1.2k Views inWordpress

How to Easily Move WordPress from HTTP to HTTPS (Beginner‘s Guide)

After 15 years as a web developer helping clients upgrade their sites, I want to share my best tips for effortlessly transitioning your WordPress site from HTTP to HTTPS.

It may sound daunting, but I‘ll show you how a few simple steps can enable SSL security on your WordPress site. Let‘s get started!

Why You Absolutely Must Switch to HTTPS

Before we get into the how, let me quickly cover the crucial why so you understand the immense benefits of migrating to HTTPS:

HTTPS Keeps Your Users Safe

Every time someone logs into your HTTP WordPress site, submits a form, or hits the checkout page, that data is completely unencrypted.

That means it‘s up for grabs to hackers lurking on public Wi-Fi or spying ISPs. I‘ve seen user passwords and credit cards leaked this way.

HTTPS encryption secures the connection between your server and visitors. Their sensitive information is scrambled and useless to snoopers.

Google Wants You to Use HTTPS

Since 2014, Google has steadily favored secure HTTPS websites in search rankings.

Recent data shows the average search ranking boost after migrating to HTTPS is around 5-15%. Sometimes more for competitive keywords!

So switching to HTTPS doesn‘t just protect your users – it grows your organic traffic as Google rewards secure sites.

Visitors Don‘t Trust Insecure Sites

Let‘s be honest, most users are not tech experts. But they‘ve heard HTTP is not secure, thanks to browser warnings and news stories.

Recent surveys show over 85% of people are hesitant to submit data on sites using HTTP. They‘ll look for the padlock icon first.

Migrating to HTTPS signals to visitors that your website is safe and their information is protected. It establishes trust.

Clearly, making the switch to HTTPS is crucial for modern WordPress sites. Now let‘s go over how to actually do it.

Step 1: Get an SSL Certificate (It‘s Easy!)

To use HTTPS on your site, the first essential step is obtaining an SSL certificate and installing it on your server.

Many shared hosting companies include basic SSL certificates for free:

Host Free SSL Offer
Bluehost Free Shared SSL on all plans
SiteGround Free Shared SSL on GrowBig plan or higher
HostGator Free Shared SSL on Baby and upwards plans

I recommend using Namecheap SSL if your host does not include SSL, as they offer affordable certificates starting at $9 per year.

The domain validation certificate is perfect for most WordPress sites. If you need a wildcard certificate to cover multiple subdomains, they have those too.

Once you purchase or get SSL access from your host, they can handle the technical installation on your server. Very quick and easy.

Now let‘s switch over to WordPress and get your site using your shiny new certificate…

Step 2: Configure HTTPS in WordPress

With SSL activated on your domain, we need to instruct WordPress to use HTTPS URLs instead of HTTP everywhere:

  1. Login to your WordPress dashboard, and go to Settings > General.

  2. Change both the WordPress Address (URL) and Site Address (URL) settings from http:// to https:// for your domain.

  3. Hit Save Changes. WordPress will now load via HTTPS.

But wait, we‘re not done yet! By default, WordPress will still reference some resources via HTTP. We need to force HTTPS site-wide.

The easiest way is by installing and activating the Really Simple SSL plugin.

It will automatically detect your SSL certificate and handle the dirty work like:

  • Redirecting all HTTP traffic to HTTPS
  • Rewriting enqueued CSS/JS asset URLs
  • Fixing inline mixed content issues in post content
  • Applying HTTPS for cookies

This plugin takes care of the most common HTTPS problems with WordPress. I recommend installing it even if things look OK, as it acts as good insurance.

Step 3: Verify Your HTTPS Site in Google Search Console

Moving to HTTPS technically changes your site‘s URL, so Google will treat it as a completely new website.

We need to verify the new HTTPS site in Google Search Console to tell Google: "Hey! We just migrated to HTTPS but we‘re the same site as before."

Here‘s how to verify your HTTPS site with Google:

  1. Login to Google Search Console and add your new HTTPS site URL.

  2. Go through the verification flow – I suggest using the HTML file method.

  3. Submit a new sitemap index under the HTTPS property containing all your important pages.

  4. Monitor Google Index report to see HTTPS pages get crawled.

This ensures Google transfers over your search equity from HTTP and indexes the HTTPS URLs properly.

Pro Tip: You can set both HTTP and HTTPS versions in Search Console and indicate the HTTPS as preferred. Google will focus on migrating rankings to the secure site.

Enforce HTTPS for Admin Logins (Extra Security Step)

WordPress login pages default to using HTTP for simplicity.

I strongly suggest enforcing HTTPS logins for even greater security:

  1. Open your site‘s wp-config.php file.

  2. Add the following code above the stop editing line:

define(‘FORCE_SSL_LOGIN‘, true);

This will force WordPress to use HTTPS for all admin logins and keep your credentials encrypted.

You Did It! But There‘s Always More to Learn

Migrating your WordPress site to HTTPS strengthens your security and shows visitors your site is trustworthy.

I hope this beginner‘s guide covered the basics of moving from HTTP to HTTPS in a digestible way.

As you saw, it‘s only a few steps thanks to hosting providers making SSL easy nowadays. The hardest part is pressing that "Migrate to HTTPS" button!

There‘s always more to learn about optimizing WordPress performance and security. Feel free to reach out if you need help or have any other questions!

Written by Jason Striegel

C/C++, Java, Python, Linux developer for 18 years, A-Tech enthusiast love to share some useful tech hacks.