HTTPS (Hypertext transfer protocol secure) is the secure, encrypted version of sending data between a website and a web browser. An SLL Certificate (Secure Socket Layer) is used to establish the encrypted connection. HTTPS is really important for transmitting sensitive data such as banking details and is why we always look for the padlock symbol on ecommerce sites which tells us a site is secure.
Even if you are not sending sensitive data having a SSL certificate can be important. Websites such as Google Chrome will mark a site not using HTTPS as in secure and this can effect your search rankings.
So how do we switch from HTTP to HTTPS? It’s easy with these steps:
1.Back-up your website
Always back up your site before doing any major changes. Even the simplest thing can go wrong and having a back up will safe hours of headache.
2. Implement your SSL certificate
Log into your host and activate your SSL certificate. There are a number of different types of SSL certificates available so check out which is most appropriate for you site. Typically there are WildCard and EV premium SSL certificates and Let’s Encrypt provides free SSL certificates. At the very least use a Let’s Encrypt SSL certificates.
3. Update the site address and WordPress address
Log into your site and navigate to: Settings > General and update the address to include https://
4. Add https to the WordPress Admin Area
If you want to force HTTPS on your WordPress admin area add the following code above the “That’s all, stop editing!” line in your wp-config.php file:
define('FORCE_SSL_ADMIN', true);5. Change links in your content and template files
Go through your site pages and posts and update any links in your content and database that include the old http to https. This is really important. If you use HTTP over HTTPS you will get “mixed content” errors. This happens because the html is loaded over a secure connection but images or other assets are loaded via an insecure HTTP connection. Mixed content errors will effect security and could effect your search rankings negatively.
You should also check resources and assets in your theme templates and function files for absolute HTTP links and update these to HTTPS as well. These will include images, videos, fonts, JS and CSS files stored in your theme folders.
6. Setup 301 redirects in .htaccess
Next we need to add a 301 redirect which will automatically send visitors to the secure version of the site. This is done by adding some code to our htaccess file which is in the WordPress root directory. To access your htaccess file you need to use ftp or your website’s cpannel. If you can’t see it you may need to select ‘show hidden files’.
# Redirect http to https and force SSL
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
7. Update Google Search Console
Head over to Google search console and add a new property for HTTPS. Google sees HTTP and HTTPS as different domains so it’s important to set this up.
8. Update your sitemap
Next we need to update and resubmit our XML sitemap. This will make it easier and quicker for search engines to crawl the site and understand the new format.
9. Update analytics
And of course, let’s not forget Google analytics. Log into your Google analytics account and under Admin > Property Settings > Default URL select HTTPS.
10. Test
Test, test test
SSL Check is a great free tool that crawls your site looking for non-secure elements.