Would you like to know how to move WordPress From HTTP to HTTPS and install an SSL certificate on your website? Since July 2018, we’ve received a lot of inquiries about this as Google announced that all websites that don’t use SSL in Chrome browsers would be marked as insecure. In this article, we’ll show you how to properly add an SSL certificate to move WordPress from HTTP to HTTPS.
How to Move WordPress From HTTP to HTTPS: SSL For Beginners
How HTTPS works
Before we delve into how to move your site to HTTPS, let’s first define what we’re talking about. Even if you don’t know precisely what HTTPS and SSL are, you’ve probably seen them at work before.
HTTPS and SSL are visible in website URLs
Currently, the URL of most extensive (and increasingly smaller) websites starts with https:// instead of the familiar https://. However, looking at the website bar, you’ll see just that.
On the side, you will also notice the padlock symbol. This is how modern browsers show you are on a website with SSL encryption. In some cases, they even include the company name. Moreover, both are signs that you are on a site that takes the privacy of its visitors seriously.
What does HTTPS mean?
HTTPS stands for Hypertext Transport Protocol Secure. Its cousin, HTTP (which means the same minus the Secure at the end), is the communication protocol commonly used to facilitate web traffic.
Move WordPress from HTTP to HTTPS: What is the difference?
The secure version uses a Secure Socket Layer (SSL) certificate to establish a connection between the browser and the server. This means that all information exchanged will be encrypted.
Encryption involves replacing plain text information (such as usernames and passwords) with random numbers and letters. So if someone intercepts them, they are not human-readable and more understandable.
Sounds useful, right? But do you need it on your website? Let’s see good reasons to spread HTTPS to your WordPress site.
One note: the SSL technique is not the fastest name. In the late 1990s, the name changed to TLS (Transport Layer Security), and SSL was retired. However, his name stayed there.
How to move WordPress from HTTP to HTTPS: SSL for beginners (8 Steps)
Alright, now we’re getting to the main point of this article: how to move WordPress from HTTP to HTTPS and install an SSL certificate on your website. We’ll do it step-by-step to make sure you can follow along smoothly. After all, we also care about the security of your website!
1 – Backup your website
If you make major changes to your website, back it up first. Then, if something goes wrong, you can revert to a working version (we won’t wait).
Since this situation is no different, protecting your website is your top priority. Even better – if you have a chance, first run the following process on a staging server, not just your live site.
2 – Implement your SSL certificate
The first thing we will get is an SSL certificate. How easy or complicated this process depends a lot on your host.
And for example, while researching this guide, we found that our current host does not support Let’s Encrypt and does not plan to do so. So we are in the process of change. Fortunately, yours is a little more advanced, like the companies on this list.
The ideal scenario is for your HTTPS host management to choose an option to move your site directly from the dashboard. For example, you can follow these instructions to switch your site to Let’s Encrypt in cPanel with Cloudways. Just find the same steps for Plesk here.
For everyone else, there is Certbot. And if you have administrative shell access on your server, select the type of web server and the operating system you are running. After that, the website will tell you how to implement Let’s Encrypt on your server.
And If you get your SSL certificate from a different source, follow your hosting provider’s instructions for implementing the switch (this is also why resorting to them in the first place isn’t a bad idea).
Once that’s done, you must make the necessary changes to your WordPress site. So that’s what we’ll talk about next. If you think the below is too technical, you can also try the Simple SSL plugin. Moreover, it takes care of most of the heavy lifting described below.
3 – Add HTTPS to the WordPress admin area
The WordPress dashboard is the first place you can take advantage of the new secure connection. Securing the backend first ensures their information is securely exchanged whenever a user logs in.
To do this, open wp-config.php in your and add the following line somewhere before it says That’s all; stop editing!
define('FORCE_SSL_ADMIN', true);
After updating the file, it’s time to test if it works. To do this, try to access your login page with HTTPS in the URL, for example, via https://yoursite.com/wp-admin. Moreover, if everything worked correctly, you should now have a secure connection, then continue.
4 – Update the website address
Once you’ve moved your WordPress backend to HTTPS, it’s time to do the same for the rest of your site. You can do this by updating your website address in Settings > General.
Now add https: // to the beginning of your WordPress and website addresses. Then save and update the settings. Please note that you may need to log in again later.
5 – Change the links in your content and templates
Then update the content, including the old HTTP protocol and all the links in the database. Plugins such as Velvet Blues and Search and Replace scripts can help with this. However, be careful. If mishandled, they can also ruin your website. You’re glad you backed up before, right?
If your theme templates and function files have links to external resources and assets that contain absolute HTTP links, it’s also important to fix them. Considerations:
- Images, videos, and audio hosted on your website
- web fonts
- frames
- JavaScript and CSS files or assets referenced in these files
- internal links
- And if possible, change your links to //instead of https://. They will create relative links on their own!
