Learning how to move your website to HTTPS is an important topic. These days, we share sensitive data like credit card and banking information or login credentials dozens of times per day.
Using the web to go shopping gives us many conveniences. We no longer need to go out to run errands, buy groceries, pay bills, or talk face-to-face with others. Hell, right before I wrote this guide, I was trying on glasses online!
Plus, you no longer have to inadvertently use a damaged ATM to have your credit card information stolen. This is also now possible in the comfort of your own home. No extra cost!
However, there is an opposite side. As a website owner, especially if you run an online store and/or deal with financial or other information, you have a responsibility to keep it safe. One of the most important steps in doing this is to use HTTPS and SSL encryption on your site. Thatās what weāll talk about in this guide.
We will first talk about what we understand by HTTPS and SSL and how it works. After that, weāll talk about the reasons to add encryption to your site. Weāll then tell you where you can get an SSL certificate for your site, and finally weāll provide a step-by-step guide on how to move your site to HTTPS.
Ready? Then put on your safety glasses and letās talk a little about safety.
Click here for 8 steps to move your WordPress to https: //
How HTTPS Works ā A Short Definition
Before we delve into how to move your website to HTTPS, letās first define what weāre talking about. Even if you donāt know exactly what HTTPS and SSL are, youāve probably seen them before at work.
HTTPS and SSL are visible in the site URLs
In this
These days, the URL of most large sites (and increasingly smaller ones as well) start withĀ https: // enĀ lugar de la familiarĀ http: //Ā .Ā In fact, if you look at your browser bar while youāre on this very website, youāll see exactly that.
Next to it, you will also notice the padlock symbol. This is how modern browsers show that you are on a site that uses SSL encryption. In some cases, they even include the name of the company. Both are signs that you are on a site that takes the privacy of its visitors seriously.
What does that really mean?
HTTPS meansĀ secure hypertext transport protocol.Ā Its cousin, HTTP (which means the same minus the secure end), is the communication protocol that is generally used to facilitate web traffic.
What is the difference?
The secure version uses a Secure Socket Layer (SSL) certificate to establish a connection between the browser and the server. That means that any information that is exchanged is encrypted.
By Munkhzaya Ganbold (Own work)[Ā CC BY-SA 4.0Ā ], aĀ via Wikimedia Commons
Encryption is the process of replacing plain text information (such as usernames and passwords) with random numbers and letters. That way, they are no longer readable by humans and harder to understand if someone intercepts them.
Sounds useful, right? But do you really need it on your site? Letās review some good reasons to add HTTPS to your WordPress website.
A quick note: Technically SSL is no longer the correct name. In the late 1990s, the name changed to TLS (Transport Layer Security) and SSL was retired. However, his name stuck around.
Why should you move your website to HTTPS?
Nowadays,Ā only 0.1% of all websites use SSLĀ .Ā Consequently, it doesnāt seem like technology is essential to running a successful web presence. However, there are still compelling reasons to become part of the minority.
1. Your site handles sensitive information
First of all, if you have an online store that handles credit card information or similar sensitive data, moving your site to HTTPS is an absolute must. Customers want to trust your site and they should be able to. It is your responsibility to make that happen.
For example, if someone uses a public Wi-Fi hotspot to access an unsecured site, others can steal your payment details. If they use that information to steal from your customer, how likely do you think that person will come back to your site? Not much.
Without HTTPS it is also possible to modify the data your visitors receive. That way, a third party could add ads, malware, or other things that you definitely donāt want others to see on your web presence.
In fact, a while agoĀ AT&T got caught doing thatĀ (add ads, not malware). However, you can be sure that visitors will not really care who did the deed. Everyone will remember what happened on your site.
However, even if youāre ājustā dealing with normal login information, itās not a bad idea to offer an extra layer of security and keep it safe. Your users will surely appreciate it.
2. HTTPS is a sign of trust and authenticity.
Speaking of visitors: Due to the general momentum of adapting HTTPS on the web, encryption has become something consumers expect more and more. In fact, until now theĀ 28.9% look at the green address bar in your browser,Ā a number that will likely increase over time.
Ā
Why do you care? Because the little padlock not only means that your traffic is protected, but also that the website is authentic and who it claims to be, is not fake. After all, the same study shows that 77% of end users are concerned about interception and misuse of their data.
So if they are given the choice between your site without HTTPS and a competitor who has implemented it, thereās a good chance theyāll decide against you. Especially since the major browsers (Ā ChromeĀ ,Ā FirefoxĀ ) now they mark sites, which have forms on pages without HTTPS, as insecure.
In the future, they can generally warn you of any site that does not have encryption. And you really donāt want to be among those.
