Learning how to switch your WordPress site to HTTPS has become a necessity.
These days, we share more and more sensitive data like banking and credit card information and login credentials, multiple times a day.
As a site owner, especially if you have an online store and/or deal with banking or other sensitive information, you have the responsibility to keep them safe.
One of the most important steps to achieve this is to use the HTTPS encryption and SSL encryption (Secure Sockets Layer) on your site. So this is what we are going to talk about in this article.
In case you haven’t made the switch to HTTPS yet, you should definitely consider it, because Google is going to penalize non-HTTPS sites very soon.
It is really recommended that every WordPress site or blog uses HTTPS. If you’re still wondering why, here are some good reasons:
- All data is secure (for example, information submitted via a contact form).
- Builds trust with visitors to your WordPress site.
- Improves your natural referencing.
- Optimizes website speed.
Switch your WordPress site to HTTPS in 8 simple steps:
1. Back up your WordPress site
We advise, whenever you make major changes to your site, to always back it up first. This way, if something goes wrong, you can revert to an earlier version without losing all your work.
This case is no different, so that’s your first task.
2. Switch your WordPress to HTTPS using the SSL certificate
The first thing you need to upgrade your WordPress site to HTTPS is an SSL certificate.
An SSL certificate will encrypt/protect data passing through a site.
You can buy this certificate for a few euros from your host.
Some hosts will also allow you to use a free Let’s Encrypt SSL certificate.
You will need to ask your host for more information on this. The only drawback of Let’s Encrypt certificates is that they are only valid for 90 days and you will have to renew them afterwards (OVH does this automatically for example).
If you are with OVH, all you have to do is go to your customer area, then to hosting and activate your SSL from the dashboard as below:
3. Enable SSL WordPress administration
When you have ordered your SSL certificate and it is activated, I recommend you start by changing WordPress admin to use HTTPS.
To do this, simply add the following line of code to your file wp-config.php.
define('FORCE_SSL_ADMIN', true) ;
In case you have never edited your file yourself wp-config.phpyou can find the file in your main WordPress folder called wp-content in most cases. You can access the folder via an FTP like Filezilla.
4. Enable HTTPS for your entire WordPress site
Once you’ve changed WordPress admin to HTTPS and haven’t had any issues, you’re ready to protect your entire WordPress.
The first step is to change your site URL in the WordPress admin area. You can find your website URL under Settings > General.
Now your WordPress site is already using HTTPS and any links you use should now also be changed to HTTPS.
A very useful tool for this step is the Better Search Replace WordPress plugin. The plugin will search all pages in your database and find all HTTP URLs for you. Then you can replace them with their HTTPS version. You will need to include your HTTP URL (e.g. http://yourdomain.com) in the “Search” text field and the new HTTPS URL (e.g. https://yourdomain.com) in “Replace with”.
You can also use the Yoast SEO plugin to force canonical URLs to HTTPS.
5. Force HTTPS on WordPress via your htaccess file
The last step to take is to set up a 301 redirect for all your HTTP URLs to the new HTTPS version.
This way your WordPress will always be used in its HTTPS version, even if someone still uses the HTTP URL it will automatically redirected.
This step is very important, because other sites may still have links to old HTTP links (for example, if you have been mentioned on other blogs).
The code we use for our WWW-free site is:
# Redirection vers HTTPS RewriteCond %{SERVER_PORT} ^80$ [OR] RewriteCond %{HTTPS} =off RewriteRule ^(.*)$ https://monsite.com/$1 [R=301,L] # Redirection du www vers non-www en HTTPS RewriteCond %{HTTP_HOST} ^www\.monsite\.com [NC] RewriteRule ^(.*)$ https://monsite.com/$1 [R=301,L]
If your WordPress site starts with www then use this code instead:
# Redirection vers HTTPS RewriteCond %{SERVER_PORT} ^80$ [OR] RewriteCond %{HTTPS} =off RewriteRule ^(.*)$ https://www.monsite.com/$1 [R=301,L] # Redirection du non-www vers www en HTTPS RewriteCond %{HTTP_HOST} ^monsite.com [NC] RewriteRule ^(.*)$ https://www.monsite.com/$1 [R=301, L]
We recommend inserting this snippet through FTP access, that way you will find your file .htaccess in the main folder of your WordPress (so the same folder in which you will also have your file wp-config.php).
You may also like: the best WordPress hosts
You don’t have to worry if you don’t immediately see a green padlock in your browser’s URL bar.
In most cases, you will be able to resolve the issues easily.
To see what’s causing the errors, look at your browser’s inspector (for example in Google Chrome or Firefox) in the Console tab. There you will find detailed information, where you still have active HTTP URLs on your website.
You can also use the Why No Padlock site to check if you still have existing HTTP URLs. These could be links in your theme, for example if you are using an older WordPress theme.
You may also like: 9 best WordPress hosts
7. Update some other resources external to WordPress
In order to be consistent in your migration to HTTPS, you must update all external resources deemed useful for your SEO for example. Here are 3 elements to update following your switch to HTTPS:
-
- Update your file
robots.txt: All you have to do is change your sitemap URL to HTTPS instead of HTTP. - Update Google Analytics: Very simple and quick step – Go to the Admin section then property settings and finally select https:// in the appropriate field.
- Update Google Search Console: once on your dashboard, click on the ⚙️ gear and then on ‘Change of address’.
- Update your file
8. SEO advantages of switching your WordPress site to HTTPS
If you follow Google’s recommendations, it’s also easy to choose between HTTP and HTTPS, switching to HTTPS will benefit you no matter what in terms of SEO, trust or security in general. There are also some additional SEO benefits to keep in mind:
-
-
- Improvement of natural referencing:
This is not a major SEO factor but having your domain in HTTPS will help you a little in terms of SEO.
- Improvement of natural referencing:
-
-
-
- Data from referrals:If you check Google Analytics on your HTTP site, traffic going through referral sources may appear as “direct” traffic.
Thanks to an HTTPS site, the security of the referral domain is preserved.
- Data from referrals:If you check Google Analytics on your HTTP site, traffic going through referral sources may appear as “direct” traffic.
-
To improve the natural referencing of your WordPress site, consult this article.
Conclusion
That’s it, you have switched your WordPress site to HTTPSCongratulations.
The most important thing now is to think about all the places your WordPress site appears. If you have other websites linking to your new site, don’t forget to update the links to HTTPS there. Also check your links on your social media profiles (Twitter, YouTube or Facebook).
Now you should see the green padlock in the URL bar on all your pages. In our experience, moving to HTTPS seems much more complicated than it actually is. So, now you have no more excuses to increase the security of your WordPress site?
Check out the other SEO articles to deepen your SEO knowledge even further!