Google: Migrate your website to HTTPS all at once when installing SSL
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Google: Migrate your website to HTTPS all at once when installing SSL

Do not migrate in steps, the best practice is to do it all at once—or let your SEO suffer.

Migrating to HTTPS can impact your SEO. If you’re not familiar, SEO is search engine optimization. In the online marketplace, you need visibility and that comes in the form of search rankings. The goal of SEO is to get the content on your website to rank the highest possible in search results. The higher you rank, the most business you’ll do.

Sometimes, adding an SSL certificate to a website and migrating that site to HTTPS can cause your search rankings to temporarily drop. Remember, when you migrate you’re changing the URL for every page on your site—instead of starting with “http://” they now start with “https://”.

But there are best practices that can help you mitigate risk.

Best Practice: Migrate your entire site to HTTPS at the same time

In a Google hangout posted last Friday, Mueller shed some light on the way Google’s search handles a website’s HTTPS migration:

In general, what I would do with a move to HTTPS is just move everything at once. We do try to recognize site moves like this where you are moving a bigger part of your web site to a new set up. We try to process that a little faster. And it helps us to really know that the whole web site has actually moved. So if you are doing this in steps what generally happens is it takes a lot longer and there is a bit more room for error. Because we might be missing something, we might be assuming that you are only moving part of your web site, and next month the next part comes, how and where do we combine these things? So my recommendation there would be to just bite the bullet and do that change completely.

Mueller also calls using 301 redirects the “perfect method” for pointing your users to the new HTTPS URLs.

Don’t move your website to HTTPS piece by piece

Many websites do try to move their websites to HTTPS in small fragments. And frankly, that’s understandable. Some enterprises have massive infrastructures. Some businesses want to make sure and test that everything goes smoothly before committing to migrating the entire site.

But as much as you may want to do that, it’s not the right move.

Just like it may be tempting to just migrate certain, more sensitive parts of your site to HTTPS while leaving others unencrypted. Don’t do that either. The best practice is to encrypt your entire site. HTTPS Everywhere is an initiative the browsers are pushing. If you don’t encrypt parts of your site, those pages will receive an SEO penalty and you’ll also be opening yourself up to new risks like side-jacking.

And when you do migrate, don’t yell at your SEO guy if the search rankings dip a little.

In general, if you move to HTTPS [all at once], for the most part it will be very smooth. It won’t be the case that you’d drop out of the search results completely. However, anytime you do a bigger move on a web site or any bigger change on a web site there are potentially fluctuations that can help. So that is something you’d want to keep in mind. If things do fluctuate a bit, don’t panic, it will pass.

If you have any other questions, leave them in the comments section. We’ll be happy to help.

What we Hashed Out (for Skimmers)

Here’s what we covered in today’s discussion.

  • When installing an SSL certificate, the best practice is to migrate to HTTPS all at once.
  • Google tries to recognize when a whole site has moved, just moving pieces can cause mistakes.
  • This won’t impact your SEO long term. Though your search rankings may fluctuate, it will pass.


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.