Move Your Website From HTTP to HTTPS

These days we share sensitive data like credit card details, login credentials, email addresses, and other details every day on the internet dozens of times.

To secure all those details, HTTPS was developed by Netscape Corporation to allow authorization and secure transactions.

Encryption is the process which replaces plain text ( like passwords and credit card details ) with random alphanumeric text which is unreadable and will be very difficult to make sense of if someone intercepts them.

That is why it’s really important to move your site from HTTP to HTTPS as soon as possible.

Along with this benefit, Google has officially announced that SSL certificates will work as a ranking factor in their search result.

So it’s a win-win situation for you if you get an SSL certificate for your website which will also improve your site SEO.

Back-Up Your Website

Whenever you are making major changes to your site it’s really essential to keep the backup of your entire website.

In case, if something goes wrong (that we don’t want to be) you can go back and restore your website easily.

I am using Updraft Plus, one of the best plugins to back up my site automatically.

You can give it a try (it’s free).

Buy SSL Certificate

Getting and implementing an SSL certificate is not that difficult, but how easy or difficult this process is going to totally depends on your host provider.

Why Host Provider?

Only a few host provider provides free Global SSL certificate (usually cost $50) and will do all the customization and implementation process to install an SSL certificate on your behalf.

Fastcomet, the host I am using is fabulous and they are the best. I mean along with the hosting package they will provide you:

• Domain name
• Global SSL certificate
• Let’s Encrypt SSL option
• CDN
• Private DNS
• Best customer support
• and much more at no extra cost to you

That is why it is bearing a 9.5 rating out of 10.

If your host provider does not offer a free Global SSL certificate like Fastcomet then you can ask them if they sell any third-party SSL certificate.

Once you purchase a Global SSL certificate, you will have to ask your host provider to install it on your server.

This is a pretty straightforward process. Once they set up your certificate you will have to make a few changes to your WordPress website. That we will see in the next step.

However, we do have an option of let’s encrypt, a free open certificate that aims to provide an SSL certificate to the general public.

It’s become so popular that some hosting company has already started offering built-in SSL set-up right from their c-panel.

So you can also check with your host provider if they offer “let’s encrypt”.

How To Set Up Free SSL With Let’s Encrypt On Fastcomet

I am taking the example of my host provider.

Fastcomet is one of the best hosting companies that offer built-in integration of free SSL.

To get it, simply go to the cPanel and scroll down to the security section. There you will have to click on the Let’s Encrypt icon.

Upon clicking you will be asked to choose the domain name where you want to install free SSL.

Choose it wisely and click on the ISSUE button next to it.

Once it’s finished you will see a success message.

That’s all, you have successfully installed Let’s Encrypt SSL on your WordPress website.

But wait a minute…

We have not done it yet. We still have to do some customization on our WordPress website to use it.

There are two ways to do so…

1. Set up each part manually ( technical knowledge required)
2. Install a Really simple SSL plugin ( It takes care of everything )

Really Simple SSL plugin will automatically detect your SSL certificate and will do all the necessary setup for your website.

In most cases, you will not have to make any changes. This plugin will fix all the setups that we do manually.

Anyway, I will also take you through the manual steps.

If you feel that the below steps are too technical, just install Really Simple SSL and you are all set.

Here we go…

1. Add HTTPS To The WordPress Admin Area

This is the first place where we will make changes to secure our website. Securing the back end makes sure that whenever a user logs in, their information is exchanged securely.

To do so, open wp-config.php in your WordPress root folder and add the below line of code.

define(‘FORCE_SSL_ADMIN’, true);

Once you update the file it’s time to check if it works. For that login to your WordPress admin panel (backend) by adding HTTPS in the URL.

I mean instead of http://yoursitename.com/wp-admin

you have to type…

https://yoursitename.com/wp-admin.

If it works properly then you are all set and we will continue.

2. Change Website Address

A website without an SSL certificate uses HTTP protocol and is not secured and looks like this:

HTTP://www.elegantespace.com

Whereas a secured version of the site which uses an SSL certificate looks like

HTTPS://www.elegantespace.com

This is what we are going to change. Without this step, you will not be using SSL and your site will not be ready to collect sensitive data.

Having said that let’s see how we will achieve it:

First of all, go to the WordPress admin area and click on Settings followed by General.

There you have to update the WordPress URL and Site URL with HTTPS.

For reference check the below screenshot.

3. Implement 301 Redirects In .htaccessbout

If you are implementing SSL to your existing site then “301 redirects” is very important.

Implementing 301 redirects ensures that all the link which has already been shared on the internet with the HTTP version will automatically redirect to the secure version of your website i.e. HTTPS.

To do so add the following code to your .htaccess files

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you are on the NGINX server, then you have to add the below line of codes in your .htaccess files.

server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}

That’s it you are all set. Now all your visitors (including Google bots) will automatically land on your secured version of your WordPress website.

Additional HTTPS Setups – Update Your Site Environment

1. Add Site To Google Search Console

Since we have updated our site to the HTTPS version, it’s our duty to go to every webmaster tool and add the HTTPS version of our site as a new property.

For Google webmaster tools simply go to Google Search Console profile and click on Add a Property.

A new pop-up window will open, enter the URL of your website followed by HTTPS then click on “Continue” and follow all the steps.

For more details on adding properties check my guide on Google Search Console.

2. Update Sitemap

Ideally, if you are using the Yoast SEO plugin on your WordPress website then the sitemap will get updated automatically. However, it doesn’t always work that way.

For that continue with the Google Search Console profile and follow the below steps (for reference see the below screenshot):

• Click on the Website URL
• Go to the sitemap option
• Once you click on sitemap you will get an option of Add/ Test sitemap, click on that
• Paste sitemap_index.xml
• Submit

The same process will go with Bing Webmaster Tools and Yandex Webmaster Tools.

3. Update Google Analytics Settings With HTTPS

If you have embedded Google Analytics on your WordPress website, then you need to update its settings with HTTPS. To do so follow the below steps:

• Go to the Google Analytics dashboard
• Click on Admin
• Go to Property settings
• From the “Default URL” drop-down choose HTTPS and save the changes.

4. Misc Updates

• Update your canonical tags
• Update any third-party PPC URLs (AdWords, Bing Ads, etc.)
• Update Email Marketing Tools (MailChimp, Aweber, etc.)
• Update any other Tools

5. Test Your Site

So by now, we are all set now it’s time to test if everything works correctly.

For that go ahead to SSL shopper and SSL lab. Enter your domain name and check the result.

It will give you an overall score and details of your installed SSL certificate.

Summary

As you have noticed there is a lot that goes into an HTTP to HTTPS migration.

It may look very tough but if you follow this guide you will make your website secure which is the most important thing for any website owner.

Besides securing and gaining trustworthiness having an SSL certificate installed on your website improves your site speed and SEO.

I hope this guide helped you in installing and adding an SSL certificate to your WordPress Website.

Share your experience in moving your website from HTTP to HTTPS in the comment section.