In the modern era of hyper-connectivity, getting by without the internet is virtually impossible...
As internet users, we are constantly plugged in, sharing our personal data through emails, logins, credit cards, and much more.
Because of this constant data sharing deluge, we are at risk for having that information exposed and falling into the hands of the wrong people.
Given that threat, how should you protect yourself - and others - online? First and foremost, if you have a website you must make the switch to HTTPS (from HTTP).
Switching your website to HTTPS is not just important - it's a necessity to protect the personal information of anyone who visits and interacts with your website.
In this guide, we'll walk you through the process of making the switch to the safe-and-secure world of HTTPS and SSL encryption, and then explain how it protects your website, those using it, and the information on it.
Ready to learn more? Let's dive in.
How to Move your WordPress Site to HTTPS
Before moving into the details, let's first answer the question you've been dying to ask: what exactly are HTTPS and SSL? While you might not be familiar with the terms, you have most likely come across them in your time using the internet (whether you were aware of it or not).
HTTP stands for Hypertext Transport Protocol. HTTPS stands for Hypertext Transport Protocol Secure. These are the communication protocols used for web traffic - literally, the "language" of how data is transferred and shared on the web.
What to Look For?
Most of the URLs seen today don't start with http:// but https:// instead. For example, the address to this very site displays that.
If you see the padlock left of the URL, that is the sign that the site is using an SSL encryption. These are vital signs to look for if you are a consumer, being that these represent a secure website.
HTTP vs. HTTPS?
HTTPS uses a Secure Socket Layer certificate to authorize a connection between the browser and a server. Thus, any information exchanged becomes encrypted.
What does it mean for information to be encrypted? Encryption means changing everyday text information (usernames, passwords, etc.) with signs, letters, and numbers that make no sense to the human eye. This way, if someone were to intercept the data, it would be illegible to another human.
Note: SSL is not the scientific name. About 20 years ago, it was changed to be called TLS (Transport Layer Security) and SSL was no longer used. You will still see it called SSL in most places.
Related Read: .com vs .co.uk - Which Domain Extension is Right for Your Website?
1. Back-up the Website
Before making any changes to your site, make sure it's backed up. This eliminates any possibility of permanent error. If you have the chance, run through this process on a test server, not only on your live site.
2. Establish the SSL Certificate
After performing a proper backup, the next step would be to acquire an SSL Certificate. The difficulty of this process will depend on the host you’re using
The ideal situation is that the host you’re using has an option to move your site to HTTPS directly. For example, switching your site to "Let's Encrypt" in cPanel is reasonably straightforward. The instructions for that can be found here. Also, there are instructions for Plesk.
There is also Certbot.
If you have direct access to your server, you can select the web server and operating system already in use.
Following that, the site will walk you through the steps of implementing "Let's Encrypt" on the server.
If your Secure Socket Layer comes from a different source, your hosting provider will be able to help once you contact them and explain the issue.
3. Add HTTPS to the WordPress Admin Panel
It’s important to protect the backend first so that whenever a user logs into your site, the information will be exchanged securely.
For this process, open wp-config.php in the WordPress root folder and add this below in the area before you see stop editing!
Now that the file is updated, you’ll want to test it. To do that, you should navigate to your admin login URL using "https" instead of "http" before the address. If everything loads correctly, your connection should be secure.
4. Changing Your Website Address
Now that you’ve moved the WordPress backend to HTTPS, you can complete this for the rest of your site. To do this, update the website address by going to settings and then general from WP dashboard.
Add https:// to the start of the WordPress address and then your site address. If you then save it, the settings will be updated. *This might cause you to have to log in again*
5. Change Content and Template Links
Because you'll be changing your site over to HTTPS, you'll need to update any links that you've used that included that old HTTP address. To do this, you can use a plugin such as Search and Replace Script or Velvet Blues. There are some risks involved; however, as long as you have backed up correctly, it should go smoothly.
If you have links to external resources or assets in theme templates or other files with HTTP links, those should be corrected as well.
A few things to consider...
Any media you may have on your site. (Audio, Images, etc.)- Different web fonts.
- Different HTML documents
- Javascript and CSS files, including anything used in the files
- Any links internally
Any media you may have on your site. (Audio, Images, etc.)If it allows, change your links to // instead of https://. This will allow them to create their own relative links.
6. Execute 301 Redirects in .htaccess
Hey, you're still with us! I know the topic of HTTPS conversion isn't exactly pillow talk, but just a few more steps…
Now, when you move your website to HTTPS from HTTP, you also need to put a redirect in place. This will send visitors to the secure version of your site. To accomplish this, use .htaccess, which is an important system file on your server, usually found in the WordPress directory.
First, set your FTP client to show hidden files because .htaccess is invisible. If you don't already have one of them, create a plain text file and rename it to .htaccess. Next, you should upload it to the WordPress root directory.
Next, add these lines to it:
Now, visitors (including Google bots) will automatically land on the HTTPS version of your WordPress page.
You should also be sure that there are not any pages that are available in both versions. This will lead to issues with duplicate content, which can hurt your SEO numbers.
7. Test and Go Live
It’s time to test! To test properly, go to SSL Test, insert the domain, and click Submit. This will give you an evaluation of how well the implementation of SSL worked. This will also reveal any potential issues that need to be fixed.
Following this, it’s advised to crawl your site with a tool like SSL Check. If you have any leftover links that you may have missed, this should clean them up.
8. Update Site Settings
If everything is working correctly, there are a few last steps to consider to complete the transfer from HTTP to HTTPS.
Refresh your sitemap - In an ideal world, the SEO plugin you're using will do this automatically. With programs like Yoast SEO, it’s possibly you could have to switch off the plugin for the update to occur. Also, don't forget to include it in your robots.txt file as well as update all other hard-coded links that live there.
Add the site to any webmaster tools - You'll want to add the HTTPS version for every webmaster tool you use. You'll also want to upload the new sitemap. You might perform a fetch and crawl as well as submit any disavow files that are active for now outdated versions of the site.
Update the CDN - If you're using a content delivery network (and let's be honest, who isn't using a CDN these days?), you need to switch it to SSL. A majority of them will have a built-in feature that accomplish this.
Make the analytics change - If your analytics needs a default URL, make sure to add in the new prefix. For Google Analytics, it is found under Admin > Property Settings > Default URL. Also, make sure you keep track of when you made the HTTPS conversion to account for traffic changes.
Retain social shares - If your site displays social shares, you could need to address those to keep them current. You'll also need to update the links to your on your social profiles, email templates, etc.
WHEW. Okay, we're done, I promise. Those are the steps that should have successfully moved your site to HTTPS.
Why Move Your Website to HTTPS?
While the number of sites using SSL is rising, many still run on insecure networks. While this isn't required to run a successful web business, many benefits come along with making the switch.
1. Your Site Handles User’s Important Information
From a business standpoint, you have to be extremely careful with other people's information. If your online shop handles credit cards or personal information of any of your customers, moving your site to HTTPS will go a long way in protecting anyone who visits or uses your site.
Any unsecured sites can put internet users at risk. Protecting your customers is a necessity to run any ethical business, and not protecting the private information of your customers will be detrimental to your company and site.
If a site were to not use HTTPS, the data that your visitors received could be altered. A third party could add ads, malware, or anything else that wasn't meant to come from you.
Even if your company deals with something as simple as login information, adding that extra layer of security is a good idea, one that will give your site a more credited and professional feel.
2. HTTPS Is a Sign of Professionalism and Authenticity
If a customer is visiting a site, especially spending money on one, encryption has become an expectation. Almost 30% of internet users look at the green address bar when surfing through sites, a number that is only increasing. Also, a substantial majority of visitors are more likely to trust a website if their data is sent over a secure connection.
As stated above, if a visitor to your site knows that it’s secure, it is more likely to trust the site, which means they will be more likely to purchase items because they know their financial information will be safe.
Major browsers such as Google Chrome or Mozilla Firefox will warn the users that the site has pages without HTTPS, and that would be a negative indication to anyone looking to do business on your website.
3. SEO Benefits
As of last year, Google has gotten serious about sites having an SSL certificate when it comes to rankings. So for SEO purposes, not having the protection will hurt you in the long run.
Besides, referral data from HTTPS to HTTP is blocked in Google Analytics. If you have another website still running on HTTP and you’re getting referrals from sites running on HTTPS, it will not be correctly displayed in the analytics. This could cause someone to be aware of a site gaining traffic, and that could be a missed opportunity for any business.
4. Speed of Loading Time Increases
Regardless of all the safety benefits, HTTPS merely is faster. You can find out the difference by using an HTTP vs HTTPS test (use a private window to prevent image caching). Running the test right now, using HTTP is 750% (seriously!) slower than HTTPS.
HTTP vs HTTPS test
This is especially important because page speed will also play a factor in Google rankings. According to studies, users only stay on websites for 15 seconds if their attention is not caught. If a site has a slow loading speed? Forget about it. We’re all clicking out of there to move onto something else.
HTTPS Troubleshooting
There is a chance that the transition from HTTP to HTTPS will not be a straight path. In case something comes up, some common issues can be solved.
1. Warnings about “Mixed Content”
The most common problem that can arise after your transition to HTTPS is a variety of mixed content warnings. This can occur when your browser - typically Chrome or Firefox - locates non-secure links on a secure page. This can be solved by updating links to jQuery libraries or custom fonts.
This is something that usually should be taken care of by scanning and editing your site before publication. However, if you do receive this warning, you might have to make some link changes.
2. Lower Search Results Ranking in Google
While we mentioned the benefits of transitioning from HTTP to HTTPS, it can also influence your search rankings negatively on a short-term basis.
Google now sees https:// and http:// URLs as two different entities, and strongly prefers the secure version. Even if you set up an extremely high number of redirects, they will only transfer a certain percentage of the links. Due to this, your rankings might drop, just in the beginning.
Following this initial dip, the rankings will increase over time. Because Google puts a value of the use of SSL, it’s going to be beneficial in the long run.
So, is Switching to HTTPS Right for Your Site?
Above all, keeping your site and its traffic secure is extremely important to any successful website. Portraying to your potential customers that their data is safe and that their confidentiality is intact is good business, especially in a time of increased data theft.
Aside from the safety aspect, moving your website to HTTPS will allow you to benefit from increased speed and more effective SEO results. Plus, with free services such as Let’s Encrypt, cost should no longer be a deterrent.
Through this guide, we hope you have learned how to obtain a free SSL certificate and implement it into your WordPress site. Now that you are able to add HTTPS and SSL, you will have a secure website and an overall better experience for any user that crosses your path.
