Skip to content

How to move WordPress website to HTTPS/SSL?

This How to is more than 2 years old and may be outdated.

Report an error in the How to

Back in 2014 Google announced that HTTPS becomes a ranking signal. In 2020 internet users more often use public wireless networks where attackers can easier steal data. Website owners really should take care about visitor's security and this is why HTTPS is essential for any website.

How to move WordPress website to HTTPS/SSL?

SSL (Secure Sockets Layer) and HTTPS (HyperText Transfer Protocol Secure) enable secure connection between web server and internet browser.

Websites protected with HTTPS have padlock sign next to domain name in address bar, but when website provides very strong security level (banks, payment providers, etc.) address bar is usually completely green.

With HTTPS, there are additional benefits. For example, you can use Geolocation API which doesn't work in Google Chrome since version 50

In 2017 Google said that their Chrome will warn about potentially insecure websites that contain password or credit card fields.

How to get SSL Certificate?

These days, hosting companies provide free auto-generated SSL certificate.

If you want higher level of security, you’ll have to pay between $20 and $200 (directly from hosting company). In such case, ask your hosting provider to install certificate on your server.

Instructions to move WordPress website

Go to Settings > General and add https to the beginning of WordPress Address (URL) and Site Address (URL).

After that, refresh permalinks in Setting > Permalinks. Confirm by clicking to “Save Changes”.

After that go to your wp-config.php and add define('FORCE_SSL_ADMIN', true);

301 redirect

Ad the beginning of .htaccess add following code to force redirection from old (http*) links to new (https*):

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

Update content

Post content field can be update using simple MySQL query:

UPDATE wp_posts SET post_content = REPLACE (
post_content,
'http://www.domain.com',
'https://www.domain.com');

Important: change domain.com and wp_ with appropriate values

Cache

If you use cache plugin, you must clear cache in order to see changes.

If you use WP Super Cache with enabled CDN Support, you must update “Off-site URL” with https at the beginning.

Additional checks

Just in case, check:

  • If you have hardcoded http links in your template files
  • Console to see eventual warnings – F12 on Windows or Cmd+Shift+I on Mac
  • Google Analytics property settings
  • Google Search Console property settings
  • Note: Search console doesn’t support address change from http to https.

    To keep Facebook likes, here is code sample that you can paste to your functions.php if you use All in One SEO Pack plugin (you must adjust date):

    add_filter('aiosp_opengraph_meta','amazy_change_my_og_url', 10, 3);
    
    function amazy_change_my_og_url ($value, $type, $field){
    
        if( $field == 'url' ) {
            if (strtotime(get_the_date("Y-m-d")) < strtotime("2016-12-27")) {
                return preg_replace('/^https:/', 'http:', $value);
            }
        }
    
        return $value;
    }

If you have any questions, you can always ask Daisy for help

Comments 1

Leave a Comment

  1. Lesa Dulle
    06.01.2020 u 08:17h

    This is actually the right blog for anybody who wants to determine about this theme. You realize very much its almost hard to dispute along with you (not i actually wants…HaHa). You certainly put a fresh spin on a subject thats been discussed for a long time. Great products, just great!