Step by Step to Move Your WordPress Site to HTTPS

Are you looking to move WordPress from HTTP to HTTPS and install an SSL certificate on your website? We have been getting a lot of requests on this topic because Google announced that Chrome browser will start marking all websites without SSL as insecure starting July 2018. In this article, we will show you how to properly move WordPress from HTTP to HTTPs by adding a SSL certificate.

Why Should You Switch to HTTPS?
Installing HTTPS has lots of benefits, and below are some of them

HTTPS Gives Web Users Confidence
In this age of heightened cyber-crime, nothing is as scary as feeding the internet with sensitive personal detail. However, a website that has a secured connection takes this fear away. If your website is such that it demands sensitive personal details from users, SSL (HTTPS) is a must.

HTTPS is a Must for All E-commerce Stores
If you have plans of setting up an e-commerce store – or you already have one – HTTPS is non-negotiable. That way, users will feel safe to provide you with their credit card details.

HTTPS Websites Perform Better, SEO wise
It’s known that Google will naturally push down websites without a secured connection on search pages. So, if you don’t want that to happen, it’s about time you upgraded your site to HTTPS.

HTTPS Sites Load Way Faster than HTTP
Talking about SEO, load time has become a major ranking factor. You cannot afford to be careless about the load time of your website. One sure way of speeding up your site is migrating from HTTP to HTTPS.

How HTTPS Works – A Short Definition
Before diving into how to move your website to HTTPS, let’s first define what we are talking about. Even if you don’t know exactly what HTTPS and SSL are, you have probably seen them at work before.

HTTPS and SSL are Visible on the Site URLs
These days the URL of most big sites (and increasingly also the smaller ones) start with https:// instead of the familiar http://. In fact, if you look into your browser bar while on this very website, you will see exactly that.
Next to it, you will also notice the padlock symbol. This is how modern browsers show that you are on a site that uses SSL encryption. In some cases, they even include the name of the company. Both are signs that you are on a site that takes the privacy of their visitors seriously.

What Does That Really Mean?
HTTPS stands for Hypertext Transport Protocol Secure. Its cousin, HTTP (which stands for the same minus the Secure at the end), is the communication protocol usually used for facilitating web traffic.

What’s the difference?

The secure version uses an SSL (Secure Socket Layer) certificate to establish a connection between browser and server. That means any information that is exchanged gets encrypted.

Step by Step to Move Your WordPress Site to HTTPS
Alright, now we are getting to the meat and potatoes of this article: how to move your site from HTTP to HTTPS. We will take this step by step to make sure you can follow along without a problem. After all – we care about your site’s security as well!

Back-Up Your Website
Whenever making major changes to your site, you should always back it up first. That way, in case something goes wrong (not that we are expecting it) you can go back to the working version.

Implement Your SSL Certificate
The first thing we will do is get ourselves an SSL certificate. How easy or complicated this process is, depends largely on your host.

Add HTTPS to the WordPress Admin Area
The first place where you will get to enjoy the new safe connection is the WordPress dashboard. By securing the back end first, you make sure that whenever a user logs in, their information is exchanged securely.

To do so, open wp-config.php in your WordPress root folder and add the following line somewhere before where it says That’s all, stop editing!.

Once you have updated the file, it’s time to test if it works. For that, try to access your login page with HTTPS in the URL, for example via https://yoursite.com/wp-admin. If everything worked correctly, you should have a secure connection now. Then continue.

Update the Site Address
After moving the WordPress backend over to HTTPS, it’s time to do the same for the remainder of your site. You can do that by updating your site address under Settings > General.

Add https:// to the beginning of both the WordPress address and site address. Then update your settings by saving. Be aware that you might need to log in again afterward.

Change Links in Your Content and Templates
Now it’s time to update any links in your content and database that include the old HTTP protocol. A plugin like Velvet Blues or the Search and Replace script can help with that. However, be careful! If handled incorrectly, they can also screw up your site. Good thing you made that backup earlier,

Images, videos, audio hosted on your site
Web fonts
Iframes
JavaScript and CSS files or assets referenced within those files
Internal links
If possible, change your links to // instead of https://. They will then create relative links themselves!

Implement 301 Redirects in .htaccess
The next step in moving your site to HTTPS is setting up a redirect that sends visitors automatically over to the secure version. For that, we will use .htaccess. This is the name of an important system file on your server (usually in the WordPress root directory).

After that, add the following lines to it:

That’s it. From now on, visitors (including Google bots) should automatically land on the HTTPS version of your WordPress site. Make sure no page is available in both versions. This can lead to problems with duplicate content. Not good for SEO.

Test and Go Live
Ok, now that we are done with the main steps, it’s time to test if everything works correctly. For that, head on over to SSL Test. Insert your domain name and click Submit. This will give you an overall score of how well you implemented SSL on your site and details to find out potential issues in order to fix them.

Update Your Site Environment
If that worked fine, now it’s time to do the last few steps to complete the transfer to HTTPS: