How do I change my website to https?

It is important to learn how to move your website to HTTPS. Today we share sensitive information such as credit card and banking information or login credentials dozens of times a day.

The shopping website gives us lots of conveniences. We don’t need to go for orders, buy food, pay bills or talk face to face. Hell, right before I wrote this guide, I tried online glasses!

You also don’t have to use a corrupted ATM inadvertently to have your credit card data stolen. This is now also possible with your home convenience. At no additional cost!

There’s a flip-side, however. As the owner of a website, you have the responsibility to ensure it is safe particularly if you have an online shop and/or deal with financial or other sensitive information. The use of HTTPS and SSL encryption on your site is one of the most important steps. That’s what we’re going to discuss in this guide.

We’ll discuss what we mean by HTTPS and SSL first and how it works. We will then discuss the reasons for adding encryption to your site. Then we’ll tell you where to get an SSL certificate and finally give you a step-by-step guide on how to move your site to HTTPS.

Ready? Then put your safety guns on and let’s talk about safety.

Click here to view 8 steps to move your WordPress to https:/ How HTTPS works-Short definition Let’s first definite what we are talking about. Before you dive into how to move your website to HTTPS. You probably saw them at work before, even if you do not know what HTTPS and SSL are.

Visible on Site URLs HTTPS and SSL

Nowadays, most (and increasingly smaller) bigger websites start with https:/, rather than the familiar http:/ URL. In fact, you will see exactly that if you look at your browser bar while you’re on this site.

Website configuration move your website to https example Apart from that, you will notice the symbol padlock. This is how contemporary browsers show you are on a site using SSL encryption. In some cases the company’s name is included. Both are signs that you are on a site that takes visitors ‘ privacy seriously.

What does that mean?

HTTPS stands for Secure Hypertext Transportation Protocol. His cousin, HTTP (which means the same thing minus the Secure one at the end), is generally a communication protocol to make web traffic easier.

What’s the distinction?

The secure version uses the SSL certificate (Secure Socket Layer) for connecting the browser to the server. This means that any information exchanged is encrypted.

Move your website to https on the way encryption works By Munkhzaya Ganbold (Own Work)[ CC BY-SA 4.0] using Wikimedia Commons Encryption, random numbers and letters are used for replacing plain text information (such as usernames and passwords). In this way, people can no longer read and make sense of if someone intercepts them.

Sounds good, right? But do you need it really on your website? Let’s take a few good reasons for adding HTTPS to your WordPress site.

A quick note: SSL is technically no longer the right name. In the late 90s, the name was changed to TLS (Transport Layer Security). However, its name remained unchanged.

8 Steps to Move Your WordPress Site into HTTPS

Alright, we are now going to these article meat and potatoes: how to move Your Site from HTTP to HTTPS. We take this step by step to ensure that you can follow it easily. After all–we also care about the security of your site!

  1. When you make major changes to your website, you should always back it up first.

This way, you can return to the working version if something goes wrong (not that we expect it).

Because this case is no different, your first task is to back up your website. Even better–if you have the chance; do not only run the process on your live site on a test server.

  1. Implement your SSL certificate

We’ll first get an SSL certificate for ourselves. The simplicity or complexity of this process largely depends on your host.

As I looked for this guide, for example, I discovered that my current host does not support Let’s Encrypt and plans to do so. Of course, I’m in the process of switching. Hopefully, you are thinking a little further, like the companies on this list.

The best way is for your host to move your site to HTTPS right inside the management dashboard. For example, you can follow these instructions in order to switch your site to Let’s Encrypt in cPanel. Here you can find the same steps for Plesk.

There’s Certbot for everyone else. You simply can select the type of web server and the operating system you are using if you have administrative shell access on your server. The site will then tell you how to implement Let’s Encrypt on your server.

Shift your website to https by using the certbot If your SSL Certificate is received from another source, follow your hosting provider’s instructions to implement the switch (this is not a bad idea too).

Once this is done, you must start changing your WordPress website. That’s what we’re going to talk about next. If you feel that the following is too technical, you can try the Really Simple SSL plugin as well. It handles most of the heavy lifting described below.

  1. Add HTTPS to the WordPress Admin area

The WordPress dashboard is the first location to enjoy your new safe connection. By securing the back end first, you ensure that your information is securely exchanged whenever a user logs in.

