You may have noticed that most websites have transitioned from HTTP to HTTPS. Redirecting HTTP to HTTPS WordPress would be a good idea.
One major reason for this exodus is Google’s disapproval of HTTP. In July 2018, Google introduced a new development – marking all HTTP websites as “not secured.” Any site with such marking will surely discourage visitors. Even worse, they barely appear on search results.
Needless to say, if you’re about to launch your website, integrating HTTPS into it is the best approach. But if your WordPress website already runs on HTTP, you can easily migrate it to HTTPS. This comprehensive guide will provide you with step-by-step instructions on how to accomplish the task.
What is HTTPS?
First, HTTP stands for Hyper Text Transfer Protocol. You can think of it as the platform through which the browser and the web server communicate. The current version of HTTP is known as HTTP/2.
The ‘S’ in HTTPS stands for secure – meaning a secure connection. In simpler terms, HTTPS creates a safer connection between the browser and the web server, ensuring secure communication. That way, a web user doesn’t have to worry about a hacker compromising their sensitive data.
For a website to have a secured connection, it requires a matching, authentic Secured Socket Layer (SSL) certificate. The most up-to-date version of HTTPS is Version 1.2.
Often, some web owners attempt to game the system by enforcing HTTPS on a website without acquiring an SSL certificate. When you attempt to access such a site, you will see this:
That said, let’s examine some of the reasons why you should consider moving to HTTPS.
What are the reasons to switch your WordPress site from HTTP to HTTPS?
Installing HTTPS offers numerous benefits, and here are some of them:
HTTPS instills confidence in web users
In this age of heightened cyber-crime, nothing is as scary as providing the internet with sensitive personal information. However, a website with a secured connection alleviates this fear. If your website requires users to provide sensitive personal details, SSL (HTTPS) is a must.
All e-commerce stores must have HTTPS
If you plan to set up an e-commerce store or already have one, implementing HTTPS is essential and non-negotiable. This ensures that users feel secure when providing their credit card details.
HTTPS websites achieve better performance, SEO-wise
It’s known that Google naturally pushes down websites without a secure connection on search pages. So, if you don’t want that to happen, it’s time to upgrade your site to HTTPS.
HTTPS websites typically load much faster compared to their HTTP counterparts
Talking about SEO, load time has emerged as a major ranking factor. Carelessness regarding your website’s load time is not affordable. One sure way to speed up your site is to migrate from HTTP to HTTPS.
If you require further tips on this, please refer to our WordPress Speed Guide.
Now that you’ve seen the benefits a secure connection has to offer, it’s time to obtain one.
Steps for migrating WordPress from HTTP to HTTPS
1. Obtain an SSL Certificate
The initial step is to acquire an SSL certificate. The method you choose depends largely on your budget and the type of hosting account you have. There is a wide range of options available, including both free and paid alternatives. The cost of the paid version ranges from $20 to $75 per year. Additionally, certain hosting providers include an SSL certificate as part of their hosting package, while others do not. Obtaining one from your host and having them enable it is a simpler approach.
If, on the other hand, you are looking to obtain a free SSL certificate, here’s how you can do it:
Let’s talk about Let’s Encrypt
Since the implementation of mandatory SSL for websites, Let’s Encrypt, a non-profit organization, emerged as a provider offering free SSL certificates. The notable advantage is that obtaining an SSL certificate doesn’t require technical expertise. Accessing it is as simple as navigating to the ‘Security’ section of your cPanel and clicking on Let’s Encrypt, provided your hosting provider is supported. In case Let’s Encrypt is unavailable, you can consider using SSL For Free as a viable alternative.
Get SSL for free
Enter your website’s URL on the homepage of SSL For Free and click “Create Free SSL Certificate.
Next, choose the verification method that you feel most comfortable with to prove your ownership of the website. Selecting automatic verification is the easiest option, so opt for it.
