Hi there! Are you looking to switch your WordPress site over to HTTPS? Migrating to HTTPS is one of the best things you can do to boost your site‘s security and trust.
But if you‘re not a tech expert, the process can seem daunting. Not to worry – I‘ve been building websites for over 15 years, and I‘m going to walk you through migrating to HTTPS step-by-step. By the end, you‘ll have a more secure and credible WordPress site.
Contents
Why HTTPS Matters
Before we dig in, let‘s talk about why making the switch from HTTP to HTTPS is so important for your website:
Encryption Protects Your Visitors‘ Data
HTTPS connections are encrypted using SSL certificates. This means all data sent between a visitor‘s browser and your site is secure from snooping and tampering.
Google Rewards HTTPS Websites
Sites switched to HTTPS get an SEO ranking boost in Google search results. So migrating can directly improve your search traffic too!
Visitors Trust HTTPS Sites More
When a user sees "Secure" in their browser‘s address bar and the padlock icon, they know their connection is private. This makes them more likely to share data and make purchases.
HTTP Sites Can Be Flagged As Not Secure
Newer browsers like Chrome actually warn users with a "Not Secure" label when visiting HTTP sites. You don‘t want visitors seeing that on your site!
Stats Show the Growing Importance of HTTPS
-
83% of websites are now HTTPS, up from just 45% in 2018 (Source)
-
Sites loaded over HTTPS have a 30% higher conversion rate (Source)
-
90% of users feel more confident in a business after seeing HTTPS on their site (Source)
So in short – migrating to HTTPS is crucial for security, traffic, conversions, and trust. Let‘s look at how to make the switch.
Prerequisites For Enabling HTTPS
Before you can activate HTTPS on your WordPress site, there are two key requirements:
Install an SSL Certificate
An SSL certificate contains the encryption keys needed for a secure HTTPS connection. Many web hosts now include basic SSL certificates for free with new accounts.
If your host doesn‘t offer one, you can purchase an SSL certificate from vendors like Namecheap or Digicert for around $50-100 per year.
Use a Web Host That Supports HTTPS
Your web host‘s servers need to be configured specifically for HTTPS traffic and SSL certificate installation. Most modern hosts like Bluehost, SiteGround, WPEngine, etc have this covered.
If your current web host can‘t handle HTTPS, you‘ll need to switch to one that does first before migrating your WordPress site.
Two Ways to Switch Your WordPress Site to HTTPS
Once you have an SSL certificate installed and a compatible web host, it‘s time to make the move to HTTPS. You have two options:
The Easy Way: Use a Plugin
The simplest approach is to use a plugin like Really Simple SSL. Just install it, activate it, and it will automatically configure WordPress to use HTTPS site-wide.
The main downside is you‘ll need to keep the plugin active indefinitely. If you ever deactivate or uninstall it, your site may break.
The Manual Way: Change Settings Yourself
For a plugin-free method that doesn‘t rely on third-party code, you can manually update these key settings:
- Change the WordPress Site URL to HTTPS in General Settings
- Add 301 redirect rules from HTTP to HTTPS in the .htaccess file
- Force HTTPS for the admin area and login pages in wp-config.php
- Do a search/replace to change all HTTP links to HTTPS in the database
- Update any hardcoded HTTP references in your theme or plugin files
This process takes more work up-front. But the benefit is that your site will keep working over HTTPS even if you change hosts or deactivate plugins down the road.
Let‘s take a more in-depth look at both options…
Using a Plugin to Automatically Enable HTTPS
The easiest way to switch to HTTPS is using the Really Simple SSL plugin. Here‘s how:
- Log into your WordPress dashboard and go to Plugins > Add New
- Search for "Really Simple SSL" and click Install Now
- When it finishes installing, click Activate Plugin
- Under Settings > SSL, the plugin will detect your SSL certificate
- Click "Activate SSL" and the plugin will configure HTTPS across your site
And that‘s it – the plugin automatically handles the technical details of migrating your site to HTTPS. Just keep it activated, and your WordPress site will now load over a secure connection.
The one catch is that you‘ll need to leave the plugin active indefinitely. If you ever deactivate or uninstall it, links may break as your site reverts to HTTP.
Troubleshooting Issues With the Plugin Method
Here are some common issues and fixes to be aware of when using the Really Simple SSL plugin:
-
Site breaking when deactivating – Unfortunately this is expected behavior since the plugin makes HTTPS work behind the scenes. Avoid deactivating it.
-
Mixed content errors – Occurs when some assets are loaded over HTTPS but others use insecure HTTP. Use the "Fix Insecure Content" option under SSL settings.
-
HTTPS not working properly – Try clearing your browser cache and cookies. If issues persist, contact your host‘s support for assistance troubleshooting.
Now let‘s go over the manual process of switching to HTTPS…
Manually Configuring WordPress for HTTPS
The manual method of moving your WordPress site to HTTPS involves editing configurations and doing search/replace operations. Here are the steps:
1. Update Site Address to HTTPS
In Settings > General, change both the WordPress Address and Site Address fields to use https:// instead of http://. Save your changes.
2. Add 301 Redirects from HTTP to HTTPS
Add the following code to your .htaccess file to redirect all HTTP traffic to HTTPS:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]3. Force HTTPS for Admin Area
Add this line inside wp-config.php above the "stop editing" comment:
define(‘FORCE_SSL_ADMIN‘, true);This will force HTTPS for the /wp-admin dashboard and login pages.
4. Update All HTTP Links in Database
Use a search/replace tool like Better Search Replace to change all instances of http:// to https:// in the WordPress database.
5. Update Hardcoded HTTP References
Check your theme and plugin files for any hardcoded HTTP links and switch them to HTTPS.
After completing these steps, your WordPress site should fully run over HTTPS now!
Potential Issues With the Manual Method
Some potential pitfalls to look out for when switching manually:
-
Mixed content errors – Double check that all linked assets use HTTPS URLs too.
-
Traffic drop after changing domains – Use Google Search Console to monitor and submit new HTTPS site version.
-
HTTPS links not working properly – Flush browser cache and test with a private browsing window. Revert issues with a site backup.
The manual process takes more effort up-front, but ultimately gives you full control over your site‘s HTTPS setup.
Final Checks After Migrating to HTTPS
Once you have your WordPress site running over HTTPS using either method, here are two final best practices:
Verify Your Site Loads Securely
Double check that pages load with "Secure" labels in browsers and no mixed content warnings.
Submit New HTTPS Site to Google Search Console
This tells Google your site has migrated to HTTPS. Follow their steps to verify and submit the new HTTPS address.
And that‘s it – you‘ve successfully moved your WordPress site from insecure HTTP over to encrypted HTTPS. Nice work!
Your site‘s visitors are now browsing with privacy and security. With HTTPS enabled, you can feel better about building credibility and trust with your audience.
I hope this beginner‘s guide to switching over to HTTPS helped explain the importance of migrating and gave you a clear roadmap to update your own WordPress site. Let me know if you have any other questions!
