Move WordPress Website from HTTP to HTTPS \ SSL | Guide

728x90-50OffCoupon

Google recently announced on webmasters blog that ” We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.” Many of us especially bloggers using WordPress are still on HTTP protocol so how can you switch to https quickly?

Here are steps that how we have done our WordPress blog to switch to https protocol

Disclaimer : Make sure you have backed up everything in a secure location before proceeding below as a precaution and we not responsible for the errors

The very first thing you need is a valid certificate and there are few vendors namely

  • Comodo
    • PositiveSSL ( issue time – instant )
  • RapidSSL
  • Geotrust
  • Godaddy
  • Geotrust EV
  • Thawte
  • Symantec

Type

  • Domain Validation
  • Business Validation
  • Extended Validation (EV gives green address bar in addition to pad lock)
  • Wildcard
  • SGC SSL
  • Code Signing
  • SAN/UCC

Out of these the cheapest one is Comodo positive SSL and you can find it to be least expensive price with Cheap SSL Shop (Comodo Positive SSL at $7/Year with 2 years validity). If you want to test drive secure protocol on one of your test website, positive secure socket protocol from comodo is even available for free for a period 3 months after which you can renew it.

Next step is purchase of dedicated ip

Hey wait!, since most of the hosting providers now supports SNI ( Server Name Indication) with recent cpanel update make sure you ask this by contacting to you hosting provider. If they say that they support SNI you can save $2/month, else you need to purchase one. In our case our hosting supported SNI.

So I am hoping that you purchased Comodo Positive SSL from Cheap SSL Shop and next step is the installation. Since all our websites are hosted on managed WordPress hosting all we have done is sent the zip package file and private keys that we received in mail after the email address validation. If you are not with managed WordPress hosting here is full guide link for activation or installation in cPanel – Designmodo‌ ( http://designmodo.com/wordpress-https/ )

Before doing the step below make sure you try your domain with https://www.yourdomain.com in Firefox (recommend) or any other browser

If you see your website only then read below

Next is switching, the simplest and easy way is from the WordPress Admin panel

Proceed like Settings > General add ‘s’ after ‘t’ and hit “Save Changes” button see picture below for clarification

Admin url change

Setting secure url

But still your content will be accessible from http URL which causes duplicate content problem

Soultion is by 301 permanent redirecting your old url http >> https

To achieve this we made use of htaccess file, just copy and paste codes.

For Yoast SEO plugin you can access it from SEO> Edit Files

Apache and LiteSpeed hosting

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Rewrite engine rules

Just place as shown here and hit save changes button

Rare case
If your shared hosting is powered by NGINX

server {
 listen 80;
 server_name yourdomain.com www.yourdomain.com;
 return 301 https://www.yourdomain.com$request_uri;
 }

Replace items written in red color yourdomain.com www.yourdomain.com https://www.yourdomain.com with your actual domain name.

Now test your website (testing any of your pages or post is recommended ), type your domain name of that page with http:// make sure that it’s redirecting.

Now check if your server headers are working correctly by visiting websites like urivalet

Still your internal links are pointing to the one without ‘s’ and you have got more than 200 pages and manual editing of these pages takes a lot of time. So make we made use of a plugin named Search Regex which is available for free. Add this plugin and activate it

Navigate Tools> Search Regex

Now enter your url in Search pattern and hit search button, which will show all the internal links.

Linking

Listing all internal links in the post

Now enter your SSL version like shown below and hit replace.

Replacement of old URL

All URL replaced with a single click

Yeah now you have replaced all your internal links in less than a minute. Turn the plugin off as the mission of replacement is successful.

Again test your website to check if its displayed properly

Oops mixed content problems (because of gallery pictures and automatic featured image) will give a bad user experience.

Mixed images

Mixed content problem

In Internet Explorer you will see a cross on padlock or no pad lock at all

Mozilla Firefox also shows it other way as shown below

Icon

Missing lock icon

Chrome or Opera

Errors

Chrome or Opera error

To avoid these issues we will be making use of another plugin named WordPress HTTPS (SSL), even though it hasn’t updated for years it worked like a charm without causing any conflicts or issues.

Activate the plugin and set it up like the one shown below.

plugin configuration

Simple setup

Retested all the pages of androidappreview.info for which switching was carried out and seems to work fine. But don’t deactivate this plugin.

Here are the results of same page that we received errors earlier

Tests

Test in Firefox and Chrome or Opera

Don’t forget to check out your grade with Qualys in our case it was B because of RC4 cipher as you can see in the image below.

Grade

Grade B

Is there is any simple way to improve the grade to A ?

Yes, all you need is switch to CloudFlare and select your domain. Navigate to CloudFlare settings > Settings overview. Scroll down and choose strict option from the drop down menu. See the picture below

strict optionAfter switching to CloudFlare

Grade

Grade A

Next you will be thinking about speed?

Yes adding SSL will slow down your website a little which won’t be a problem.

Here here are few ways with which you can speed up

  • CloudFlare supports OCSP and SDPY is automatically enabled if the visitor tries to visit from new internet browsers.

