5 Steps To Migrating A WordPress Website to HTTPS

This post comes courtesy of my host 34SP in Manchester. If you own a UK website then it’s best for SEO that you host within the UK. I’ve been a customer since 2009 and can vouch for their excellent customer services and problem solving capabilities.

Written by Stuart Melling on Monday June 19th, 2017

Stuart is the Business Development Director for 34SP.com. Stuart oversees multiple areas of the business to ensure 34SP.com products and services are meeting customers needs. In his spare time, Stuart is overly obsessed with food and a keen blogger and writer therein.

By now, you’ve probably become bored of me (and the rest of the web) banging on and on about installing SSL on your website. You know you need to make the switch from http to https, you understand the risks and you know the rewards but still, you’re hesitant to make the move.

I understand the reluctance first hand. I’ve made the leap from http to https on several of my own personal websites and peaked through my fingers each time; have I made the switch correctly, did I just tank my SEO rankings, is everything really now working over SSL? Thankfully if you’re using WordPress to power your website, moving to SSL is a very simple process.

Step one

Let’s Encrypt SSL

Firstly you will want to enable your site for https:// and install an SSL certificate. We offer Let’s Encrypt on our Pro, Business and WordPress platforms as a one click installer in our control panel. The process is detailed in our KB article ‘How to install a Lets Encrypt SSL certificate‘, and shouldn’t take more than 90 seconds to get going.

Once you’ve installed the SSL, it takes an hour or so for our system to generate the certificate for you and install it. You can confirm all is working by going to https://YOUR_DOMAIN and looking at the start of the URL bar in your browser. If you see any of these, SSL is working:

If you don’t see any of these after a few hours, drop us a line to support@34sp.com so we can review the Let’s Encrypt installation. If something hasn’t gone exactly as planned, we will manually correct it for you.

Step two

Tell WordPress you’re now all SSL’ed

You’ll need to make sure WordPress knows what you’re up to next, otherwise, well things get confusing. Login to your WordPress dashboard and select the Settings option from the left hand side. You should see the following two options front and centre:

WordPress Address (URL)

Site Address (URL)

Both of these items should be updated to the new https address your going to call home. So if you previously had

WordPress Address (URL) http://www.34sp.com
Site Address (URL) http://www.34sp.com

You’ll now want to have:

WordPress Address (URL) https://www.34sp.com
Site Address (URL) https://www.34sp.com

If you use our WordPress hosting platform, WordPress is installed in it’s own special secured area (/wp), so your new settings should look like this:

WordPress Address (URL) https://www.34sp.com/wp
Site Address (URL) https://www.34sp.com

Likewise, if you’ve installed WordPress in a different directory other than the account root, you will need to specify that in the WordPress Address (URL) field.

Step three

Updating your WordPress database

If you’ve used your site for any amount of time prior to the switch, you’ll have posts on your site that reference http. You’ll want to update these to https ASAP. Having mixed use of http and https through your site, links and code is not advisable, and may cause warnings in browsers or security programs.

If you use our WordPress Hosting plan we automatically perform steps two and three for you. When you install your Let’s Encrypt SSL certificate we automatically perform a search and replace of http to https across your website’s database. This means all your posts will reference https rather than http.

If you use any other platform you’ll need to do this yourself, or ask our support team to update this. Again drop us a line to support@34sp.com and we will take care of this.

Step four

Nuts and bolts and stuff and things

This is the tricky bit that scares most people off, but don’t fear, we’re here to help as well.

Some parts of your website code might still refer to http://. This means even if you followed all the above advice and SSL is now running fine, parts of your site will insist on using http. This might be badly written plugins or themes that have hard coded use of http, or dynamically generate http.

While we or you could go ahead and perform another search and replace, the results could be unpredictable. Altering third party code shouldn’t really be tackled unless you’re a very advanced user.

Instead, we typically recommend the use of this nifty plugin in most case.

This excellent plugin buffers the output of your site and then dynamically rewrites all your URLs, ajax requests and a bunch of other bits. In English, that means while some bits of your code might be insisting on used http under the hood, by the time your site output’s to the web, it’s all been converted to https on the fly. And crucially without poking around in third party plugins or themes.

The downside to the plugin is that it takes a lot of processing power to convert the page. To minimise this, you will want to ensure you use caching on your site (again provided as standard on our WordPress hosting) to reduce how many times processing occurs.

Step five

Redirect all non HTTP traffic

The final step is to make sure all inbound requests to your site know to use https. While WordPress will rewrite things best it can, it is still possible some urls won’t redirect. This final item is made at the server level either within htaccess in Apache or on Nginxm the server location block.

Within Apache it would look something like this:

Again, with our WordPress Hosting we automatically redirect all the traffic over HTTP to HTTPS, without you needing to do anything at all. If you use other platforms, again, just get in touch if you need help.

Step one

Wait what?

Finally, if you’re starting a site from scratch, do it right and start with https:// from day one. The benefits for your site from SSL in 2017 are huge and it costs nothing.

If you are considering moving to HTTPS on our WordPress Hosting, you can also first enable HTTPS on your staging site, by adding a Lets Encrypt certificate.