On the next page, enter your FTP username, password, and directory. Typically, these details correspond to your cPanel information, which you can obtain from your host. The directory is commonly referred to as “/public_html”.
Click on the “Download Free SSL Certificate” option. Lastly, enter the email address where you would like to receive notifications. This step is crucial as it ensures you receive alerts for SSL updates.
Please note that you will need to manually update this certificate every 90 days.
Now that you have your SSL certificate in hand, it’s time to install it.
2. Install the SSL certificate from your host
To simplify the process and avoid any complications involved in installing SSL on your host, get in touch with your hosting provider. Simply provide them with the downloaded free SSL, and they will assist you with the setup.
3. Migrate your WordPress site to HTTPS
Once you have installed the SSL certificate on your host, the final step is to modify WordPress so that all your links start with HTTPS. You can accomplish this either by using a plugin or by making the modifications manually.
Utilize a plugin
For beginners, it is recommended to use a plugin for this task. However, if you possess coding experience and a good understanding of the WordPress environment, you may choose to perform the migration manually.
For this tutorial, we will use the Really Simple SSL plugin. Its name indicates its simplicity and intuitive nature, making it easy to use.
Install and activate the plugin by accessing the “Add New Plugin” area in WordPress.
After installing and activating the plugin, navigate to Settings >> SSL. From there, click the “Reload over HTTP” button for successful execution.
Upon clicking, the plugin will enforce HTTPS on all pages of your website and address any mixed content errors that may occur during the migration process.
Migrating Manually
If you find it challenging to migrate your WordPress website using a plugin, opt for the manual method. Begin by logging into your WordPress Dashboard and navigating to Settings >> General. Replace “HTTP” with “HTTPS” in both the “WordPress Address (URL)” and “Site Address (URL)” sections.
4. Ensure you take care of 301 redirects
If you choose the manual route, it is important to set up a proper 301 redirect. A 301 redirect ensures that any visitor attempting to access your old site (http://yourwebsite.com) will be automatically redirected to the new one (https://yourwebsite.com). In other words, you need to redirect WordPress HTTP to HTTPS. This will help you resolve the mixed content issue that can negatively impact your SEO and website rankings.
To do that, establish a connection to your website via FTP. Once connected, locate the folder that contains your WordPress files (typically named “public_html”) and double-click to open it.
Scroll down in this folder and find the .htaccess files. Perform a right-click on the files and choose the option “view/edit” from the menu
Replace the URL of your website, “mywebsite.com,” in the file. Save and close the file after making the changes. When FileZilla prompts you to upload the updated file, agree and proceed with the upload.
Congratulations on successfully migrating your website from HTTP to HTTPS!
SSL Check (How to Verify if SSL Certificate is Working)
Now that you have set up your SSL, it’s time to check if it’s working. There are two approaches you can take for this task.
Check your SSL online with the SSL Checker
Go to SSL Labs, enter your website’s URL, and submit it.
If you have installed it correctly, you will see the following screen.
Conduct a physical examination
To check if you have installed SSL properly, look at the top bar of your browser. You should see a padlock symbol in the top left-hand corner, and the URL should display “HTTPS”
One final important step involves checking your website on Google search to ensure the transition from HTTP to HTTPS. You can perform this check in Google Search Console. Additionally, after a couple of days, examine your website traffic in Google Analytics to confirm that the migration did not impact your site’s traffic.
Conclusion
If you haven’t already done so, don’t wait to redirect HTTP to HTTPS WordPress. Taking this step will accomplish two things for you:
Demonstrate your seriousness to Google and other search engines, instilling confidence in visitors. Few things are as frightening in the online realm as encountering an insecure website and receiving a security warning from your browser.
We hope our guide has successfully assisted you in moving WordPress from HTTP to HTTPS. This comprehensive tutorial has provided you with the necessary steps to enable HTTPS on your site. Hopefully, you have completed the process and now see the reassuring green section on your navigation bar, indicating that your site is secure. For additional WordPress tutorials, please visit our blog.