6 – Implement 301 redirects in .htaccess
The next step in migrating your website to HTTPS is to set up a redirect that automatically redirects your visitors to a secure version. For this, we will use .htaccess. This is the name of a critical system file on your server (usually in the WordPress root directory).
It usually contains settings to use pretty permalinks, so your installation probably already has one. To find it, be sure to allow your FTP client to show hidden files because .htaccess is invisible by default. If you don’t have one, create a plain text file, rename it .htaccess, and upload it to your WordPress root directory.
Then add the following lines to it:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
That’s it; from now on, visitors (including Google bots) will need to automatically access the HTTPS version of their WordPress site. Make sure no pages are available in either version. This can lead to content duplication issues not suitable for SEO.
7 – Test and Go Live
Now that the main steps are complete, it’s time to test that everything is working properly. To do this, go to SSL Test. Enter your domain name and click Submit. This will give you an overall score on how well you implemented SSL on your website, and as well as details on how to identify potential issues and how to fix them.
Then crawl your site using tools such as SSL Check. This way you can resume the forgotten link. If all goes well, it’s time to move on to live.
Well done! And finally, now all you have to do is update some peripherals.
8 – Update your website environment
If that works, it’s the final step to complete the switch to HTTPS:
Update sitemap
Ideally, the SEO plugin will do this automatically. However, it does not always work that way. Yoast SEO may need to deactivate the plugin once to update the sitemap. Don’t forget to include it in your robots.txt file and update any other hard-coded links that may be there.
Add Website to Webmaster tools
Access your Webmaster Tools and add the HTTPS version of your website as a new property. Load a new sitemap there. You can also search, crawl, and upload denial files that are already active on older versions of your site.
CDN upgrades
If you’re using a content delivery network (one of the ways to speed up your WordPress site), you’ll also need to switch to SSL. Many of them have this feature built-in, and the CDN needs documentation about it. If not, ask for their support to help you. Make changes to your analysis-If your analysis requires a default URL, be sure to update it with the new prefix. For Google Analytics, the options are in Manage> Property Settings> Default URL. Also, be careful when switching to HTTPS to understand the changes in traffic. Maintaining the Number of
Shared content on social networks
When viewing the number of shared content on your website’s social networks, you may need to make some changes to keep it up to date. Don’t forget to update the website link in your social profile! And also you can do the same with email templates.
That’s it! Congratulations, you have successfully switched your website to HTTPS.
Move WordPress From HTTP to HTTPS: Here are some troubleshooting tips
Your website handles confidential information
First, if you have an online store that handles credit card information or similarly sensitive data, it is imperative to migrate your website to HTTPS. Customers want and should trust your website. And it is your responsibility to make this possible.
For example, others could steal your payment details if someone uses a public Wi-Fi hotspot to access an unsecured website. If they use this information to steal from your customer, how likely is that person to come back to your site? Not a lot.
Without HTTPS, it is also possible to change the data your visitors receive. That way, a third party can add ads, malware, or other things that you definitely don’t want other people to see in your web presence.
However, even if you’re dealing with everyday credentials “just,” it’s a good idea to further enhance your security and keep it safe. Your users will surely appreciate it.
HTTPS is a sign of reliability and authenticity
Speaking of visitors, with the general push to adopt HTTPS across the web, consumers are increasingly expecting encryption.
Why do they care? Because that little padlock not only means your traffic is protected, but it also means that the site is real and that no one it claims is fake.
So if they had to choose between your website without HTTPS and a competitor who has implemented HTTPS, they might choose you. Especially since normal browsers (Chrome, Firefox) now mark pages with forms on pages without HTTPS as insecure.
In the future, they will usually warn you about any website that is not encrypted. And you really don’t want to be a part of it.
Benefits of SEO
Not only do consumers want to move to HTTPS, but search engines as well. Google officially announced in 2014 that SSL certificates had become a ranking factor. More importantly, HTTPS is still weak but has become more important over time.
Also, HTTPS-to-HTTP reference data is blocked by Google Analytics. Therefore, if your website is running with an older protocol and you get a lot of references from a website running over HTTPS, your web analytics will not be able to display this correctly. As a result, you may miss the expansion of your marketing channel without noticing that the platform is sending a lot of traffic.
Faster loading times
If you stay with SEO issues, HTTPS will also be significantly faster. Can’t you believe it? So, Try it here (use a private window to avoid image caching). When I ran the test, HTTP was 144% slower than HTTPS.
SSL For Beginners: Move WordPress From HTTP to HTTPS – Conclusion
Now you know how to move WordPress From HTTP to HTTPS and install an SSL certificate on your website keeping your website and traffic safe is one of the most critical issues for any website owner. And knowing they can trust you with their sensitive data is essential to consumers. In times of increased data theft, this is a huge asset, and HTTPS and SSL are the tools to achieve it.
Know that this is a significant investment for the future and where the web is moving. Your visitors, users, and your website will thank you.