3. Benefits for SEO
Not only are consumers expecting you to move to HTTPS, but so are search engines. GoogleĀ officially announcedĀ that having an SSL certificate in place is now a ranking factor. Also, although it is weak at the moment, the importance of HTTPS will increase over time.
On top of that, HTTPS to HTTP referral data is blocked in Google Analytics. So if you have a website running on the old protocol and you get a lot of referrals from sites running on HTTPS, you wonāt see it correctly in your web analytics. That way, you may not be aware of the platforms that send you a lot of traffic and lose amplification of your marketing channels.
4. Faster loading times
Staying on the subject of SEO, HTTPS is also significantly faster. Donāt believe me Try it here (use a private window to avoid image caching). When I tested, HTTPS was 83% faster!
Not bad, right? Especially because theĀ Ā Page load speed is also a ranking factor.
Not only that, but visitors care. In fact,Ā a large part will leave their siteĀ if it doesnāt charge in three seconds. For that and other reasons, check out our guide onĀ how to speed up wordpress
8 steps to move your WordPress site to HTTPS
Ok, now weāre getting to the meat and potatoes of this article: how to move your site from HTTP to HTTPS. We will take this step by step to make sure you can follow it without problems. After all, we care about the security of your site too!
1. Backup of your website
Whenever you make any major changes to your site, you should always back it up first. That way, in case something goes wrong (not that weāre expecting it), you can roll back to the working version.
Since this case is no different, backing up your website is your first task. Even better: If you have the chance, run the process below on a test server first, not just your live site.
2. Deploy your SSL certificate
The first thing we will do is get an SSL certificate. How easy or complicated this process is depends largely on your host.
For example, while researching this guide, I discovered that my current host doesnāt support Letās Encrypt and doesnāt plan on doing so. Needless to say, I am in the process of changing. Hopefully yours is a bit more progressive, like the companies inĀ this listĀ .
The optimal scenario is that your host offers an option to move your site to HTTPS directly in the admin panel. For example, to switch your site to Letās Encrypt in cPanel, you can followĀ these instructionsĀ .Ā Find the same steps for PleskĀ here.
For everyone else, thereĀ CertbotĀ .Ā If you have administrative administrator access on your server, you can simply select the type of web server and operating system you are using. After that, the site will tell you how to implement Letās Encrypt on your server.
If you get your SSL certificate from a different source, follow your hosting providerās instructions for implementing the change (thatās also why using them in the first place isnāt a bad idea).
Once this is done, you need to start making the necessary changes to your WordPress website. This is what we will talk about next. If you find the following too technical, you can also try the pluginĀ Ā Really Simple SSLĀ .Ā It handles most of the heavy lifting described below.
3. Add HTTPS to WordPress admin area
The first place where you will be able to enjoy the new secure connection is the WordPress dashboard. By securing the back end first, you ensure that every time a user logs in, their information is exchanged securely.
To do so, openĀ wp-config.phpĀ in your WordPress root folder and add the following line somewhere before it saysĀ Thatās it, stop editing! .
define ('FORCE_SSL_ADMIN', verdadero);
Once youāve updated the file, itās time to test if it works. For that, try to access your login page with HTTPS in the URL, for example viaĀ https://yoursite.com/wp-adminĀ .Ā If everything worked fine, you should now have a secure connection. then continue.
4. Update site address
After moving the WordPress backend to HTTPS, itās time to do the same for the rest of your site. You can do this by updating your site address atĀ Settings > General.
Ā
AddĀ https: //Ā at the beginning of the WordPress address and the site address. Then update your settings by saving. Please note that you may need to sign in again later.
5. Change links in your content and templates
Now is the time to update any links in your content and database that include the old HTTP protocol. A plugin likeĀ Velvet BluesĀ or theĀ search and replace scriptĀ can help with that. However, be careful! If handled incorrectly, they can also ruin your site. Good thing you made that backup earlier, right?
If you have links to resources and external resources in your theme templates and feature files with absolute HTTP links, itās important to fix those as well. Things to consider:
- Images, videos, audio hosted on your site.
- web fonts
- iframes
- JavaScriptĀ Files or CSS or assets referenced within those files
- internal links
If possible, change your links to enĀ //lugar deĀ https://.Ā Then they themselves will create relative links!
6. Implement 301 Redirects in .htaccess
The next step in moving your site to HTTPS is to set up a redirect that automatically sends visitors to the secure version. For that, we will useĀ .htaccess.Ā This is the name of an important system file on your server (usually in the WordPress root directory).
It usually contains settings to use nice permalinks, so your installation probably already has one. To find it, make sure you allow your FTP client to show hidden files becauseĀ Ā .htaccessĀ it is invisible by default. If you donāt have one, just create a plain text file, rename itĀ .htaccessĀ and upload it to the WordPress root directory.
