Why should you redirect HTTP to HTTPS?

With the performance benefits you now get from HTTP/2, there has never been a better time to thinking about moving your site to HTTPS; not to mention the additional security and SEO advantages. Follow our guide below on how to migrate your site from HTTP to HTTPS.

Why should you redirect HTTP to HTTPS?

As you know Google is pushing hard for HTTPS everywhere so that the web is a safer place. While being more secure is always important, there are some additional reasons why you might want to consider moving to HTTPS.


1. Performance and HTTP/2

Content delivery networks and web hosting providers are starting to roll out HTTP/2. In a session at Velocity, Load Impact and Mozilla reported that internet users can expect websites optimized for and delivered over HTTP/2 to perform 50-70 percent better than sites over HTTP/1.1. To take advantage of HTTP/2 performance benefits you have to be running over HTTPS because of browser support.


Source: HTTP/1.1 vs. HTTP/2: A Performance Analysis

2. SEO and rankings

Back in 2014, Matt Cutts announced that HTTPS is now a lightweight ranking signal and that over time Google might strengthen this signal. So running HTTPS can help benefit your SEO rankings.

According to the latest data from BuiltWith, around 6.3% of the top 100,000 websites are using SSL by default, up from 4.3% in November 2014.

                            websites-using-ssl graph

3. Better referral data

A third reason why it is good to migrate is because HTTPS to HTTP referral data is blocked in Google Analytics. So for example, let's say your website is on HTTP still and you went viral on Reddit and YCombinator. Both of these sites are running over HTTPS. The referrer data is completely lost and the traffic from both of those sites could end up under direct traffic which is not very helpful. If someone is going from HTTPS to HTTPS the referrer is still passed.

4. More secure

A fourth reason why it is important to be running over HTTPS is of course because of security! For eCommerce sites, the reason you need an SSL certificate is that they are processing sensitive credit card data. For other sites, the biggest reason for this is your WordPress login page. If you aren't running over an HTTPS connection your username and password are sent in clear text over the internet. You can see an example in this article on how to actually sniff and capture WordPress logins over unsecured connections using these free tools. Many people will argue that blogs and informational sites don't need to be running on HTTPS, but how important are your login credentials?

5. SSL builds trust and credibility

A fifth reason why SSL is important is due to building trust and credibility with your visitors. According to a European survey from GlobalSign, 77% of websites visitors are concerned about their data being intercepted or misused online.

28.9% look for the green address bar.

- GlobalSign

By adding an SSL certificate and showing the green padlock this instantly adds credibility and what we like to call "SSL trust." It is important to let your visitors know you are secure and that their information will be protected.


Follow the steps below on how to redirect HTTP to HTTPS for your site. Some of the steps used are  here click me 

Scan your website for non-secure content

The developers over at JitBit created a great little SSL Check tool that will scan your website and finds any non-secure content.

6. Add 301 redirects to new HTTPS URLs

Adding 301 redirects are probably one of the most important steps in an HTTP to HTTPS migration. 301 redirects are a permanent redirect which passes between 90-99% of link juice (ranking power) to the redirected page. If you don't implement 301 redirects you could seriously hurt your SEO rankings and your site could completely drop out of SERPs overnight.

It doesn't matter what platform your website is using, we don't recommend using a plugin for a bulk migration like this. It is much simpler to implement 301 redirects at the server level, especially if you are dealing with hundreds of URLs.


Add the following to your Nginx configuration file:

server {
    listen 80;
    server_name domain.com www.domain.com;
    return 301 https://domain.com$request_uri;


Add the following to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]