To do so, in the WordPress root, open wp-config.php and add the next line before it says That’s all, stop editing!.

Define (‘FORCE SSL ADMIN’, true); it’s time for testing when you have updated the file. Try accessing the HTTPS URL to your login page, such as https:/ You should have a secure connection now if everything worked correctly. Then go on.

  1. After you have moved the WordPress backend to HTTPS

It is time to do the same for the rest of your site. This can be done by updating your site address in Settings > General.

Move your website to https change WordPress Add https:/ settings at the beginning of both WordPress and site address. Update your configuration by saving. You may need to log in again subsequently.

  1. Change your content and templates Links

Now it’s time to update any links that include the old HTTP protocol in your content and databases. This can help with a plugin such as Velvet Blues or the Search and Replace script. But be careful! They can also screw your site if handled incorrectly. Good thing you did earlier, right?

If in your theme templates and function files you have links to external resources and assets with absolute HTTP links, it’s very important to correct these links. Such considerations: images, videos, audio hosting the JavaScript and CSS-referenced CSS files or assets of those internal links If possible, change your links to / rather than https:/. They will then create their own relative links!

  1. Implement 301 Redirects in.htaccess

The next step to move your website to HTTPS is to set up a redirect that automatically sends visitors to a secure version. We will use.htaccess for that. This is the name of a major system file on your server (usually in the root directory of WordPress).

It usually contains settings to use pretty permalinks, so probably your installation already has one. To find this, please allow your FTP client to display hidden files as.htaccess is default invisible. When you don’t have one, simply create a plain text file, rename it to.htaccess and upload it to the root directory of WordPress.

Add next lines to this list: < IfModule mod rewrite.c > RewriteIngine On RewriteCond percent{ HTTPS} Off RewriteRule ^(.*)$ https:/percent{ HTTTP HOST}}[ L, R=301] < /IfModule > That’s it. Visitors (including Google bots) should automatically land on your WordPress website’s HTTPS version from now on. Make sure no page in both versions is available. This can lead to duplicate content problems. Not good for SEO. Not good for SEO.

  1. Test and go live

Okay, now we’re done with the main steps, it’s time to test whether everything works properly. Go to the SSL test for this. Please insert your domain name and click Send. This gives you an overview of how well you have implemented SSL on your site and details to identify potential problems in order to fix them.

Move your site to https ssl test results Then crawl the tool like SSL Check into your site. You can thus find any remaining links that you forgot. If all is okay, it’s time to go live. Well done! Well done! Now only a few peripheries need to be updated.

  1. Update your site environment

When it worked fine, now is the time to finish the transfer to HTTPS: Update your sitemap–this is done automatically ideally by your SEO plugin. It doesn’t always work that way, however. You may need to switch off the plugin once with Yoast SEO to update the sitemap. Do not forget to include it in your robots.txt file and update any other hardcoded links.

Add site to your webmaster tools– go to every webmaster tool you use and add a new site HTTPS version. Upload the new sitemap while you are there. You may also consider fetching and crawling and submitting any disclaimer files already activated for the old version of your site.

Update your CDN— You must also switch it to SSL if you have a content delivery network (one of the ways to speed up your site). Many of them have this function built in, and documentation for your CDN. Ask your support to help you otherwise.

Make the switch in your analytics — Make sure your analytics upgrade to the new prefix when a default URL is needed. The option is found under Admin > Property Settings > Default URL for Google Analytics.

Note: When you switch to HTTPS to understand the changes in traffic.

Preserve the social share counts— If you show your website social share counters, you might have to make some changes to keep them up-to-date. Check for details in this guide. Do not forget to update your social profiles ‘ links to your website! And in your email templates do the same.

That’s it! That’s it! You succeeded in moving your website to HTTPS. Congratulations, this has not been a small feat. If all went well, all left is pulling on your back and celebrating. If you have problems, we have some tips on troubleshooting next.

Why should your website be moved to HTTPS?

Only 0.1% of all websites currently use SSL. Therefore, the technology does not seem to be essential for a successful web presence. However, there are still persuasive reasons for joining the minority.

  1. You’re Site Handles Sensitive Information

First, if you have an online shop that manages credit card information or similar sensitive information, moving your site to HTTPS is a must. Customers want to trust and should be able to trust your website. It is your responsibility to do this.

