By Soumya Roy

Many congratulations! Finally, you have made your site secure by hosting it on HTTPS.

Many website owners like you, have migrated their sites from the old non-secure HTTP version to the secure HTTPS version, since after Google indicated that HTTPS is going to be included to their ranking signals. This not only gradually improves the search engine rankings, but also increases the organic traffic and enriches the user experience.

HTTPS is truly influential when it comes to organic ranking and traffic. But did you experience any problem in your site, its ranking or traffic right after you installed the HTTPS? Many webmasters and SEOs have faced the same and even in a few cases, they have reported noticing a deep fall in their organic rankings.

This happens because the HTTPS migration process doesn’t end right after its successful installation. Instead, there are a few things to do to complete the circle. No matter whatever type of website you have, an online store, a web portal, an agency website or a WordPress blog, you have to do these 9 things after making your website secure with HTTPS.

Step 1: Set the Domain to the HTTPS

Earlier your website was hosted on HTTP. Now when you moved your site to the HTTPS, you need to set it permanently so that all major search engines including Google start crawling and indexing the secure domain version. Unless it is done correctly, you won’t see any major improvements in terms of search engine rankings and traffic.

How to understand this problem?

Open your site with HTTP and HTTPS separately on a browser. If you see that both the non-secure and secure versions are opening the site without a proper redirection to one of those, you have to correct it immediately.

If you are using a WordPress site, visit the WordPress General Settings section. In case you see the WordPress Address and Site Address URLs referring to the HTTP version, change both to the HTTPS version. This should solve the problem in WordPress.

If you own a non-WordPress website, depending on your CMS settings, you need to point the HTTPS version permanently.

If you have access to your site’s Htaccess file, you can directly put the HTTP-to-HTTPS redirection code on the Htaccess file to complete this process. Please keep a backup of your current Htaccess file before you make any changes on it.

Step 2: Point All Internal URLs to Their HTTPS Version

Though step one should solve the step two problem partially, still you should point and permanently redirect all internal webpage URLs of your website to their respective HTTPS versions.

Depending on the CMS you use, you can do it using a plugin or manually.

Additionally, don’t forget to edit the resource links to point those to the HTTPS version. Your website has many CSS and JavaScript files called from your webpages. All of those should be served as HTTPS. Similar to CSS and JavaScript, all native video, image, and amp-img source paths should be changed to the HTTPS version.

If you continue to serve the said resources as HTTP when the domain is hosted on HTTPS, browsers will show the SSL Mixed Content error or sometime Unsafe Scripts error. Consequently, your webpages may appear broken on browsers and to the users.

This will not only make your site look ugly, but also leave a poor user experience. As a result, you may experience a deep nosedive in site’s organic ranking.

Step 3: Watch the Canonical URLs, Redirections, and Tags

After completing step two, you should update all the canonical URLs of your website.

Canonical URL tells search engines the version of URL they should index for one content. If you point a wrong canonical URL on a webpage, search engines may not index the original URL, thus, you may lose a potential chance of ranking and lot of traffic.

Right after you host your site on HTTPS, make sure to change each of its canonical URLs to their absolute HTTPS version. This will ensure a proper indexing and better ranking.

Additionally, update all the old 301 redirects. All of those should now redirect to their respective HTTPS URL versions. For WordPress, you can change your redirections using a page redirection plugin, or else you may directly update those on site’s Htaccess file.

Other than these, in case your website has any other HTML tags, like hreflang, amphtml, Open Graph, Twitter Card, etc. those should be updated after the HTTPS is installed.

Step 4: Update the Sitemap Files

Once you are sure that the canonical URLs are correctly pointing to the absolute HTTPS version of the pages, next you need to take care of your website’s sitemap files.

As search engines may use sitemap files to understand the internal URLs of one website, those should list the absolute version of your page URLs.

Download your sitemap files and open those on an editor. Find (or in case, you are not using www subdomain) instances and replace those with (or

Double check the sitemap files and make sure that all page URLs are now served as HTTPS. Once done, update those on your server.

Step 5: Update the Robots.txt File

Search engines use the robots.txt file to see the directives and permissions of crawling. Therefore, after you secure your website with HTTPS, you should recheck if there is any HTTPS page blocked from the robots.txt file. If there is any, review that. In case, you don’t need that restriction anymore, remove it.

Additionally, point the sitemap path in the robots.txt file to its absolute HTTPS version.

You can do these using the Yoast plugin for your WordPress website. Else, you can directly download the robots file from your server, make the changes, and again host that on the server.

Step 6: Add the HTTPS Site to Google Search Console

Technically, the HTTP and HTTPS versions of a domain are very much different from each other; at least search engines see those as two separate properties. Therefore, when your website is migrated to the HTTPS version, it’s your job to add the new secure property to the search engines.

Consider adding your site’s HTTPS property to Google Search Console tool (formerly Google Webmaster). Additionally, you should do the same for all other webmaster tools you are using.

Next, add the updated sitemap file with HTTPS internal URLs to the Search Console.

You may also fetch and render a few important internal HTTPS URLs using Google Search Console for faster crawling and indexing (request).

Step 7: Add the Disavow File to the New Search Console Property

Disavow file lists the domains and URLs you don’t want search engines to count in your site’s backlink profile. Instead, search engines assume those as nofollow backlinks that are coming from those disavowed domains or pages. Therefore, updating the disavow file is an absolute must for your HTTPS site.

Earlier if you have used disavow file, download that from your Search Console (HTTP property) account. After that upload the disavow file again on the Search Console tool but on the HTTPS site property. Next, you may delete the HTTP site property from your Search Console account.

Step 8: Update Your Inbound links and Social Profile Links

When updating each of your site’s inbound links one by one is a tiresome job, updating a few of those high authority backlinks can be really worth of trying.

If you have maintained records of your backlinks, you can open your backlink spreadsheet, or else you can download the inbound link data from Google Search Console or using other paid tools.

Afterward, from the list of linking sites, highlight the domains with high Domain Authority and Trust Flow. Next, open the linking pages of those high DA sites one by one and check if you can edit your backlinks there. Where possible, change those to point to the HTTPS version.

Additionally, you should log in to your social media accounts and visit your profile or company pages. From there, change all the links pointing to your site’s HTTP version to the HTTPS links.

Step 9: Update Tools and Campaigns

Lastly, don’t forget to update the tools and running campaigns that link to the HTTP version of your website.

You might be using many marketing and SEO tools where you have linked your website or specific product pages for usability, data analysis, alerts etc. Those are to be corrected to point to their respective HTTPS URLs. Else, a few of those tools may fail to complete the job they are built for. And as a result, you may get wrong data insights.

In addition to this, you should also update the plugins that are linking to your site’s HTTP version.

In case you are using any email marketing or social automation campaigns, point the HTTPS site links there.

Summing Up

HTTPS is important for building user trust, improving sites’ search engine rankings and increasing organic traffic to the site. The problem arises when you implement HTTPS incorrectly or do not complete the entire after-installation process. The worse thing is that you will realize the problem long after you see a deep fall in your organic traffic or empty and missing data in search console.

For a comparatively large website, we recommend using Screaming Frog tool that crawls webpages and points out issues in detail.

Now, use this after-HTTPS checklist to make sure everything is placed correctly and working without any trouble.