How to move WordPress website to HTTPS/SSL?
This How to is more than 2 years old and may be outdated.
Back in 2014 Google announced that HTTPS becomes a ranking signal. In 2020 internet users more often use public wireless networks where attackers can easier steal data. Website owners really should take care about visitor's security and this is why HTTPS is essential for any website.
SSL (Secure Sockets Layer) and HTTPS (HyperText Transfer Protocol Secure) enable secure connection between web server and internet browser.
Websites protected with HTTPS have padlock sign next to domain name in address bar, but when website provides very strong security level (banks, payment providers, etc.) address bar is usually completely green.
With HTTPS, there are additional benefits. For example, you can use Geolocation API which doesn't work in Google Chrome since version 50
In 2017 Google said that their Chrome will warn about potentially insecure websites that contain password or credit card fields.
Chrome will start marking some HTTP sites as non-secure beginning in January. Get ready! https://t.co/3nglDuwFls pic.twitter.com/tBzz0E9lWh
— Adrienne Porter Felt (@__apf__) September 8, 2016
How to get SSL Certificate?
These days, hosting companies provide free auto-generated SSL certificate.
If you want higher level of security, you’ll have to pay between $20 and $200 (directly from hosting company). In such case, ask your hosting provider to install certificate on your server.
Instructions to move WordPress website
Go to Settings > General and add https to the beginning of WordPress Address (URL) and Site Address (URL).
After that, refresh permalinks in Setting > Permalinks. Confirm by clicking to “Save Changes”.
After that go to your wp-config.php and add define('FORCE_SSL_ADMIN', true);
301 redirect
Ad the beginning of .htaccess add following code to force redirection from old (http*) links to new (https*):
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
Update content
Post content field can be update using simple MySQL query:
UPDATE wp_posts SET post_content = REPLACE (
post_content,
'http://www.domain.com',
'https://www.domain.com');
Important: change domain.com and wp_ with appropriate values
Cache
If you use cache plugin, you must clear cache in order to see changes.
If you use WP Super Cache with enabled CDN Support, you must update “Off-site URL” with https at the beginning.
Additional checks
Just in case, check:
- If you have hardcoded http links in your template files
- Console to see eventual warnings – F12 on Windows or Cmd+Shift+I on Mac
- Google Analytics property settings
- Google Search Console property settings
Note: Search console doesn’t support address change from http to https.
To keep Facebook likes, here is code sample that you can paste to your functions.php if you use All in One SEO Pack plugin (you must adjust date):
add_filter('aiosp_opengraph_meta','amazy_change_my_og_url', 10, 3);
function amazy_change_my_og_url ($value, $type, $field){
if( $field == 'url' ) {
if (strtotime(get_the_date("Y-m-d")) < strtotime("2016-12-27")) {
return preg_replace('/^https:/', 'http:', $value);
}
}
return $value;
}
If you have any questions, you can always ask Daisy for help
This is actually the right blog for anybody who wants to determine about this theme. You realize very much its almost hard to dispute along with you (not i actually wants…HaHa). You certainly put a fresh spin on a subject thats been discussed for a long time. Great products, just great!