Move WordPress from HTTP to HTTPS

Table of Contents

Are you looking to migrate your WordPress site from HTTP to HTTPS and install an SSL certificate?

In this article, we will show you how to properly move WordPress from HTTP to HTTPS by adding an SSL certificate.

What is HTTPS?

HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.

We share our personal information with different websites daily, whether we’re making a purchase or simply logging in. To protect the data transfer, a secure connection needs to be created.

That’s when SSL and HTTPS come in.

Each site is issued a unique SSL certificate for identification purposes. If a server pretends to be on HTTPS and its certificate doesn’t match, most modern browsers will warn the user to avoid connecting to the website.

That’s when SSL and HTTPS come in

Now you are probably wondering why I need to move my WordPress site from HTTP to HTTPS, especially if it’s a simple blog or small business website that doesn’t collect payments.

Why is it Essential to Use HTTPS and SSL?

A few years ago, Google announced a plan to improve web security by encouraging website owners to switch from HTTP to HTTPS. As part of this plan, their popular Chrome web browser would mark all websites without an SSL certificate as “Not Secure” starting July 2018.

Why is it Essential to Use HTTPS and SSL

As part of the announcement, Google also said that websites with SSL will also see SEO benefits and higher rankings. Since then, many websites have switched from HTTP to HTTPS.

Google has been slowly rolling out Chrome’s “Not Secure” warning. For example, if someone visits an HTTP website using an incognito window, it will be marked as Not Secure. If someone visits an HTTP website in regular mode and tries to fill out a contact form or another form, the website will be marked as insecure.

When your readers and customers see this notice, it gives them a bad impression of your business. This is why all websites must move from HTTP to HTTPS and install SSL immediately. Not to mention, you need SSL if you want to accept payments online on your eCommerce website.

Most payment companies, such as Stripe, PayPal Pro, Authorize.net, etc., require a secure connection before accepting payments.

Requirements for using HTTPS/SSL on a WordPress Site

The requirements for using SSL in WordPress are not very high. All you need to do is purchase an SSL certificate, which you might already have for free.

The best WordPress hosting companies are offering free SSL certificates for all their users:

  • WPEngine
  • Hostinger
  • Bluehost
  • SiteGround
  • Liquid Web
  • Dreamhost
  • InMotion Hosting
  • GreenGeeks

If your hosting company does not offer a free SSL certificate, you’ll need to purchase one.

We recommend ssls.com because it offers the best SSL deal for regular and wildcard SSL certificates.

Once you have purchased an SSL certificate, you must ask your hosting provider to install it.

Setting up WordPress to Use SSL and HTTPs

After enabling an SSL certificate on your domain name, you must set up WordPress to use SSL and HTTPS protocols on your website.

We will show you two methods to do that, and you can choose one that best fits your need.

This method requires you to troubleshoot issues manually and edit WordPress files. However, it is a permanent and more performance-optimized solution, and we’re using it on our website.

If you find this method difficult, then you can hire a WordPress developer or use the first method instead.

First, visit the Settings > General page. From here, update your WordPress and site URL address fields by replacing HTTP with HTTPS.

Don’t forget to click on the Save changes button to store your new settings.

Once the settings are saved, WordPress will log you out, and you will be asked to re-login.

Next, you must set up WordPress redirects from HTTP to HTTPS by adding the following code to your .htaccess file if your server is an Apache server.

<IfModule mod_rewrite.c>
RewriteEngine On  
RewriteCond %{HTTPS} off  
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

If you are on a Nginx server, then you would need to add the following code to redirect from HTTP to HTTPS in your configuration file:

server {
  listen 80;
  server_name example.com www.example.com;
  return 301 https://example.com$request_uri;
}

Don’t forget to replace example.com with your own domain name.

By following these steps, you will avoid the WordPress HTTPS not working error. WordPress will now load your entire website using HTTPS.

If you want to force SSL and HTTPS on your WordPress admin area or login pages, configure SSL in the wp-config.php file.

Simply add the following code above the “That’s all, stop editing!” line in your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

This line allows WordPress to force SSL / HTTPs in the WordPress admin area. It also works on WordPress multisite networks.

Once you do this, your website is fully set up to use SSL / HTTPS, but you will still encounter mixed content errors.

Tagged: