You may have noticed that most websites no longer run on HTTP; the majority have migrated to HTTPS.
One major reason for this exodus is Google’s dislike for HTTP. In July 2018, Google came up with new development – all HTTP websites were marked “not secured”. Any site with such marking will surely discourage visitors. Even worse, they barely show up on search results.
Needless to say, if you are about launching your website, it is best you integrate HTTPS into it. But if your WordPress website is already running on HTTP, you can migrate it to HTTPS quite easily. In this step by step guide, you will learn how.
In this article
- What is HTTPS
- Why should you switch to HTTPS
- Steps to Migrate from HTTP to HTTPS
- SSL Check (how to check if SSL works)
What is HTTPS?
First, HTTP means Hyper Text Transfer Protocol. Think of it as the platform upon which the browser and the web server communicate. The current http version is HTTP/2.
The ‘S’ in HTTPS stands for secured – that’s to say a secured connection. In simpler terms, HTTPS creates a more secure communication channel between the browser and the web server. That way, a web user need not worry about his or her sensitive data being compromised by a hacker.
For a website to have a secured connection, it needs a matching, authentic Secured Socket Layer (SSL) certificate. The most up to date https version is Version 1.2.
Often times, some web owners attempt to game the system. They do this by forcing HTTPS on a website that has no SSL certificate. Whenever you attempt to access such a site, what you would see is this:
That said, let’s have a look at some of the reasons why you need to move to HTTPS
Why Should You Switch to HTTPS?
Installing HTTPS has lots of benefits, and below are some of them
HTTPS Gives Web Users Confidence
In this age of heightened cyber-crime, nothing is as scary as feeding the internet with sensitive personal detail. However, a website that has a secured connection takes this fear away. If your website is such that it demands sensitive personal details from users, SSL (HTTPS) is a must.
HTTPS is a Must for All E-commerce Stores
If you have plans of setting up an e-commerce store – or you already have one – HTTPS is non-negotiable. That way, users will feel safe to provide you with their credit card details.
HTTPS Websites Perform Better, SEO wise
It’s known that Google will naturally push down websites without a secured connection on search pages. So, if you don’t want that to happen, it’s about time you upgraded your site to HTTPS.
HTTPS Sites Load Way Faster than HTTP
Talking about SEO, load time has become a major ranking factor. You cannot afford to be careless about the load time of your website. One sure way of speeding up your site is migrating from HTTP to HTTPS.
If you need further tips on this, please read our WordPress Speed Guide.
Now you’ve seen the benefits a secure connection has to offer, it’s time to get one.
Steps to Migrate from HTTP to HTTPS
1. Get an SSL Certificate
The very first thing you would want to do is to get yourself an SSL certificate. The way to go about this is largely dependent on your budget and the type of hosting account. You can either get for free or paid. The paid version is between $20 and $75 per year. Also, some host providers offer SSL certificate as part of the hosting package, others don’t. It is much easier to get one from your host and have them enable it.
If otherwise, you want to get an SSL certificate for free. Here’s how:
Ever since SSL became mandatory for websites, Let’s Encrypt, a non-profit organization, stepped forward to offer it for free. The good thing about it is that you don’t need to be a techie to get it. You can get it directly from your c-Panel (scroll to the ‘Security’ section and click Let’s Encrypt), provided your host provider is on the list of supported providers. If Let’s Encrypt is not available in your cPanel, you can use SSL For Free as an alternative.
SSL For Free
On the homepage of SSL For Free, put in your website’s URL and click “Create Free SSL Certificate”
Next, select the verification method you are most comfortable with. Verifying proves you are the owner of the website. Automatic verification is the easiest, so select it.
On the next page, provide your FTP username, password, and directory (these are usually your cPanel details. You can ask your host for them). The directory will likely be “/public_html”.
Click download free SSL certificate. Finally, provide the email you want notifications to be sent to. This is important so you get alerted when the SSL needs to be updated.
Note that this certificate will require manual updating every 90 days.
With your SSL certificate in hand, it’s about time it got installed.
2. Install SSL Certificate from Your Host
To avoid all the hassles and headaches that come with installing SSL on your host, reach out to your hosting provider. All you need to do is to provide them with the free SSL you’ve downloaded. They should be able to help you with it.
3. Migrate WordPress to HTTPS
After the SSL Certificate has been installed in your host, the last thing you need to do is modify WordPress so all your link starts with HTTPS. You can do this using a plugin, or manually.
Use a Plugin
As a beginner, it’s recommended you use a plugin for this task. But if you have some coding experience and understand the WordPress environment, you might decide to migrate manually.
The plugin we will be using for this tutorial is Really Simple SSL. As the name suggests, it’s really simple and intuitive to use.
Install and activate the plugin in the “Add New Plugin” area of WordPress.
Upon successful installation and activation, go to Settings >> SSL. Click the “Reload over HTTP” button.
Once you click that, the plugin will force HTTPS on the entire pages in your website. It will also handle mix content errors that may arise due to the migration.
If migrating your WordPress website with a plugin proves difficult, go the manual route. To start with, log into your WordPress Dashboard. Go to Settings >> General. In the “Wordpress Address (URL)” and “Site Address (URL)” area, replace “HTTP” with “HTTPS”.
Click Save Changes and you are all set!
4. Take Care of 301 Redirects
If you went the manual route, it’s important to have a 301 redirect setup properly. With a 301 redirect set up, any visitor that tries accessing your old site (http://yourwebsite.com) will be redirected to the new one (https://yourwebsite.com). That is to say, you have to redirect http to https. This will help you fix the mixed content issue which can hurt your SEO and website rankings.
To do that, connect to your website via FTP. Once a connection has been established, locate the folder containing your WordPress files (usually public_html) and double-click to open it.
In this folder, scroll down and locate the .htaccess files. Right-click, then click “view/edit”
On opening the file, add the following code:
RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R,L]
Replace “mywebsite.com” with the URL of your website. With that done, save and close the file. When prompted to upload the updated file by FileZilla, agree.
Congratulations! You’ve now moved your website from HTTP to HTTPS.
SSL Check (how to check if SSL works)
Now you’ve set up your SSL, it time to check if it’s working. There are two ways to go about that.
Online SSL Checker
Head over to SSL Labs, put in your website’s url and submit.
If it was properly installed, you should see the following screen
Check the top bar of your browser. If you installed SSL properly, you should see a padlock symbol by the top left-hand corner. Also, the url should have “https”
One last important step is to check your website on Google search to be sure your website has changed from http to https. You can do this in Google Search Console. Finally, after a couple of days, check your website traffic in Google Analytics to be sure traffic to your site wasn’t affected by the migration.
If you haven’t done so already, there’s no need to wait to make the switch from HTTP to HTTPs. Doing this will do two things for you:
Prove to Google, and other search engines, you mean business. Remove fear from the heart of visitors – few things are as scary in the online world as visiting a site that is not secure and getting a security warning from your browser.
We hope we managed to help you with moving WordPress from HTTP. This guide has shown you the steps to get HTTPS enabled in your site. Hopefully, you have been able to complete this process and are now greeted with the pleasant green section on your navigation bar that indicates your site is secure. For more WordPress tutorials check our blog.