The buzz about Google Chrome marking all HTTP sites as “Not secure” has spread a certain amount of panic among the non-techie WordPress users & the site owners. Well yes, it’s true that in Chrome 68 (releasing in July’18), the omnibox will display “Not secure” for all HTTP pages. But, with this easy-peasy guide, you will learn how to migrate your WordPress site from HTTP to HTTPS.
INDEX
- What is HTTP & HTTPS?
- Benefits of HTTPS
- Before Migration Steps
- Migration from HTTP to HTTPS
- After Migration Steps
- Bonus Tip
1. What is HTTP & HTTPS?
In a simpler word, Hypertext Transfer Protocol (HTTP) is a communication method between a web browser and a web server. Whereas Hypertext Transfer Protocol Secure (HTTPS) is a method which uses an encrypted HTTP connection by transport-layer security. That means all the communication over HTTPS is encrypted ensuring the secured flow of private information over the web.
2. Benefits of HTTPS
There is hardly any downside switching to HTTPS. Following points may clear the doubts:
- SEO: Google confirmed that websites would not lose rankings when moved to HTTPS.
- Security: The communication between a web browser & a web server will be secured.
- Performance: Leverage the benefits of HTTP/2 to further improve the site performance.
Migration from HTTP to HTTPS
3. Before Migration:
1) Take a backup using one of the following recommended plugins. You can get away with only database backup but if you are not maintaining the regular site backups then it’s highly recommended that you take a full backup.
- UpdraftPlus – It’s a freemium plugin & I personally use it. The only downside is you need extra disk space & enough server resources when it is compressing the files before sending them to the remote location.
- WP Time Capsule – It use to be a freemium plugin but they have recently pulled down the free option. Nevertheless, this is one of the best options if you want an incremental backup tool with quick restore points. They are offering a lifetime license for a limited period of time. If you are already registered with Host My Blog then contact us for an exclusive deal on WPTC lifetime license.
- BlogVault – This is one of the high-end premium backup plugins. You can automate the incremental backups, stage the site, restore to any previous date etc…and all this without putting any load on your hosting server. This is one of our options to ensure daily backups for the clients with Annual WordPress Support & Maintenance. We also use their security (WAF) product viz MalCare.
2) SSL Certificate should be installed on your hosting server. Thanks to Let’s Encrypt which has changed the game by launching the Free SSL Certificate. There are web hosts providing free SSL with their hosting plans however few are still reluctant to implement Free Let’s Encrypt SSL on their servers. Check if your hosting provider offers the Free SSL.
I personally recommend the following 3rd party hosting providers that offers free SSL certificate with their hosting plans:
- A2 Hosting – They have options to choose between Apache Web Server & faster LiteSpeed Server. If you have a growing site, definitely go with their Turbo Plan with 50% discount on your first bill. They also offer anytime money back guarantee & multiple data centers to choose from.
- Siteground – They have excellent chat support & reliable servers. They offer almost 60% discount on their first invoice. However, their renewal cost is a bit high.
If for any reason you can’t switch your current hosting provider, then either check Positive SSL by Comodo (check with your hosting provider to see if your site is hosted on SNA Enabled Server which is required to install the CA Bundle via cPanel) OR the last option is using Flexible SSL by Cloudflare. These 2 options are only recommended for blogs & personal sites.
4. Steps to Migrate WordPress site from HTTP to HTTPS:
Once you have taken the backup & ensured the SSL certificate on your server – you can now move ahead with the actual migration process.
1) Go to your self-hosted WordPress Dashboard -> Settings -> General. Update the WordPress Address (URL) & Site Address (URL) from http://yourdomain.com to https://yourdomain.com
2) Go to Plugins -> Add New -> Search & Install Better Search Replace Plugin
3) Now, go to Tools -> Better Search Replace -> Search for http://yourdomain.com & Replace with https://yourdomain.com -> Select all tables -> Run Search/Replace*
*Always keep the Run as dry run option checked when running the first search-replace.
You can remove the plugin after successfully replacing the URLs.
4) 301 Redirect all your incoming HTTP links to HTTPS by putting the following snippet into your .htaccess file. Go to cPanel -> File Manager -> .htaccess -> Edit & Save
# BEGIN SSL REDIRECT RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # END SSL REDIRECT
If everything goes fine, you will see a green padlock in the browser address bar.
5. After Migration:
1) There are chances that you may not see a green padlock the first time you enable SSL. This is due to the mixed contents on your web page. It means that one or more of your images, css, js etc files are being served from an HTTP. To identify the mixed content you can enter the URL on WhyNoPadLock site & update the Mixed Content Errors to serve from HTTPS. As per our experience with blogs, mostly these are images on your sidebar. The moment you update the protocol from http:// to https:// – it is resolved.
Some prefer Really Simple SSL to force HTTPS & fix mixed content errors but that is not updating your database. You want to update all your URLs to HTTPS & not just depend on a script to mask it. Besides, this whole plugin process can affect your site’s performance too.
2) If you are using CDN then update the Origin URL to HTTPS.
3) Add the HTTPS property to Google Search Console.
Go to Search Console Dashboard -> Click on Add A Property -> Enter Full URL with HTTPS -> Add & Verify the Property (using the preferred method).
Next is to add an updated Sitemap to the newly added property in Search Console. I use SEOPress Plugin for OnPage & it has generated an XML Sitemap.
4) Finally, it’s time to update the Google Analytics. You may experience some ranking/traffic fall but nothing to worry about it, as everything should get back to normal shortly if everything is done right.
Go to Goggle Analytics Dashboard -> Admin -> Property -> Property Settings -> Update Default URL to HTTPS
Then go back, View -> View Settings -> Update Website’s URL to HTTPS
6. Bonus Tip
Before you call it all done, make sure you change the site version to HTTPS on your social accounts & other places like Adwords, your backlinks from other websites (as you notice) etc.
Lastly, if you are using a social share plugin, you may notice that the share counts have been reset to zero. The ‘share count recovery’ is a premium feature on most of the known plugins. If the counts are really important for you then I recommend Easy Social Share Buttons for WordPress Plugin that will cost you $22 for a lifetime license. It comes with a share count recovery & other important modules.
Your Experience
So, have you migrated your WordPress site from HTTP to HTTPS? Would you like to share your personal experience & what would you like to learn next?
Professional Assistance
Does this intimidate you? We got your back. We offer this service to our customers.
Nice write up Raj!
Thanks Todd…your inputs really helped – edited few last bits.
Thanks for this really helpful blog.