Guide to Moving your WordPress Website to HTTPS / SSL	2.0/5.0 (3 votes total) Rate: Select 1 - Terrible 2 - Poor 3 - Average 4 - Good 5 - Outstanding
Catherrine Garcia August 02, 2019

With numerous data breach incidents taking place even at the end of data biggies such as Google and LastPass, the digital world of websites and online shopping seems to be getting tougher to secure now more than ever. With such highly sensitive data being stored on the cloud and exchanged through, it is definitely a time to stay alert and cautious about our Internet safety and security. And if you are a website owner or someone who runs an online store, you are under a compulsive obligation to secure information for everyone else who interacts with your website.

For implementing enhanced security for your website, you must ensure that your website is rightly equipped to tackle all the confidential information that is exchanged through it, in the form of transactional details or other sensitive user data.

One way of ensuring that is by moving your WordPress website to HTTPS and get SSL encryption as well. If you are someone who is not very technical, this guide will help you navigate through this change and implement the required security upgrade. So, let’s dive into the guide, but let’s begin with the basics first.

What is HTTPS and SSL?

HTTPS stands for HyperText Transfer Protocol Secure. This encryption type secures the communication between the browser and the web server. This kind of encryption ensures that the transferred data between the browser and the web server is in an encrypted format instead of the hypertext format (which is the case in an HTTP website) to prevent hacker access and data theft or modification.

SSL: To establish this encrypted connection, an HTTPS connection uses the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. SSL simply ensures that the transferred data is encrypted and private. This encrypted information exchange using SSL Certificate to enable HTTPS, SSL and TLS is called Public Key Infrastructure (PKI). TLS is the new version of SSL.

Why move your website to HTTPS/SSL?

Browsers are now encouraging websites to secure their connection for the sake of Data Integrity, Privacy and Security, Faster Performance and other SEO benefits. Here are the reasons as to why you should move your website to HTTPS:

• If your website is an online store and it is handling Sensitive user Information for online purchases.
• HTTPS sends a semantic message to your clients and site visitors that your website is trustworthy and authentic.
• HTTPS helps your website with its loading speed as well.
• HTTPS encryption is good for your site’s SEO because search engines favor website that use HTTPS. Also, having an SSL certificate is now a ranking factor.

Now, let’s get into the guide to help you move your website to HTTPS. Here are the steps that you need to follow:

Backup your Website: Just like every other time when you introduce a change to your website, it is important to backup your website data. This is important so that you can restore your existing website in case something goes wrong and your website breaks down. In case you face any trouble, you can easily ask for help from WordPress professionals.

Get your SSL Certificate: An HTTPS connection is established with the help of an SSL certificate. Hence, you need to get an SSL certificate. If your host provides the option of moving your site to HTTPS, that’s great. You can ask them to help you with the migration. If not, you can get your SSL through various SSL providers available.

Alternatively, you can get your hands on the Really Simple SSL WordPress plugin to get rid of the technical jargon.

Add HTTPS to the WordPress Admin Area: Moving your WordPress backend over to HTTPS is the next step. You simply need to open wp-config.php in your WordPress root folder and go to the point where it reads That’s all, stop editing!

Now add the following line just before that:

define('FORCE_SSL_ADMIN', true);

To check if the addition was successful, you simply need to login via https://yoursite.com/wp-admin. If you are able to get in, you can move to the next step.

Site Address update for HTTPS: Simply go to Settings > General and make the change by adding https:// to the beginning of both the WordPress address and site address. Save the change.

Change links to // instead of https:// The next step is about changing the links in your Content as well the Templates. You need to get rid of the old HTTP protocol. Elements such as the Images, videos, audio, Web fonts, iframes, JavaScript and CSS files or assets and other Internal links need to be taken care of. A plugin to update the URLs on your site can be highly useful here. Velvet Blues Update URLs is a recommended plugin for the same.

301 Redirects: Redirects are elements that can render your change useless, if not taken care of. Now, it’s time to successfully send your site visitors over to the secure version. This can be done though 301 redirects using .htaccess. Go to your .htaccess file and add the following lines to it:

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

</IfModule>

Test Run: It is very likely to happen that your SSL implementation might not turn absolutely okay in this attempt. So, you must test to see if everything works fine. Just head to SSL Test, enter your site’s address and click on Submit. You can check for additional SSL errors using the website SSL Check.

Once everything has been taken care of, you can now go ahead and update your site’s sitemap and CDN. It is also important to add the HTTPS version of your site to every webmaster tool you use. Also, add the new prefix to your Analytics URL by visiting Admin > Property Settings > Default URL.

Conclusion:

When Google confirmed that websites would lose rankings if not moved from HTTP to HTTPS, many website owners acted as per this security call. However, many failed to do so. As of the past July 2018, Google marked the deadline for HTTPS implementation and began displaying a “not secure” label in the address bar of the websites that failed to comply.

If yours is one such website, let us tell you that the “not secure” label is killing your website gradually. Hence, migrating to HTTPS is important now more than ever. Once done with the steps mentioned above, you will be able to effectively move your WordPress website to HTTPS/SSL and make it more secure and authentic for your site visitors.

Hosting Bookmarks