Last Updated on 25th August 2021 by Ajmer Singh
Have you been sorting for ways to move your WordPress site from HTTP to HTTPS? This article should guide you on how to move WordPress from HTTP to HTTPS by adding an SSL certificate.
Before we dive deep, I will like to give a clear definition of some terms.
What is HTTP?
HTTP is an acronym that stands for Hypertext Transfer Protocol, It is the fundamental protocol used in the transfer of files online.
It grants internet users the privilege of interacting with web resources by transmitting hypertext messages between clients and users.
Basically, HTTP makes use of the TCP protocol to communicate with servers.
HTTP is not secured because the connection it provides is not encrypted.
Hence, the not secure warning response you receive anytime you navigate to a site without HTTPS.
What is HTTPS?
HTTPS is the secured version of HTTP, it is an acronym that stands for Hypertext Transfer Protocol Secure.
It makes use of an SSL certificate to ensure the secured connection between a user’s browser and a server via an encryption method making it difficult for third parties to invade.
Once the data is encrypted, it is transmitted into numbers and letters that cant be accessed by humans due to their complexity
For instance, you visit a website to buy some product and you provided them with your bank information and some other personal information, the job of HTTPS is to provide a secured connection that protects your data transfer and personal information from third parties.
Why you should move from HTTP to HTTPS
- It was mandated by Google. in 2018, Google released an update that covers the intention of improving web security. similarly, all website owners were encouraged to move from HTTP to HTTPS.
- Google also stated that sites that switched from HTTP to HTTPS will enjoy SEO benefits and higher rankings
- If you are still stuck with HTTP, chrome and other web browsers will notify users that your site isn’t secure for them to navigate. Hence, the need to move your WordPress site from HTTP to HTTPS
Both HTTP and HTTPS are the protocols that are essential criteria to run a website on a secured platform.
The protocol is, however, defined as certain rules and regulations we should follow to make the website and the whole system out of danger.
How to move WordPress from HTTP to HTTPS?
There are two major steps you can take to move your WordPress site from HTTP to HTTPS and I have made a list of them below:
- By using a plugin
- By setting up HTTPS in WordPress manually
By using a plugin
This method is easy to navigate for beginners.
Firstly, visit the plugin section of your site and install the really simple SSL plugin
Read our article on how to install a plugin
Upon activation, navigate to the settings>SSL page.
What the plugin does is detects the SSL certificate of your page automatically and it also helps in setting up your WordPress site to use HTTPS.
The plugin fixes the following issues:
- Detects SSL certificate
- Modifies WordPress to use HTTPS in the URL
- 301 redirect from HTTP to HTTPS
- Fixes contents URL still loading from HTTPS sources
By setting HTTPS in WordPress manually
Backup your site
Whenever you are about to make a major change to your site, what I advise is that you backup your site first. This is because if anything goes wrong, you can always go back to the working version.
Install an SSL certificate
The second approach to moving WordPress from HTTP to HTTPS is to buy an SSL certificate. Most hosting companies offer free SSL certificates for all their users.
If your hosting provider does not offer a free SSL certificate, the only option you have is to purchase it from a different hosting provider and follow their instructions regarding the shift.
Add HTTPS to your WordPress admin area
To add HTTPS to your WordPress admin area, simply visit the wp-config.php file in the root folder of your WordPress site and add the following code above the statement “That’s all, stop editing!”
‘Define (‘FORCE_SSL_ADMIN’ , true);
This on the other hand enables WordPress to force the SSL/HTTPS in your WordPress admin area.
Once this is done, you can verify if it worked by adding HTTPS in your access login.
For instance, https://yoursite.com/wp-admin.
If it worked, your connection will be secured, although you might still see some mixed content error warnings.
Read our article on how to fix mixed content errors in WordPress
You can check out these details to see our guide on the SSL Certificate.
Once your SSL certificate is installed, there are certain changes you need to make on your WordPress site, we will take a look at that in the next step.
Update your WordPress and site address
To update your WordPress and site address, simply go to the settings>general and add https:// to both URLs, then click on the save changes button at the bottom of the page.
The next step in moving your site from HTTP to HTTPS is to update the links in your content that contain the HTTP protocol.
For easy updates, you can make use of the Velvet blues update URL plugin.
During the process of updating links on your content and database, an error that can screw up your site might occur, hence, the need for the backup I stated earlier in this article.
Links that will be altered include:
- Media (Images, audio files, PDF, videos)
- Internal links
- Web fonts
Add the 301 redirects in your .htaccess file
The next step you should take in moving your sites to HTTPS is implementing a redirect that leads visitors to the secured version of your site automatically.
To enable this, we will make use of the .htaccess file that is located in the WordPress root directory of your site.
The file contains settings for permalinks, so it’s very possible you have one already.
To locate it, allow your FTP clients to show hidden files because by default the .htaccess is invisible.
If you don’t have one, simply create a plain text file and name it as .htaccess, then upload it to the WordPress root directory of your site.
With the redirect in place, be rest assured that your visitors will be directed to the HTTPS version of your site.
Cross-check to be sure that none of your content is available in HTTP and HTTPS versions.
Duplicate content poses a threat to your site’s SEO.
Run a test for your site
After the aforementioned steps have been implemented, it’s now time to check that your site functions correctly.
To do this, kindly use the SSL test to do a total check-up of your site.
Simply input your site’s URL and click on the submit button. After this is done, patiently wait for your result.
Once the test is completed, you should also make use of the SSL check to check for leftover images, scripts, CSS, and files that are not secured.
Update your site environment
To be sure that your site has fully moved to HTTPS, there are a few things you should implement, they include;
Ensure that your sitemap is updated
If you have an SEO plugin on your website, your sitemap will be updated automatically.
However, if you use the Yoast SEO plugin, you will need to deactivate and reactivate again, after which you update your sitemap.
Ensure that your HTTPS URL is in robot.txt
Include your site in Google Search Console
Now that your site has moved to HTTPS, it’s now time to create a new profile for the HTTPS version on Google Search Console.
After this is created, submit your new sitemap files with the HTTPS version of your URL.
In addition to this, add the HTTPS version of your site to all the webmaster tools like Bing, Yahoo, Google.
update your site’s CDN
If you use a content delivery network on your site, switching it to SSL is needful.
Update your Google Analytics
Go to your site analytics and update it with the HTTPS version of your URL.
To do this, go to Admin>property settings>default URL
I hope you have learned ways on how to move WordPress from HTTP to HTTPS? There are basically two methods involved in this process.
You can choose to use a plugin or you set it up manually.
While the first option is the best choice for a beginner, experts can navigate the second option, however, I will advise you to go with any of the options you prefer.
Above all, the main reason for the HTTPS connection is to ensure a secured communication for users when they access your site.
Have any recommendations, suggestions, ideas? please use the comment section.
People also search for:
Ajmer Singh is the Founder & Author of Findmytricks. He is a Passionate Blogger, Content writer & WordPress developer. He loves sharing content related to WordPress and Blogging. He enjoys playing games in his free time.
1. “Be yourself. Everyone else is already taken.”
2. “First, learn the rules, then break them”