Http to https for large ecommerce - our steps taken (any others recommended?)
-
**Here is the message from our technical team for the http to https migration; are there any other http to https migration steps recommended? **
Http to https migration steps (for this large ecommerce site):
We implemented HTTPS (HTTP over TLS) protocol today (5/4/2017).
- Applied a patch to ensure that HTTPS pages did not have NoIndex, NoFollow and tested before and after .
- Added new IIS HTTPS Redirect to enforce HTTPS from HTTP and changed others, including the WWW redirect
- Changed HTTPS only for Cookies as required as per new PCI vulnerabilities
- Changed the Basepage HTML template to use Relative Paths or Absolute URLs with HTTPS only (to prevent mixed content)
- Created and ran a SQL Script to cleanup 16 tables from HTTP to HTTPS (about 20,000 of them, including internal URL links, site settings, etc)
- Ran Google Sitemap Generator to create new sitemaps with HTTPS
- Added new HTTPS instance of the site into Webmaster Tools, then added verification code to master page, verified and then submitted the sitemaps to Search Console (QUESTION: will historical data in Google Console/ WMT be preserved for https?)
**Follow up steps for http to https migration for large ecommerce: **
- From this point forward, to avoid “mixed content”, the Marketing team must use either Relative Paths or Absolute Paths with HTTPS only in any customization (i.e. Basepage) or any new link, such as created in Content Management (i.e. Long Description). Any mixed content will make the website look not secure to customers and search engine spiders – so it is very important to be disciplined and diligent about this.
- Contact Salesforce to change the protocol to HTTPS only. Meanwhile, to prevent mixed content, we put in a temporary custom javascript change as workaround – but this should not be permanent especially as to the next upgrade will remove it – so we need Saleforce to make a change ASAP.
- We did not change Blog site (on sub domain), but we should even though it is only a Content site because it will not be signaled as Secure. This means we need to have someone make the changes to WordPress to enforce HTTPS and then change any links.
In terms of impact to page ranking due to Google’s treatment of HTTPS over HTTP and due to some impact to page speed – we will need to monitor closely to see how indexing, organic traffic and page ranking goes and take any additional actions as necessary.
-
You can try the service of Salesforce with the help of Axis consulting. I have tested it on my site.
-
Aleyda Solis has a pretty solid http to https checklist: http://www.aleydasolis.com/en/search-engine-optimization/http-https-migration-checklist-google-docs/
-
It looks like you followed a pretty good plan, the only thing I would recommend at this point would be to make all of your 301 redirects are 1 to 1. What I mean is, go over your 301 redirects to remove redirect chains, so you will update all of your old redirects that are pointing directly to the new https pages instead of chaining those redirects.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Pagespeed drop on https
Hi all, Since I have moved from http to https my pagespeed has dropped. My hosting company/ programmer say this is normal but I am not happy with the results. Before: mobile 69 desktop 89 Now: Mobile: 52 desktop 69 Anybody experience with this issue? All help is welcome! Thank You in advance Tymen
Technical SEO | | Tymen0 -
Canonical for duplicate pages in ecommerce site and the product out of stock
I’m an SEO for an ecommerce site that sells shoes I have duplicate pages for different colors of the same product (unique URL for each color), Conventionally I have added canonical tags for each page, which direct to a specific product URL My question is what happens when a product which the googlbot is direct to, is out of stock but is still listed in the canonical tag ?
