A Guide to Redirecting HTTP to HTTPS

The world of technical SEO is rich with acronyms, but today we’re going to take a look at two of the most commonly used ones: HTTP and HTTPS. 

This guide will take a deep dive into redirecting from HTTP to HTTPS. We’ll look at what HTTP and HTTPS are, why redirects are important, and how you can set up a redirect with your domain host. 

We’ll also share a few tips on how Semrush can help you manage your site after the job is done. Let’s get started. 

What Are HTTP and HTTPS?

Both HTTP and HTTPS are types of transfer protocol. HTTP (or Hypertext Transfer Protocol) is the traditional protocol we use to access the web from a browser. 

As a user, you use HTTP to create requests by adding it as a prefix to a web address, and as a result, you’re shown the content you’re looking for. 

The HTTP is basically a messenger, which carries your request to the web server and returns with what you want to see. 

The URL that you use in the search bar to do all that looks a little something like this:

HTTPS is an acronym for “Hypertext Transfer Protocol Secure.” The “secure” indicates that, unlike HTTP, HTTPS web pages have an extra layer of security. 

This is provided through SSL encryption (via a secure certificate from a third-party vendor) and keeps your connection to the server secure. Extra security reduces the risk of third-party attackers accessing any data you share with the site.

To establish a secure connection, the client (e.g., your browser) and the server get in touch with each other. The client connects to the server and the server sends back its identification via a digital certificate. Both use HTTPS to transfer this data, just as they would with HTTP.

The URL you’d see in your search bar looks something like this:

Why Should You Change to HTTPS?

Google announced in 2014 that HTTPS would be used as a ranking signal to encourage websites to prove that they will keep the users’ data as safe as possible. 

As a site owner, using HTTPS is another way of showing users that your site is legitimate and secure. 

Essentially, using an HTTPS protocol shows users that you’ve got the EAT factor: Expertise, Authoritativeness, and Trustworthiness.

This is pretty invaluable, so if you’ve still got an HTTP protocol, it’s definitely time to think about making the switch.

For more information on the benefits of an HTTPS protocol, you can check out the HTTP to HTTPS #semrushchat.

How to Redirect from HTTP to HTTPS

Setting up the redirect from HTTP to HTTPS on your website will depend on your site’s host. However, there are some preliminary things you can take care of before you even look at the specifics:

  1. Choose an SSL certificate for your site
  2. Tell Google about your new protocol 
  3. Update your internal links

1. Choose a certificate for your site

To make everything official, you’ll need to get your hands on a Secure Sockets Layer (SSL) certificate. An SSL certificate is a third-party confirmation that your connection and site are legitimate. 

An SSL certificate will include:

  1. The server name
  2. The certificate authority
  3. The server’s public encryption key.

The SSL certificate encrypts the messages between your site and the user. It locks other users out and prevents them from reading or stealing private information such as credit card details or passwords. 

For more info on SSL certificates, check out our guide to migrating a website in an SEO-friendly way.

2. Tell Google about your new protocol

Google considers the HTTP and HTTPS versions of one site to be two different websites, so it’s important that you inform them about your redirect. You’ll want to ensure that sure users are directed to the right version of your site when they try to access it. 

Start by heading over to your Google Search Console account to verify the HTTPS version of your site. 

Make sure you use the same email address you use for your Google Analytics account to guarantee that your ownership of the domain is confirmed.

The transfer could take a few days, but your redirect will be good to go.

Once the redirect is sorted, it’s time to check that your internal links have HTTPS URLs and continue to work correctly. You can check what needs changing by using a site crawling tool to scan for any dodgy links. We recommend our Site Audit tool.

You’ll likely make the relevant changes with your site host. We’ll show you how to get started with four of the most popular web hosts. 

Scroll through to find your host (if present):

How to Redirect to HTTPS in WordPress

If you run your website through WordPress, there are a couple of different ways to go about redirecting HTTP to HTTPS. 

  1. Use a Plugin
  2. Edit WordPress files manually

We’ll take you through the steps now!

1. Use a plugin

This is a super easy method for beginners. First, install an SSL plugin, then activate it. The plugin does the following automatically:

  • Checks your SSL certificate 
  • Directs WordPress to use HTTPS in URLs
  • Sets up redirects
  • Looks for any URLS that still load via HTTP and redirects them

You’ll need to keep the plugin active on your site after it’s installed; deactivating it could lead to performance and content errors.

H3: 2. Edit the WordPress files manually

To edit your WordPress files, visit your General Settings and update your WordPress and site URL addresses to HTTPS rather than HTTP.

redirect HTTP to HTTPS

Then set up your redirects in your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
[L,R=301]
</IfModule>

Look confusing? Here’s the breakdown: 

  • “RewriteEngine On” enables the rewrite 
  • “RewriteCond %{HTTPS} off” checks for the HTTP connection
  • “RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUSEST_URI} [L,R=301]” redirects HTTP to HTTPS with a 301 status code

Now WordPress should load your site with HTTPS!

How to Do an HTTP Redirect in Nginx

If you host with Nginx, there are a couple of ways to redirect your HTTP to HTTPS. 

  1. Redirect all HTTP sites to HTTPS
  2. Redirect specific sites

Let’s review them in more detail. 

1. Redirect all HTTP sites to HTTPS

This method is used when you know that you want all your sites to exclusively use HTTPS. You simply make a change to your Ngnix configuration file:

server {listen 80;listen [::]:80 default_server;server_name _;return 301 https://$host$request_uri;}

Here’s what the code actually means:

  • “listen 80 default_server” establishes the server block as the default for any unmatched domain
  • “return 301 https://$host$request_uri” redirects any traffic to the correct HTTPS server block. $host holds the request domain name. 