Alternative way

  • By making sure your hosting provider support SDPY, OCSP stapling or you can switch to one that supports. So the cheapest hosting providers with all these is WPHostingSpot if you find any other providers drop it in comments.

Update WPHostingSpot no more offers shared hosting plans so we did a extensive search to find out an alternative hosting provider that gives you a piece of mind for the amount you pay and we find that RoseHostingwith pure SSD disks seems to be pretty good as they are in this field for more than 14 years and in VPS field they have experience more than 16 years.

Some features that we found better than others

  • Free dedicated ip, quite necessary for ecommerce websites even if you hosting server supports SNI as explained earlier in this article.
  • Rather than offering 99.9% or 99.99% they offer you 100% uptime
  • Unconditional money back guarantee of 7 days. Don’t believe it just read this thread on WHT with no valid reason they credited full amount back to the client because of their money back policy.
  • In addition they also offer free weekly backup.
  • Free managed support via live chat and email ticket system
  • Choose between Direct Admin or cPanel as your control panel

Are there any promo any promo available now?

  • Yes for VPS, choose any plan and you can upgrade to higher one with the cost of lower plan.
  • You can also remove social media plugins and use an alternate method explained here

Last step

Many are confused whether you should again submit your url or not in Google webmaster tool ?

Garry illeans told in G+

If your site supports HTTPS, please do tell us: use HTTPS URLs everywhere so search engines can see them!

  • No more doubts you should submit it as you can see in the image below.
Submission

Submission

Select “Add a site”, a new tab will be opened and enter your it like one shown below and verify it ( verification code was similar to our non SSL version)

GWT

New version

So what about Sitemap ?

  • Yes you need to submit that too.
Sitemap

Sitemap submission

If you have done switching correctly as said in this article you can see your insecure website goes down and secure comes up in GTW. Here is what we saw after androidappreview.info is switched.

Switching

What we saw after the switch

Note : You should wait some time to see the results.

Faq

Can you tell me your test website, certificate type etc in this test ?

  • Test site : androidappreview.info
  • Server type : LiteSpeed
  • Certificate : Comodo Positive SSL ( type – domain validation )
  • Theme : Nexus magazine theme, Developer : Elegant themes
  • CDN : CloudFlare

Do I loose social media share count?

  • Yes, but may reappears after certain time for some networks.

Will the feeds work fine ?

  • Yes, FeedBurner works fine and we are attaching the image of the email subscription that we received.
FeedBurner

FeedBurner email subscription test

What about multi site?

  • We never tested it on multi site.

Why big websites are still using insecure protocol?

  • We think it’s because of technical difficulties.

What about your earnings from ads?

  • For time being we think it will go down if you are using adsense but in future it may change.

What about SERP website and keyword position?

  • It’s only a month after the switch, we will give an update after few months regarding this.

What if you are using CDN?

  • In most cases many of us are using CloudFlare and MaxCDN, these two are supported.

What if you get infinite redirection loop problem?

  • Check you are using the correct htaccess code also check your plugins especially Woocommerce and W3Total Cache. Turn off every plugin and activate one by one.

Is there any tool to find out what components are causing mixed content problem?

Why you are not seeing the lock in opera mini mobile browser any OS ?

  • Just turn off the Cloudflare by switching the name servers back to your hosting by logging into your domain registrar ( Godaddy, crazy domain etc) administration panel ( check the below with pictures ). Also note that by turning it off your grade will bounce back to B.
PadLock

With CF

Locks

No CF

Is there any trick to get SSL / HTTPS certificate for free without browser showing a warning message ?

Yes there is one tricky way, but you will get mixed content problem!!

There are more chances that you may break your website with the one below, but you can try it and revert back if something went wrong.

Note : Just note down your theme name it may be helpful if something goes wrong.

  • Switch back the name servers to Cloudflare one
  • Select Flexible SSL
  • Head to Page rules section, add a rule which will act as 301 permanent redirect.
*yourdomain.com*
  • Always use HTTPS – On
Rule

Select Page Rule

Rules pictures

Adding Rules

  • Select Add Rule, done

Wait for 15 minutes to get the certificate.

Try to visit your website from the new secure URL. If you are able to get the web page, now use force plugin as said earlier and regex one for replacing internal links. Don’t turn off the force plugin, this will be very very bad!!

But don’t ever go to Settings >> General and add the secure url. It will break your website and show a blank white page.

If you have broken your website you can either restore it from the backup or just login to your cPanel select file manager and add few lines of code given below to functions.php of your theme and try to reload website it will be up.

update_option('siteurl','http://www.newdomain.com');
update_option('home','http://www.newdomain.com');

http://www.newdomain.com replace it with your domain name

If you see your website is up just remove those added codes it is no more needed.

Website is up but still forcing to secure page ?

  • Login to your cPanel and select file manager. Change the name of the plugin (will deactivate the plugin) that’s always conflicting.

Hope you all now know how to move your WordPress to https or SSL.

You Might Also Like

2 Comments

  1. 1

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>