Technical SEO | | shoesonline0 -
Http://newsite.intercallsystems.com/vista-series/sales@intercallsystems.com
I keep getting crawl errors for urls that have email addresses on the end. I have no idea what these are. Here is an example: the-audio-visual-system/sales@intercallsystems.com Where would these be coming from, how are they created? How can i fix them? When I try to do a 301 redirect it doesn't work. Thanks for your help,
Technical SEO | | renalynd27
Rena0 -
Mass HTTP to HTTPs move
Hi, As as part of an on-site SEO optimisation process, we've identified moving over from http to https - this is also in part to ensure our on-site forms are secure. In our industry our website has a high traffic volume (top 2 in the industry), we are concerned what impact the 301-redirecting from http to https would have on our organic traffic, both in terms of how Google would react to this mass-301 redirect plus the loss of 'search value' of inbound links. Privacy issues aside, would the minor quality-signal improvement be worth the move? Anyone have experience with such a move - was the outcome positive? Many thanks, Jason
Technical SEO | | Clickmetrics0 -
Robots.txt on http vs. https
We recently changed our domain from http to https. When a user enters any URL on http, there is an global 301 redirect to the same page on https. I cannot find instructions about what to do with robots.txt. Now that https is the canonical version, should I block the http-Version with robots.txt? Strangely, I cannot find a single ressource about this...
Technical SEO | | zeepartner0 -
SEO multi-language ecommerce with Oscommerce
Hello Team, I have few things that have been bugging me for a while. I hired a SEO company, Just Search in Italy, to do the full campaign for me, both for Italian and French language. However, I'm a little puzzled over their suggestions: -for muti-language they suggested to use separate domains Sposae.com for Italian and Sposae.fr for French. I'm a little worried about this because this means that I would need to do double job every time we do any changes or updates to the website, because now we have two ecommerce software running. Right now I have on Sposae.com both languages, using the Ultimate SEO URL. My question to you all is do I really have to use different domains? The system I have now is really not good? Thanks a lot
Technical SEO | | angelowei0 -
Proper method of consolidating https to http?
A client has an application area of the site (a directory) that has a form and needs to be secured with ssl. The vast majority of the site is static, and does not need to be secured. We have experienced situations where a visitor navigates the site as https which then throws security errors. We want to keep static visitors on http; (and crawlers) and only have visits to the secure area display as ssl. How is this best accomplished? Our developer wants to add a rule to the global configuration file in php that uses a 301 redirect to ensure static pages are accessed as http, and the secure directory is accessed as https. Is the the proper protocol? Are there any SEO considerations we should make? Thanks.
Technical SEO | | seagreen0 -
Seek help correcting large number of 404 errors generated, 95% traffic halt
Hi, The following GWT screen tells a bit of the story: site: http://bit.ly/mrgdD0 http://www.diigo.com/item/image/1dbpl/wrbp On about Feb 8 I decided to fix a large number of 'duplicate title' warnings being reported in GWT "HTML Suggestions" -- these were for URLs which differed only in parameter case, and which had Canonical tags, but were still reported as dups in GWT. My traffic had been steady at about 1000 clicks/day. At midnight on 2/10, google traffic completely halted, down to 11 clicks/day. I submitted a recon request and was told 'no manual penalty' Also, the 'sitemap' indexes in GWT showed 'pending' for 24x7 starting then. By about the 18th, the 'duplicate titles' count dropped to about 600 or so... the next day traffic hopped right back to about 800 clicks/day - for a week - then stopped again, down to 10/day, a week later, on the 26th. I then noticed that GWT was reporting 20K page-not found errors - this has now grown to 35K such errors! I realized that bogus internal links were being generated as I failed to disable the PHP warning messages.... so I disabled PHP warnings and fixed what I thought was the source of the errors. However, the not-found count continues to climb -- and I don't know where these bad internal links are coming from, because the GWT report lists these link sources as 'unavailable'. I'v been through a similar problem last year and it took months (4) for google to digest all the bogus pages ad recover. If I have to wait that long again I will lose much $$. Assuming that the large number of 404 internal errors is the reason for the sudden shutoff... How can I a) verify the source of these internal links, given that google says the source pages are 'unavailable'.. Most critically, how can I do a 'RESET" and have google re-spider my site -- or block the signature of these URLs in order to get rid of these errors ASAP?? thanks
Technical SEO | | mantucket0