For instance, if someone uses a public WiFi spot to access an unsecured website, others can steal payment details. How likely do you believe that person will return to your website if they use this information to steal from your customer?

Without HTTPS the data received by your visitors can also be changed. A third party could thus add ads, malware, or other things that you certainly don’t want others to see on your website.

AT&T was actually caught doing this a while ago (adding ads, not malware). You can, however, be sure that visitors don’t really care who did the act. They will all remember on your site that it happened.

However, even if you “only” handle normal login information, providing additional security layer and keeping it safe is not a bad idea. It will certainly be appreciated by your users.

  1. HTTPS is a sign that visitors are trustworthy and authentic:

Because of the general push to adapt HTTPS to the Web, encryption has developed into something that consumers expect more and more. In fact, 28.9 percent of them now view the green address bar in their browser as a number that is likely to increase over time.

Consumer expectations study with https

Why are they concerned? Since the small lock not only means that its traffic is protected, it also means that the website is authentic and not some false. After all, the same study shows that 77 percent of end users worry about the interception and misuse of their data.

If you have a choice between your site without HTTPS and a competitor who has implemented it, it is likely that you will decide against it. Especially as major browsers (Chrome and FireFox) now identify websites that have HTTPS-free shapes.

In the future, you may usually be warned of any site that has no encryption in place. And you don’t really want to be among them.

  1. SEO benefits

Not only do consumers expect them to move to HTTPS, but also search engines. Google officially announced that it now has an SSL certificate in place. In addition, while the importance of HTTPS is currently weak, it will increase over time.

In addition, HTTPS reference data to HTTP in Google Analytics is blocked. Thus, you will not see it properly in your web analysis if your website is running the old protocol and receives a lot of information from sites running on HTTPS. You might not be aware of platforms that send you lots of traffic and lose out when your commercial channels are amplified.

  1. HTTPS is also much faster

Staying faster on the subject of SEO, Don’t believe me? Try it here (use a private image caching window). When I did the test, HTTPS was 83% faster!

Speed comparison http vs https

Not bad, right?

Particularly because page loading speed is also a ranking factor

Not only that, but visitors are interested in it. In fact, if you don’t load it within three seconds, a large chunk will leave your site. See our guide on how to speed up WordPress for that and other reasons.

HTTPS Tips Unfortunately, not all rainbows and sunshine move your website to HTTPS. Some things may come up that need to be dealt with.

Mixed Content Warnings

Mixed content warnings are the most common problems after you move your website to HTTPS. This occurs when the browser finds unsafe links to a secure page. This usually involves updating links to jquery libraries, custom font or HTTPS versions.

Usually, you should do this while you scan your site before it is published. However, if you find such a warning, check what causes it.

In addition to these tools, you can also use Why No Padlock?

For single pages, then, whatever the problem is, correct.

Reduced search rankings

The switch from HTTP to HTTPS can adversely affect your rankings. What?! What?! Didn’t I say it’s good for SEO before? Why are your rankings going down?

Hear me first before you go back and kick HTTPS to the curb. This is usually only temporary if your SEO is adversely affected.

As you can see, Google treats https:/ and http:/ URLs as two entities. Even if you set up 301 redirects, they only transfer 90-99 percent of the connection juice. That’s why your rankings may drop at first.

However, they should actually increase over time after the initial decrease. As already stated Google sees the use of SSL as a positive factor, so you make it more attractive in your eyes if you move your website to HTTPS. In the long term, this will benefit you.


Keeping your website secure and its traffic is an important issue for any website owner. You can trust them with their sensitive data issues for consumers. This is a huge asset in times of increased data theft and HTTPS and SSL are the tools to achieve it.

In addition to signaling confidence to consumers, moving your website to HTTPS also allows you to take advantage of speed increases and better SEOs. Moreover, with a free service such as Let’s Encrypt, costs are no longer disruptive.

Above, you have learned how to obtain and implement a free SSL certificate on your WordPress website. We have taken the necessary steps to move your whole site to HTTP’s safe cousin and have also discussed other aspects when making the switch.

You can now add HTTPS and SSL to your WordPress website if you have followed it. Know that this is a big future investment and where the web moves. Your visitors, users and website are going to thank you.

Was this article helpful?

Leave a Reply

Your email address will not be published. Required fields are marked *