An extension of the HyperText Transfer Protocol (HTTP), the HyperText Transfer Protocol Secure (HTTPS) allows a secure way of communicating over the internet or any network. In February 2018, Google announced that starting July 2018, Chrome will start displaying a ‘Not Secure’ label in the address bar for sites who do not have an HTTPS domain.
Hence, many websites have started moving their websites to HTTPS. In this article, we will offer a step-by-step guide for moving your WordPress website to HTTPS.
Step 1 – Create a Website Backup
Whether you are moving your website to HTTPS or incorporating any other major change, it is important to create a backup of your website. This gives you a fallback option in case anything goes wrong.
WordPress has a wide range of backup plugins to choose from to help you create the backup on your local computer or the cloud.
Step 2 – Implement the SSL Certificate
A Secure Sockets Layer (SSL) certificate is required to move your site from HTTP to HTTPS. This digital certificate is issued by a certifying authority for a specific domain.
Once you purchase the SSL certificate, there is a verification process to be followed. However, your host must allow the installation of an SSL certificate for your website.
One way of successfully implementing the SSL certificate is by using WordPress Hosting services which allow its purchase and installation or even offer it as a part of the hosting plan. These hosting services also offer automatic updates of your WP-core, plugins, and themes.
Step 3 – WordPress Admin-Area Changes
Once you have implemented the SSL certificate, it’s time to secure the back-end of your WordPress site. A small change, as shown below, can help you do this:
- Go to the wp-config.php file present in the WP root folder and open it.
- Scroll down and reach the end of the file and look for the phrase – ‘That’s all, stop editing’.
- At any place above this phrase type: define(‘FORCE_SSL_ADMIN’, true);
- Close the wp-config.php file.
After doing this, try accessing your WP-login page by replacing ‘http’ with ‘https’. For example,
If the URL of your WP-login page was http://yourwebsite.com/wp-admin, then change it to https://yourwebsite.com/wp-admin and check if you can access the page. If everything seems in order, then this page is accessible over a secured connection.
Step 4 – Make Changes to the Site Address
After securing the back-end of your WP-site, it’s important to change the site address under general settings (can be found under Settings→General) as shown below.
Once you have these options in front of you, simply change ‘http’ to ‘https’ for the WordPress address (URL) and the Site Address (URL). Remember to save and close the settings page.
Step 5 – Make relevant changes in the Content and Templates
Now, look for all templates and/or links in your content and database with the HTTP protocol and change them to HTTPS. There are many plugins available to help you search and replace text on your WordPress site.
Also, if there are links to external resources or assets in the theme templates and function files with HTTP, make sure that you do the necessary changes too. You might also want to check all your media files, CSS or JavaScript, internal links, web fonts, etc. for HTTP.
Step 6 – Implement 301 Redirects
Now that you have made the changes, you have to set-up automatic redirects which sends your site visitors to the HTTPS version.
To do this, you can use an FTP client and access the .htaccess file and add the below-mentioned lines to it. Remember, the .htaccess file is hidden by default. Therefore, you will have to un-hide it before accessing.
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteCond %{HTTPS} off
- RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- </IfModule>
Now your site visitors will be automatically redirected to your HTTPS site.
Step 7 – Finishing Touches
- Before you make the changes live, check if all aspects of your website work fine.
- There is a possibility that you might have missed out on certain HTTP links. You can use a plugin like SSL Crawl to find them and make the necessary changes.
- The sitemap needs to be updated too.
- You also need to add the HTTPS version to the webmaster tools
- If you are using a CDN, you will have to make changes there as well.
- Also, update the URL to the HTTPS version in any analytics tool used by you.
If you are not so technically inclined, then you might want to hire the services of a professional to do it for you. Increasing number of websites are moving to HTTPS and eventually, customers might choose to stay away from sites that have not implemented SSL.
Give your users and customers a secured experience by moving to HTTPS. Good Luck.
