experience with such a move - was the outcome positive? Many thanks, Jason
Technical SEO | | Clickmetrics0 -
Ecommerce and Secure Checkout
We made changes several months ago trying to become compliant with Google Trusted Stores. This change effects our secure checkout. Here is an example website:www.froggysfog.com once you go to checkout:
Technical SEO | | marketing_zoovy.com
https://www-froggysfog-com.app-hosted.com/c=gbY1kT9hZx1OJrCN07bHz3tTy/s=www.froggysfog.com/checkout.cgis
Once you have gone to checkout all the links are changed:
https://www-froggysfog-com.app-hosted.com/category/10-fluid.10-fog/ I know I can remove the session ID in webmaster tools, but I'm not sure what else I should be doing to ensure that these links are not indexed. We have the robot.txt set up to not index anything in checkout or that is on secure: http://www.froggysfog.com/robots.txt However, due to the entire url change when on secure. I'm wonder if I need to set up in webmaster tools to exclude any url with app-hosted.com or if there is a better option. thank you0 -
405 HTTP Status instead of 404
Hi We need to block some www1-pages from being indexed. Now IT has resolved this but pages like http://www1.swisscom.ch/fr/business/pme.html return a 405 status instead of a 404. The pages are currently still indexed in Google. Must the status be changed to 404 or should I just wait and see if Google de-indexes them anyhow?
Technical SEO | | zeepartner0 -
Does http://my.dudamobile.com/ Effect SEO
Hi, Hope everyone is enjoying the new year! I was wondering if converting your desk top website to a mobile one, example via http://my.dudamobile.com/, has any negative effects on SEO. Did it effect your site? Do you recommend doing it? Does it effect links? When people link to your desk top URL does that authority carry to the mobile, or would it be better if they link to the mobile (m.website.com) URL? Is http://my.dudamobile.com/ a good choice? Any feedback, as always, is greatly appreciated! Thanks Jimmy
Technical SEO | | jimmy02250