After that, add the following lines to it:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond% {HTTPS} desactivado
RewriteRule ^ (. *) $ Https: //% {HTTP_HOST}% {REQUEST_URI} [L, R = 301]
</IfModule>
Thatās it. From now on, visitors (including Google bots) should automatically log into the HTTPS version of your WordPress site. Make sure there are no pages available in both versions. This can lead to problems with duplicate content. Not good for SEO.
7. Try and live
Ok, now that weāre done with the main steps, itās time to test if everything works correctly. For that, go toĀ SSL TestĀ .Ā Insert your domain name and clickĀ SendĀ .Ā This will give you an overall score on how well youāve implemented SSL on your site and the details to uncover potential issues in order to fix them.
After that, crawl your site with a tool likeĀ Ā SSL CheckĀ .Ā That way, you can catch any leftover links that you forgot. If all is well, itās time to go live. Well done! Now you just need to update some peripherals.
8. Update your site environment
If that worked fine, now itās time to take the final steps to complete the transfer to HTTPS:
- Update your sitemapĀ : ideally, your SEO plugin does this automatically. However, it doesnāt always work that way. With Yoast SEO, you may need to disable the plugin once to update the sitemap. Donāt forget to include it in your robots.txt file and update any other hardcoded links you may have there.
- Add the site to webmaster toolsĀ : go to each webmaster tool you are using and add the HTTPS version of your site as a new property. While youāre there, upload the new sitemap. You may also consider doing aĀ search and trace,Ā and submit any reject files that are already active for the previous version of your site.
- Update your CDNĀ : if you are using aĀ content delivery networkĀ (one of the ways ofĀ speed up your siteĀ ), you should also change it to SSL. Many of them have that feature built in and your CDN should have documentation on this. Otherwise, ask for their support to help you.
- Change your analyticsĀ : if your analytic needs a default URL, be sure to update it with the new prefix. For Google Analytics, you will find the option underĀ Admin > Property Settings > Default URLĀ .Ā Also, note when you made the switch to HTTPS to understand traffic changes.
- Keep social media countĀ : If you display social media counters on your site, you may need to make some changes to keep them up to date. seeĀ this guideĀ for more details. Donāt forget to update the links to your site on your social profiles! And do the same in your email templates.
Thatās it! You have successfully moved your website to HTTPS. Congratulations, that was no small feat. If all went well, all thatās left is to pat each other on the back and celebrate. In case you run into trouble, here are some troubleshooting tips.
HTTPS Troubleshooting Tips
Unfortunately, moving your site to HTTPS isnāt all sunshine and rainbows. Some things may come up that need to be dealt with.
Mixed Content Warnings
The most common issues that arise after moving your website to HTTPS are mixed content warnings. This happens when the browser finds unsafe links on a secure page. This is usually a matter of updating links to jquery libraries, custom sources, or the like to your HTTPS version.
You usually have to take care of this while scanning your site before you publish it. However, if you encounter a warning like this, be sure to check what is causing it.
Apart from the tools mentioned above, you can also useĀ Ā Why No Padlock?Ā for single pages. So, fix whatever the problem is.
Declining search rankings
Making the switch from HTTP to HTTPS can negatively impact your rankings. What?! Didnāt I say earlier that this is good for SEO? Why would your ranking drop then?
Before you go back and kick HTTPS to the curb, hear me out first. If your SEO is negatively affected, this is usually only temporary.
You see, Google deals with URLsĀ https: //Ā yĀ http: //Ā as two different entities. Even if you set up 301 redirects (as we have done above), they only transfer 90-99% of the link content. This is why your rankings can go down in the beginning.
However, after the initial drop, they should increase over time. As mentioned, Google considers the use of SSL to be a positive ranking factor, so if you move your website to HTTPS, it actually makes it more attractive in their eyes. This will benefit you in the long run.
In one wordā¦
Keeping your site and your traffic safe is one of the most important issues for any website owner. Knowing that you can be trusted with your sensitive data is important to consumers. In times of rising data theft, thatās a great asset and HTTPS and SSL are the tools to achieve it.
In addition to showing confidence to consumers, when you move your website to HTTPS, it also allows you to benefit from increased speed and better SEO. Plus, with a free service like Letās Encrypt, cost is no longer a deterrent.
Earlier, you learned how to get a free SSL certificate and implement it on your WordPress website. Weāve walked through the steps necessary to move your entire site to HTTP secure premium, and weāve also discussed other considerations to keep in mind when making the switch.
If you have followed, you can now add HTTPS and SSL to your WordPress website. Know that this is a great investment for the future and where the web is moving. Your visitors, users and your site will thank you.n