2. Redirect Specific Sites

This is the go-to option if you have multiple apps or sites and don’t require an SSL certificate for each one. Again, all it takes is a simple change in your code:

server { listen 80; server_name example.com; www.example.com; return 301 https://example.com$request_uri;}

As you can see, this code doesn’t designate a “default server.” Instead, it focuses on the specific host name. Let’s break it down:

  • “listen 80” ensures that the server block will ‘listen’ for any connections on port 80 (HTTP)
  • “server_name example.com; www.example.com” ensures the server domain names are specified. Of course, your domain name should be subbed for “example.” 
  • “return 301 https://example.com$request_uri” ensures that traffic is redirected to the HTTPS version of the site. The ‘301’ creates a redirect to the specific URI and sends the user to an HTTPS version. 

You’ll need to restart or reload Nginx for the changes to come into effect. From there, you’ll be ready to go!

How to Redirect to HTTPS in Windows IIS

If you use Windows IIS, there are two key steps for redirecting from HTTP to HTTPS on your site. We’ll explore them in more detail.

Step 1

  1. Download the IIS URL Rewrite Module
  2. Go into IIS Manager and select the website that needs redirecting
  3. Select URL Rewrite
  4. Click Add Rules, select Blank Rule, and then enter your rule name. Fill in the following pop-up as follows:
redirect HTTP to HTTPS
  1. In the next window, make the following edits:
redirect HTTP to HTTPS
  1. This will take you to the Action section. Here, you should make the following changes:
redirect HTTP to HTTPS
  1. Click Apply!

Step 2

  1. On your IIS dashboard, right-click on your site, then select Explore.
  2. Open the web.config file. 
  3. Add the following code block (if it isn’t already there)

<configuration><system.webServer><rewrite><rules><rule name="HTTPSforce" enabled="true" stopProcessing="true"><match url="(.*)" /><conditions><add input={HTTPS}"pattern="OFF$"/></conditions><action type="Redirect" url=https://{HTTP_HOST}/{R:1} redirectType="Permanent" /></rule> </rules></rewrite></system.webServer></configuration>

  1. Save!

How to Do an HTTP Redirect in Apache

If you use Apache, making the switch is also pretty easy. 

If you can access the root server, it’s simple to set up a redirect in the Apache Virtual Host domain configuration file. If you can’t, then you can go into your .htaccess file and make the changes there. 

Redirect with Apache Virtual Host

When you use the Virtual Host, you specify your generic site document root and then customize the security policy for the separate sites.

Use a simple redirect directive like this:

<VirtualHost *:80> ServerName example.com ServerAlias www.example.com Redirect permanent / https://example.com/<VirutalHost *:443> ServerName example.com ServerAlias www.example.com

In closer detail, all this works out pretty simply: 

  • “VirtualHost *:80” listens for connections on the 80 port (HTTP) for the domain you’ve specified 
  • “VirtualHost *:443” listens for connections on the 443 port (HTTPS) 
  • Replace “ServerName” and “ServerAlias” with your domain name
  • “Redirect permanent / https://example.com/” enables the redirection of traffic to the HTTPS site. 

Restart your server and it will take effect. 

Redirect with .htaccess

If you’re redirecting with .htaccess, you’ll need the mod_rewrite module – but don’t worry, that’s a default on most servers. 

Just open your root .htaccess file and add the following code:

RewriteEngine OnRewriteCond %{HTTPS} offRewriteRule ^(.*)$ https://example.com/$ [L,R=301]

Let’s dive deeper:

  • “RewriteEngine On” enables the rewrite 
  • “RewriteCond %{HTTPS} off” checks for the HTTP connection
  • “RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]” This redirects HTTP to HTTPS with a 301 status code. Just make sure you put your domain name where ‘example’ is! 

The bonus of redirecting with .htaccess is that you don’t need to restart anything for it to take effect. 

How Semrush Can Help

If you’ve got any concerns about making the change to HTTPS, don’t worry: Semrush is here to help. We’ve penned a few handy guides to HTTPS, including the top 7 best practices for HTTP to HTTPS ranking and our study on 10 HTTPS implementation mistakes.

We recommend using the Site Audit tool to check on your redirects. The tool can check for any technical errors on your site, and suggests how to fix them. If you’ve run a site audit recently, visit the tool overview and select HTTPS Implementation.

You’ll be taken to this overview:

redirect HTTP to HTTPS

In addition to performance metrics, the tool will note why these aspects of your HTTPS implementation are important and, if there’s an issue, why it’s occurred and how you can fix it.

redirect HTTP to HTTPS
redirect HTTP to HTTPS

The Site Audit tool can also alert you to expired SSL certificates. Handy notifications can keep you updated on your security status and alert you to any points you need to address.

redirect HTTP to HTTPS

You can check on your internal links too: 

redirect HTTP to HTTPS

Find out exactly how many links need changing, why, and how to fix it. 

redirect HTTP to HTTPS

Crawl your site effecitvely

with the Site Audit Tool

ADS illustration

And that’s it! Now you know exactly how to redirect your HTTP site to HTTPS, why it’s so important, and how you can earn your user’s trust with a secured site. 

Of course, if you’re low on time or would rather have an expert do it for you, that’s a great option too. Use the Site Audit tool to keep an eye on your updated site when you get to the other side. Happy redirecting!

Leave a Reply

Your email address will not be published. Required fields are marked *