6 Tasks Lawyers Should Perform When Moving Their Site to HTTPS

6 Tasks Lawyers Should Perform When Moving Their Site to HTTPS

| August 20, 2015

check-list-2Adding an SSL Certificate is the first step and the actual act of making your website secure.  We wrote another post on adding a certificate1 and where you should look for information so we won’t go over that here.  Just adding the SSL to your site isn’t the whole job.

Change WordPress General Settings to HTTPS

If you are using a CMS like WordPress, you can set a preferred URL in the settings portion of the back end.  For WordPress, this is found in Settings -> General.  Depending on your theme this may look slightly different and you are looking for a text field labeled “Site Address (URL)”.


All you need to do is add an S at the end of the HTTP, scroll to the bottom of the screen and click save.

301 redirect all URLs to HTTPS

Perhaps one of the most important steps is redirecting all of your old HTTP URLs to the secure version of your URLs.  After all, the aim of Google’s recent change2 to making SSL a ranking factor is intended to promote a secure browsing experience for users.  A 301 permanent redirect is intended to tell Google that the old version of a URL is no longer used and a resource (page) has moved permanently.

There are different ways of accomplishing this:

CMSPlugins on WordPress

The least technical way of redirecting your URLs (if you’re using WordPress) is by using a plugin.  There are a lot of them out there so do a search and find something that looks easy to use.  For example Redirection3 looks simple enough.

These plugins are designed to allow site owners who do not have knowledge of server configuration files to make permanent redirects on their site.  Many web servers run on Apache which uses a file called .htaccess that contains instructions on how to handle URLs.

Manipulating .htaccess

If you do not have any knowledge of programming or do not feel comfortable working with files on your server, you will probably not want to try and change your .htaccess file yourself.  If you do, make sure you keep a copy of it somewhere in its original form (when your site was working) so that if you screw something up you can revert back quickly.

Filezilla logoYou will need FTP access to your host’s server3 and .htaccess should be found in the root (either a folder called www or named after your domain.  You can also try searching for it using search features of your FTP program5.

Once you find your .htaccess file, download it to your computer (save a backup copy somewhere else) and then open a version in a text editor.  For instance Notepad or Notepad++6 will work just fine.

Add the following lines of code to your file, save it and re-upload it to your .htaccess file to your server

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

This will redirect any traffic previously going to non-secure pages to https versions.  Note that you should only install this code after you have installed your security certificate and made sure that it is functioning as it should.

Some tips when redirecting URLs:

• Make modifications to your server files during low traffic times

• If you use Google Analytics, look at real time traffic to see if anyone is on your site when you are making changes

• Always back up files in other locations so you can quickly revert back to the way things were when they worked

Update robots.txt to allow crawling of HTTPS site

robotsIt is not uncommon to have search engines and other crawlers excluded from accessing secure areas of websites.  It would be cumbersome, time consuming and in some cases impossible to exclude robots page by page so excluding all crawlers from secure directories is standard.

There may still be secure directories that you do not want accessed but if your whole site is now HTTPS, you will have to be more specific in your robots file on which directories are off limits and which ones can be crawled.

Claim the HTTPS Version of Your Site in Webmaster Tools

You have to let Google know which page it is that you want indexed in search.  You can do that by claiming the secure version of your URL in Webmaster Tools.  Log into your webmaster tools account and click add new site.

Type in the secure version of your web address and then you will need to re-verify the domain.  Choose one of the many options to re-verify and that’s it!  It is fine to leave the other (unsecure) domain in your account however since you are now redirecting all of your traffic to secure versions of pages, you will not get as much if any data populating in that account as time goes on.

Resubmit An HTTPS Version of Your Sitemap

Lastly build a new sitemap and submit it to webmaster tools.  XML-sitemaps.com7 is a good site but there are a lot of other generators out there.  Build your sitemap and place it on your server either via FTP or using a WordPress plugin if you are using that CMS.

Log back into your Webmaster Tools account and go to Crawl -> Sitemaps and click on add/test sitemap.

Now that  you have completed all of these steps, you have successfully migrated your site to a secure version.  Watch your rankings for queries over the coming weeks and note how the change has impacted your site.

What tips do you have for moving your site to HTTPS?  Join in the conversation by leaving a comment below.