How to migrate to HTTPS without losing your rankings Author Bartosz Góralewicz Read bio A while ago (August 6th 2014), Google announced officially that HTTPS has become a ranking factor from now on.For this reason, we’ve been running tests over the past few months, taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signalSource: http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.htmlGoogle mentioned that this change affected fewer than 1% of all global queries. In fact, the impact of (most probably) HTTPS was noticed in Algoroo over the next 9 days!After this announcement, many webmasters (including myself) migrated to HTTPS which could also cause some of the SERP movement.One of the webmasters was actually Barry Schwartz. He described his own company’s – www.rustybrick.com move to HTTPS here – http to https status on rustybrick.com. So far, the move seems to be successful with no major (negative or positive) ranking chages so far.Google’s point of view on HTTPSI think it is worth watching the Google I/O 2014 – HTTPS Everywhere video with Pierre Far and Ilya Grigorik.Things to watch out for while switching to HTTPSWhen moving your website to HTTPS, there are few things to watch out for. Let me list those here.Google Change of Address Tool doesn’t support HTTPS move.To this day, it is not possible to set a 301 redirect (address change) in Google Webmaster Tools to HTTPS domain. Why is that? Pierre Far from Google replied a few questions on Hacker News that might shed some light on this issue (source: https://www.seroundtable.com/google-ssl-https-ranking-signal-18966.html)Q: Google treat the http and https versions of a domain as SEPARATE PROPERTIES?A: That’s not quite accurate. It’s on a per-URL basis, not properties. Webmaster Tools asks you to verify the different _sites_ (HTTP/HTTPS, www/non-www) separately because they can be very different. And yes, I’ve personally seen a few cases – one somewhat strange example bluntly chides their users when they visit the HTTP site and tells them to visit the site again as HTTPS.Q: This means that even if you 301 every http page to https when you transition, all of your current rankings and pagerank will be irrelevant?A: That’s not true. If you correctly redirect and do other details correctly (no mixed content, no inconsistent rel=canonical links, and everything else mentioned in the I/O video I referenced), then our algos will consolidate the indexing properties onto the HTTPS URLs. This is just another example of correctly setting up canonicalization.Uploading your disavow to HTTPS versionI don’t think that this issue has been covered anywhere yet and it is crucial. When you’ve got your disavow file uploaded and you are moving to a new domain, your disavow file is not automatically moved to HTTPS. Therefore, if you don’t upload your disavow file to the HTTPS version of Google Webmaster Tools, it is not taken into consideration and you risk being hit with a Manual Penalty or by Google Penguin.Let me show you an example. I moved my own domain (goralewicz.co) to HTTPS. After creating a separate Google Webmaster Tools account for the HTTPS version, I still needed to upload my disavow file there.Google Webmaster Tools – http://goralewicz.coGoogle Webmaster Tools – https://goralewicz.coAs you can clearly see above, you need to be really careful and it is best to upload your disavow before a full 301 redirect or just after.Keeping correct internal structureAfter moving to HTTPS, remember to edit all the internal links to point to HTTPS as well. I saw a few websites where it was replaced with mass 301 redirects. I would try to avoid such a scenario. When doing that, double check rel=canonical tags too and make sure they point to HTTPS version of the page.Remember about files loading from your serverEven if you succeeded in migrating properly and all your internal links are edited, remember to set up redirects from HTTP to HTTPS. In my case, I realized that after my email signature stopped loading properly (it was loading from my server).Edit all the external links that you controlDon’t take this point too seriously. Google will manage the redirecting of all your old links etc. Still, I would advice you edit your website’s URL on your Twitter, Facebook and Google Plus profiles for example.Crawl before you runBefore crawling, it is cruicial you have a list of URLs from the old structure. This way you can benchmark the migration and be 100% sure that it was successful.Things to watch out for while crawling:Response timesResponse codesFull URL listYou obviously want to have these backed up somewhere safe before the migration. The best tool to employ for this is DeepCrawl, as you won’t need to worry about saving the reports in CSV and you can easily compare the two (before and after the migration) crawls. There is also a cheaper option – Screaming Frog or 100% free Xenu. All these tools will get you the results you need. But it is only with DeepCrawl you can have the whole website structure and code saved before the migration and you can directly compare the crawls later (and present to your customer or boss).Watch your server’s speedThis is also a factor that is not getting as much attention as it deserves. HTTPS makes websites slower! Keep it in mind before deciding to migrate to HTTPS. Speed is an important ranking factor. Watch it on your Google Webmaster Tools -> Crawl -> Crawl Stats.Also, use crawlers to monitor your server response time (Screaming Frog or DeepCrawl). Of course, a website’s loading time is important too; however, I mostly monitor just the server response time. From experience, I’ve observed that it affects rankings almost instantly.For example, with HTTP my website’s server load time (measured with Chartbeat.com) was around 400 ms (0.4 sec). After implementing HTTPS, it is now between 800 and 900 ms (0.8 – 0.9 sec). Ignoring this factor can also get your website in trouble.Take it easyThere is a lot of schizophrenia with the HTTPS move all over the internet. I actually don’t think that Google sees that as a domain change and Googlers are pushing us to use HTTPS using the same reasons.HTTPS will never solve your issues, but it also shouldn’t harm your rankings if done right. If you don’t feel comfortable with moving to HTTPS, you can hold on for now, but I always prefer to deal with such changes sooner rather than later. With more traffic, more pages and higher engagement (I assume that websites usually gain more traffic and content with time) it definitely becomes more scary and more complicated.If you are thinking of migrating to HTTPS, I am happy to hear your story. Also if you gained/lost rankings with HTTPS migration, don’t hesitate to comment below.