How to move your website to HTTPS

In this post, I am going to show you how to move your website to HTTPS if you have a WordPress Website

Not sure if your website is on HTTPS?

You can check this by looking at your website address (URL)  in your browser. You can see in the screenshot below my website in Chrome with a lock and Secure with https://

 

Screenshot of URL in browser showing HTTPS

Showing an HTTPS secure address

This website is not secure with an SSL certificate.

Showing an “i” rather than a lock secure (the domain name obscured by me)

When you click on the “i”, the dropdown shows the following information ” Your connection to this site is not secure” with an additional warning that you should not enter any sensitive information on this site.

 

When you click the information icon, a message appears warning website users.

Why you should move your website HTTPS

Google is now adding additional messages to alert readers to websites that have not moved to HTTPS. This not secure message will appear on pages that have forms as well as pages with search bars. I also see this warning in some search results.

These warnings will reduce your traffic as well as your conversion rates. SSL is not just about WordPress Website Security.

Emily Schechter, Chrome Security Team writes:

In January, we began our quest to improve how Chrome communicates the connection security of HTTP pages. Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.  Source : https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html

Because Google plans to show the “Not secure” warning for all HTTP pages, including in search results, now is the time to move to your website to HTTPS.

Did you know HTTPS is a ranking factor for your Search Engine Optimisation? Want to learn more about SEO, you might like my article: The importance of being clear for Search Engine Optimisation.

How to move your website to HTTPS

Summary

  1. Do some research about your SSL certificate options with your current WordPress hosting company.
  2. Purchase an SSL Certificate or select the Let’s Encrypt option
  3. Back up your current website.
  4. Update the URLs in the General settings of WordPress to https://yourdomain.co.nz
  5. Search for https://yourdomain.co.nz and replace with https://yourdomain.co.nz in your database
  6. Check the site

(Note: if  you have a CDN there will be additional steps not covered in this tutorial)

Detailed Instructions

  1. Do some research about your SSL certificate options with your current hosting company.

Check with your hosting company regarding what HTTPS certificates they offer. WP Engine and Siteground both provide the free and easily installed Let’s Encrypt SSL certificate. The Let’s Encrypt SSL certificate lasts for 60 days. Most hosting companies offering the installation of Let’s Encrypt also provide automatic renewal functionality.

If your hosting company does not offer an easily installed version of Let’s Encrypt, I recommend purchasing an SSL certificate from the range they offer unless you are reasonably technically proficient. There are instructions showing how to install a certificate available online. Have a read and see if this is something you want to attempt, eg https://cheapsslsecurity.com/support/howto-install-SSL-certificate.html.

  1. Purchase an SSL Certificate or select the Let’s Encrypt option

Hosting companies vary in their procedure, but in general, you will need to either purchase a certificate or click the install button on the CPanel or user interface. Read your hosting companies documentation for details. Once the SSL certificate is installed on your server, you can proceed with the next steps.

  1. Back up your current website.

Take a full backup of your website before you begin the following changes. Then if something goes really wrong, you can restore the saved version of your website.

  1. Make the following necessary  changes to your WordPress websites: Firstly update the URLs in the General settings of WordPress to https://yourdomain.co.nz

In the dashboard, navigate to the General Setting and edit the WordPress URL and the Site URL and save. You will need to log in again.

Screenshot of general setting in WordPress with arrow pointing to URL to edit to HTTPS

Update the URL of your website to httpS://yourdomain.co.nz

  1. Search for https://yourdomain.co.nz and replace with https://yourdomain.co.nz in your database

Then install the WP-Migrate Plugin or similar and use the find and replace function to replace all occurrences of https://yourdomain.co.nz and with https://yourdomain.co.nz.

Screenshot showing Find and Replace for moving your website to HTTPS

 

Instructions for Search and Replace with the Better Search Replace Plugin

  1. Check if the website is now secure.

I suggest checking the website on Firefox. Does it have a green lock on every page? Click the more information to see more details of the page if it does not. You may find there are some links within the website that you will need to edit further.

Screenshot of the page information on Firefox

You will also need to edit your .htaccess file. Take a copy first, so that you can restore the unedited version if necessary.

Add the following before the #Begin WordPress, editing the domain name to match your website

# BEGIN SSL/HTTPS
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.co.nz.com/$1 [R=301,L]
# END SSL/HTTPS

Check the website using an SSL Checker: https://www.sslshopper.com/ssl-checker.html


Need help to move your WordPress Website to SSL? Contact me.

Read More

 

Leave a Reply

Your email address will not be published.