Google’s SEO push, WordPress’ plea, and the Internet’s overall positive response to HTTPS. If all this does not make you move your WordPress website from HTTP to HTTPS, nothing ever will.
If you have decided to move your website to HTTPS, congrats. That’s such an ideal situation in today’s botnet and malware infested cyberspace. But, hey! Anything technical with a WordPress website is like cutting the wire of a ticking bomb. You better be double sure or have expert guidance within reach.
That expert guidance within reach is what this blog is all about. We are going to give you a quick take (exactly 8 steps) on how to move your WordPress website from HTTP to HTTPS.
Let’s dive in. first, the basics - back up your data.
#1 Backup Your Data
Have you moved into a new home of late? Well, moving a WordPress website to an HTTPS domain is just the same. It can be nerve-racking if you are not well-organized. And, you might also forget or lose some valuable things (data) when moving out. Don’t let that happen. Make sure you have a perfect copy of your latest data stored and stashed somewhere safe before the ‘moving out’ process begins.
#2 Get an SSL Certificate
I should have told this first. You can’t move your WordPress website to HTTPS without getting an SSL certificate. SSL certificate is the key component, which when installed and configured in your website backend will make it HTTPS-enabled, or in other words, more secure.
There are various types of SSL certificates. Depending on the level of validation they provide, SSL certificates can be segregated into Domain Validation SSL certificate, Extended Validation, and Organization Validation SSL certificate.
If you are running a personal blog, go for a DV. If you have a website that collects any kind of payment, personal information and such sensitive information, an EV SSL certificate is recommended. You can get SSL certificates from two sources - straight from the Certificate Authorities or from resellers like SSL2BUY.
#3 Configure SSL Certificate in your Admin Panel
To configure an SSL certificate on your admin panel, head to wp-config.php and enter the following code:
Conduct a dry run to test if the certificate is working fine. You can check if it is working fine by accessing your website’s admin login URL with the HTTPS prefix. For eg: https://websitename.com/wp-admin.
#4 Update the website address
Now that the backend is taken care of, it is time to update your website address so that it works fine for your customers too. After all, it is to ensure a secure browsing experience for your website that you are upgrading to HTTPS.
To update the HTTPS website address, head to Settings > General.
There, you will see the option to give your WordPress URL as well as site address. Update HTTPS as a prefix to your website URL to make it truly HTTPS. Save the changes, log out and log in to make the changes effective.
#5 Update your Content & Template Links
Your HTTPS WordPress website will work fine only if all the content and templates within it are also updated to HTTPS. Want to know of an easier way of doing it? Well, you are in for luck. There are tons of WordPress themes and plugins that make it easy to update all the content and templates to HTTPS.
Caution: If you mess up anything in updating the content, it could cause a total breakdown of your website. But, if you haven’t forgotten to secure your backup, you can always put things back together.
#6 Setup 301 Redirects
A 301 redirect is used to send users to a different a URL from the one they actually visited. It is best used to redirect your users who could be logging into the HTTP version to the new HTTPS version. Setting up 301 redirects are important since they help Google search engine bots crawl your website and rank it appropriately in search engine results.
#7 Do a Dry Run
Configuring SSL in your website requires some serious rewiring in the backend. There is a high probability of errors to creep in. Pushing your website live with those errors can make your website reputation land right on its face. So, do a dry run, preferably with tools like SSL Test to check if the entire implementation program has gone perfectly as planned.
#8 Other Miscellaneous tasks
There are few loose ends that you need to tie up in order to make your transition from HTTP to HTTPS complete. Remember, although these are trivial matters, they are critical for the smooth functioning of your website.
Take, for instance, updating your CDN. If you are using a CDN to speed up delivery of content to your website, make sure you update the CDN with the revised website URL.
Second, update the correct URL in Google Analytics or any other program that you are using for tracking your website. You might also want to update the same in your social media accounts.
Also, don’t forget to add the revised website URL to the webmaster tools and the sitemap for ensuring SEO-friendliness.
Few things to note about migrating to HTTPS
It is error-prone. Despite your perfect planning and working, some common errors are bound to crop up. Especially, mixed content warnings if any links are not properly updated.
Decreased search engine rankings
Don’t expect Google to put you in the top rank right after your HTTPS transition. Good things take time. In fact, there could be a dip in the search ranking right after the transition. The entire link juice may not be imparted when you set up 301 redirects. So give some time for the results to show up.
That should take care of moving your WordPress website from HTTP to HTTPS.