Moving Your WordPress Website from HTTP to HTTPS: A Comprehensive Guide


The HyperText Transfer Protocol Secure or HTTPS is an extension of HTTP which enables secure communication over a network or the internet. Google had announced that from July 2018, Chrome would display a ‘not secure’ label in the address bar for websites with HTTP domains. Therefore, many site owners started transitioning their sites to HTTPS. Today, we are going to offer a guide to help you move your WordPress site from HTTP to HTTPS.

  1. Create a Backup of your website

As a rule, before making any major changes to your website, it is important to create its backup. This ensures that in case of any disaster, you always have a running version of your site to fall back on. You can install backup plugins and store the file on the cloud or on your local computer.

2. SSL Certificate Implementation

In order to move your site to HTTPS, you need an SSL Certificate. It is a digital certificate issued for a domain by the certifying authority. After purchasing the SSL certificate, you are required to go through a verification process.

Ensure that you use the best WordPress Hosting services which allow you to purchase and install an SSL certificate or offer it as a part of the hosting plan. WordPress Hosting plans also resolve some known WordPress issues efficiently.

3. Make Changes to the WordPress Admin Area

In order to ensure a safe connection, it is important to secure the back end of your WordPress website. This can be done by making a small change as shown below:

  • Open the wp-config.php file in your WordPress root folder.
  • Scroll to the end of the file and find the phrase – ‘That’s all, stop editing’.
  • Just above the phrase type the following line: define(‘FORCE_SSL_ADMIN’, true);
  • Close the wp-config.php file

Now, open a new browser window and try to access your login page by replacing HTTP with HTTPS. So, if your login page was, then try accessing the same page by typing in the address bar. If everything works fine, then you should be able to access the page over a secured connection.

4. Change the Site Address

Now that the back end of your website is secured, it’s time to make changes to the site address under Settings-General.

All you have to do is add https:// at the beginning of both, the WordPress address and the Site address, save, and close.

5. Changes in Templates and Content

Next, ensure that you make changes to all links and/or templates in your database and content which have the HTTP protocol. You can use plugins like Search and Replace script, Velvet Blues, etc. to make these changes. Further, in case of any links to external resources and assets in the function files and theme templates with HTTP links, ensure that you make necessary changes. Consider checking media files (images, videos, audio files, etc.), web fonts, CSS files or JavaScript or assets referenced in those files, internal links, etc.

6. 301 Redirects Implementation

After making all these changes, it is important to set up a redirect which automatically sends site visitors to the HTTPS version. This can be done by using the .htaccess file. You can access this file using an FTP client (it is a hidden file by default) and add the following lines to it:

  1. <IfModule mod_rewrite.c>
  2. RewriteEngine On
  3. RewriteCond %{HTTPS} off
  4. RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  5. </IfModule>

Once you add these lines, visitors will automatically be redirected to the HTTPS version of your WP site.

The final steps

  • Test if everything works fine
  • Use a tool like SSL Crawl to find any leftover links
  • Update the sitemap
  • Add the HTTPS version to the webmaster tools
  • Make changes to the Content Delivery Network (if any)
  • Update the URL in any analytics software used by you

We hope that this article can help you move your website to HTTPS with ease. If you have any comments or suggestions, please feel free to mention them in the comments below.

You may also like


Comments are closed.

More in Business