How to change http to https in WordPress website
Last Updated on 13th January 2022 by Ajmer Singh
Have you been sorting for ways to move your WordPress site from HTTP to HTTPS? This article should guide you on how to change HTTP to HTTPS in WordPress website by adding an SSL certificate.
Before we dive deep, I will like to give a clear definition of some terms.
What is HTTP?
HTTP is an acronym that stands for Hypertext Transfer Protocol, It is the fundamental protocol used in the transfer of files online.
It grants internet users the privilege of interacting with web resources by transmitting hypertext messages between clients and users.
Basically, HTTP makes use of the TCP protocol to communicate with servers.
HTTP is not secured because the connection it provides is not encrypted.
Hence, the not secure warning response you receive anytime you navigate to a site without HTTPS.
What is HTTPS?
HTTPS is the secured version of HTTP, it is an acronym that stands for Hypertext Transfer Protocol Secure.
It makes use of an SSL certificate to ensure the secured connection between a user’s browser and a server via an encryption method making it difficult for third parties to invade.
Once the data is encrypted, it is transmitted into numbers and letters that cant be accessed by humans due to their complexity
For instance, you visit a website to buy some product and you provided them with your bank information and some other personal information,
the job of HTTPS is to provide a secured connection that protects your data transfer and personal information from third parties.
Why you should move from HTTP to HTTPS?
- It was mandated by Google. in 2018, Google released an update that covers the intention of improving web security. similarly, all website owners were encouraged to move from HTTP to HTTPS.
- Google also stated that sites that switched from HTTP to HTTPS will enjoy SEO benefits and higher rankings
- If you are still stuck with HTTP, chrome and other web browsers will notify users that your site isn’t secure for them to navigate. Hence, the need to move your WordPress site from HTTP to HTTPS
Both HTTP and HTTPS are the protocols that are essential criteria to run a website on a secured platform.
The protocol is, however, defined as certain rules and regulations we should follow to make the website and the whole system out of danger.
How to change HTTP to HTTPS in WordPress website?
There are two major steps you can take to move your WordPress site from HTTP to HTTPS and I have made a list of them below:
- By using a plugin
- By setting up HTTPS in WordPress manually
By using a plugin
This method is easy to navigate for beginners.
Firstly, visit the plugin section of your site and install the really simple SSL plugin
Read our article on how to install a plugin
Upon activation, navigate to the settings>SSL page.
What the plugin does is detect the SSL certificate of your page automatically and it also helps in setting up your WordPress site to use HTTPS.
The plugin fixes the following issues:
- Detects SSL certificate
- Modifies WordPress to use HTTPS in the URL
- 301 redirect from HTTP to HTTPS
- Fixes contents URL still loading from HTTPS sources
By setting HTTPS in WordPress manually
Backup your site
Whenever you are about to make a major change to your site, what I advise is that you backup your site first. This is because if anything goes wrong, you can always go back to the working version.
Install an SSL certificate
The second approach to moving WordPress from HTTP to HTTPS is to buy an SSL certificate. Most hosting companies offer free SSL certificates for all their users.
If your hosting provider does not offer a free SSL certificate, the only option you have is to purchase it from a different hosting provider and follow their instructions regarding the shift.
Add HTTPS to your WordPress admin area
To add HTTPS to your WordPress admin area, simply visit the wp-config.php file in the root folder of your WordPress site and add the following code above the statement “That’s all, stop editing!”
‘Define (‘FORCE_SSL_ADMIN’ , true);
This on the other hand enables WordPress to force the SSL/HTTPS in your WordPress admin area.
Once this is done, you can verify if it worked by adding HTTPS in your access login.
For instance, https://yoursite.com/wp-admin.
If it worked, your connection will be secured, although you might still see some mixed content error warnings.
Read our article on how to fix mixed content errors in WordPress
You can check out these details to see our guide on the SSL Certificate.
Once your SSL certificate is installed, there are certain changes you need to make on your WordPress site, we will take a look at that in the next step.
Update your WordPress and site address
To update your WordPress and site address, simply go to the settings>general and add https:// to both URLs, then click on the save changes button at the bottom of the page.
The next step in moving your site from HTTP to HTTPS is to update the links in your content that contain the HTTP protocol.
For easy updates, you can make use of the Velvet blues update URL plugin.
During the process of updating links on your content and database, an error that can screw up your site might occur, hence, the need for the backup I stated earlier in this article.
Links that will be altered include:
- Media (Images, audio files, PDF, videos)
- Internal links
- Web fonts
Add the 301 redirects in your .htaccess file
The next step you should take in moving your sites to HTTPS is implementing a redirect that leads visitors to the secured version of your site automatically.
To enable this, we will make use of the .htaccess file that is located in the WordPress root directory of your site.
The file contains settings for permalinks, so it’s very possible you have one already.
To locate it, allow your FTP clients to show hidden files because by default the .htaccess is invisible.
If you don’t have one, simply create a plain text file and name it as .htaccess, then upload it to the WordPress root directory of your site.
With the redirect in place, be rest assured that your visitors will be directed to the HTTPS version of your site.
Cross-check to be sure that none of your content is available in HTTP and HTTPS versions.
Duplicate content poses a threat to your site’s SEO.
Run a test for your site
After the aforementioned steps have been implemented, it’s now time to check that your site functions correctly.
