Successfully moving WordPress to HTTPS

October 30, 2017
Author: Hamster, www.hostens.com

If you are serious about your site security and your visitor data, you should secure it with a HTTPS protocol. In this article we are going to take a closer look at the process of creating and signing an SSL certificate, and installing it to your WordPress site.

Why HTTPS?

HTTPS is a secure protocol for exchanging data between your site and its visitors. It allows you to encrypt all traffic between your web server and your client’s browser. This prevents malicious users and ISPs from changing or viewing such data as passwords, credit card numbers, and e-mail addresses.

In August 2014, Google’s search giant announced that the availability of HTTPS protocol support is already one of the determining factors in search results ranking. However, it is worth mentioning that after connecting to HTTPS your site will not “soar” in search results, since the presence of HTTPS is not the only and not the most significant ranking factor. Together with other similar indicators, Google will give preference to a secure site.

SSL Certificates

To configure HTTPS on your site, you will first need to purchase an SSL certificate. We recommend you only considering large and trusted SSL certificate providers, such as Comodo, Thawte, VeriSign, and GeoTrust. Most often, certificates from these vendors can be purchased from your hosting provider or a domain name registrar, such as Hostens.

Redirecting HTTP to HTTPS:

Now that you have installed the SSL certificate, it’s time to redirect all HTTP traffic to HTTPS. Fortunately, there’s a WordPress plugin just for that called Really Simple SSL. It detects the existing settings and configures your website to run over HTTPS.

Once you have redirected all your traffic to HTTPS, you also need to update image links. You can change your links to images manually in the database, but be warned: if you make any mistake, your site may stop working. Instead, you can use a free WordPress plugin called Better Search Replace which does this job automatically. Once you have installed it, navigate to the WordPress dashboard Tools section and select the Better Search Replace plugin. Click on Search/Replace and under Search for enter the old WordPress domain address, and click under Replace to enter the new HTTPS address. Once you’ve selected the necessary tables, simply click Run Search/Replace.

Check for Mixed Content Warnings

When you move to HTTPS, the biggest challenge you’ll experience is preparing your content for secure connections. When a page is loaded via HTTPS, all the elements, such as images or JavaScript files, need to be loaded via HTTPS as well. If you don’t do that, you’ll end up getting a lot of mixed content warnings. The easiest way to check your WordPress website is to use the SSL Check tool, which crawls through your website a looks for insecure elements, such as images and JavaScript. Once they are found, you should replace them with HTTPS equivalents.

Updating the Google Search Console Profile

Now that your website is running on HTTPS, the next step is to create a new HTTPS version of the Google Search Console profile. When you are done creating the new profile, it’s time to re-submit the sitemap files. Those who have a disavow file, need to update it as well. Simply go to the Google’s Disavow Tool, select your old HTTP profile and download the file. Open the tool again, only this time you’ll have to submit the HTTPS version of the disavow file.

Updating Google Analytics

Finally, you need to update your Google analytics. This does not affect the analytics data, but it does, however, help when you have to link your WordPress website to the Google Search Console. All you have to do is click on the domain property settings and change the default URL to HTTPS version. Do the same for the view settings and remember to re-link the newly created Search Console Profile with the Analytics account.

Have any questions? Do not hesitate to contact us!