To do this, kindly use the SSL test to do a total check-up of your site.
Simply input your site’s URL and click on the submit button. After this is done, patiently wait for your result.
Once the test is completed, you should also make use of the SSL check to check for leftover images, scripts, CSS, and files that are not secured.
Update your site environment
To be sure that your site has fully moved to HTTPS, there are a few things you should implement, they include;
Ensure that your sitemap is updated
If you have an SEO plugin on your website, your sitemap will be updated automatically.
However, if you use the Yoast SEO plugin, you will need to deactivate and reactivate again, after which you update your sitemap.
Ensure that your HTTPS URL is in robot.txt
Include your site in Google Search Console
Now that your site has moved to HTTPS, it’s now time to create a new profile for the HTTPS version on Google Search Console.
After this is created, submit your new sitemap files with the HTTPS version of your URL.
In addition to this, add the HTTPS version of your site to all the webmaster tools like Bing, Yahoo, Google.
update your site’s CDN
If you use a content delivery network on your site, switching it to SSL is needful.
Update your Google Analytics
Go to your site analytics and update it with the HTTPS version of your URL.
To do this, go to Admin>property settings>default URL
FAQS about http to https switch!
Q: Can I still use my old website if I switch to https?
A: Yes! Your plan will not change, nor will your link. You can keep everything as-is during the whole process. There is no downtime involved with switching from HTTP to HTTPS.
Q: Will my Google rankings drop if I switch from http to https?
A: No. HTTPS is actually a ranking signal for Google, so your rankings will potentially improve after the switch.
Q: Do I need to buy a new SSL certificate?
A: No. Your current SSL certificate will still work with the new HTTPS website. You can even use the same certificate on both versions of your website (HTTP and HTTPS).
Q: What if I don’t have an SSL certificate?
A: You will need to get an SSL certificate. This is a requirement for HTTPS websites. An SSL certificate encrypts the data between your website and your visitors, making it more secure.
Q: How long does the changeover take?
A: You can switch from HTTP to HTTPS in a matter of minutes. All you really need to do is update your website’s URL and redirect people from HTTP to HTTPS, and vice versa.
Q: What happens if I forget about it and my existing http traffic gets redirected to https automatically (or vice versa)?
A: If there is a mismatch between your HTTP and HTTPS versions (e.g. you have forgotten to redirect traffic), this can cause errors on your website.
It’s important to make sure that all of your URLs point to the same version of your website (either HTTP or HTTPS). This will help prevent any errors from occurring.
Q: What happens if I switch my URL, but forget to redirect traffic properly?
A: If you’ve switched your website’s URL (e.g. https://www.mywebsite.com), your visitors will automatically be redirected to the new HTTPS version of your site, if they try accessing a non-HTTPS version.
However, if you’ve mistakenly switched your website from HTTPS to HTTP (e.g. http://www.mywebsite.com), your visitors will not be able to access your website, as it is only available via HTTPS.
It’s important to make sure that all of your URLs are pointing to the correct version of your website (either HTTP or HTTPS).
Q: What is the difference between http and https?
A: HTTP is a protocol for exchanging information over the internet.
HTTPS (HTTP Secure) is a version of HTTP that uses encryption to protect information exchanged between a user’s computer and a website. This helps ensure that data cannot be intercepted by third parties.
Q: How can I get a free SSL certificate?
Q: Do I need to pay for SSL?
A: Yes, you will have to buy an SSL certificate. Usually, they are charged on a yearly basis.
Q: What are the benefits of using HTTPS?
A: The main benefit of using HTTPS is that it helps keep your website data secure. It also helps protect your site visitors’ privacy.
Q: How to fix the mixed content errors?
A: Mixed content errors occur when your HTTPS site loads resources from an HTTP URL. To solve this issue, you can follow this tutorial on How to Fix Mixed Content Issues In WordPress.
Q: I’m having trouble getting my SSL certificate to work. What can I do?
A: If you’re having trouble getting your SSL certificate to work, you can contact your hosting provider for help.
Q: I’m having problems with HTTPS, what do I do?
A: If you’re having issues with HTTPS, contact WordPress support or your hosting provider for help.
Q: How to fix the problem of insecure content?
A: In order to solve this issue, you can follow this tutorial on How To Fix Insecure Content ProblemIn in WordPress.
Q: How can I stay updated on SSL changes?
A: Subscribe to Google’s webmaster blog to keep yourself abreast of the latest development in HTTPS and web security.
Q: What happens if someone visits my website using HTTP when it was originally accessed via HTTPS?
A: If a user accesses your website using HTTP, they’ll be redirected to the HTTPS version of the website.
I hope you have learned ways on how to move WordPress from HTTP to HTTPS? There are basically two methods involved in this process.
You can choose to use a plugin or you set it up manually.
While the first option is the best choice for a beginner, experts can navigate the second option, however, I will advise you to go with any of the options you prefer.
Above all, the main reason for the HTTPS connection is to ensure secured communication for users when they access your site.
Have any recommendations, suggestions, ideas? please use the comment section.
People also search for:
Ajmer Singh is the Founder & Author of Findmytricks. He is a Passionate Blogger, Content writer & WordPress developer. He loves sharing content related to WordPress and Blogging. He enjoys playing games in his free time.
CONTACT: [email protected]
1. “Be yourself. Everyone else is already taken.”
2. “First, learn the rules, then break them”