How to change HTTP to HTTPS WordPress – Step by Step guides

Last Updated On: May 28th, 2022 By Assad - Leave a Comment

If you want to convert your WordPress website from HTTP to HTTPS, we hope this article will be very helpful for you. We want your website to be well optimized for search engines. HTTPS is essential for all search engines; especially you may know that Google has announced that the Chrome browser will consider websites insecure without an SSL certificate.

Table of Contents

What are HTTP and HTTPS?

HTTP stands for Hypertext Transfer Protocol. The HTTP protocol is what the World Wide Web is founded on. This protocol defines how messages are formatted and transmitted and what actions Web servers and Web browsers should take in response to various commands.

HTTPS stands for Hypertext Transfer Protocol Secure. HTTPS is a secure communications protocol that is commonly used on the Internet. It is used to protect the privacy and security of communications between users and websites. It is used to encrypt communications between a web browser and a web server.

HTTPS is a protocol that provides privacy, security, and integrity for web communications. HTTPS encrypts web communications to prevent eavesdropping, tampering, and message forgery. HTTPS is important because it protects against man-in-the-middle attacks, which can be used to intercept web communications and view or modify the data being exchanged. HTTPS also provides authentication, which helps to ensure that users are communicating with the intended website and not a malicious imposter.

Why do you need HTTPS and SSL?

Google has announced a plan to improve overall web security by encouraging website owners to switch from HTTP to HTTPS. As part of this plan, Google’s popular Chrome web browser will begin displaying warnings when users attempt to access HTTP sites. It would mark all websites without an SSL certificate as “Not Secure” starting July 2018. This change is designed to help make the web more secure by encouraging website owners to adopt HTTPS encryption.

If you want your website to rank highly on Google, you should consider using SSL. It will improve your SEO, but it will also give your website visitors a sense of security.

The “Not Secure” warning from Google Chrome can give your business a bad impression on customers. When customers or readers see the notice, it could make them think twice about using your website or business. This is the best way to combat this by ensuring your website is secure with an HTTPS connection. If you have a website that is not secure, Google will eventually start to mark it as Not Secure. This will happen in both the incognito window and the regular window of Google Chrome. If someone visits a website that is not secure and tries to fill out a form, they will see the Not Secure notice. It is essential to ensure your website is safe to avoid negative impressions with customers.

What you need for using HTTPS/SSL on a WordPress Site?

You don’t need to meet very high requirements to use SSL in WordPress. Just buy an SSL certificate, which you might already have for free.

Many WordPress hosting companies are offering free SSL certificates to their users. Some best WordPress hosting companies:

Bluehost
SiteGround
WPEngine
Liquid Web
Dreamhost
InMotion Hosting
GreenGeeks

Setting up WordPress to Use SSL and HTTPS

You’ll need to configure WordPress to use SSL and HTTPS protocols on your website after you’ve enabled SSL on your domain name.

We’ll show you two options for doing so, and you may pick the one that best suits your needs.

Options 1: Setup SSL/HTTPS in WordPress Using a Plugin

This is an easier option for beginners.

Step -1: Login to your WordPress dashboard.

Step -2: Click on Plugins.

Step -3: Click on the "Add New" button at the top of your screen.

Step -4: Type "Really Simple SSL" in the search box.

Step -5: Click Install now.

Step -6: Click on "Activate".

All Done! Open your site in your browser and check if you can see the protected padlock or not. Note: If you receive an error message that says SSL was not detected, please make sure that SSL is properly enabled for your domain.

Option 2: Setup SSL/HTTPS in WordPress Manually

For this option, you need to take the following steps. If this is difficult for you, then you can hire a WordPress developer.

Step - 1: Backup Your Website

First, you need to get a backup of your WordPress website and database. Because if there is any problem, you can restore the website from a backup. Even better if You can also perform these tasks on the test server first.

Step - 2: Implement Your SSL Certificate

Currently, most hosting providers provide free SSL certificates. We can easily find out if SSL Certificate is active for your domain from cPanel. Click on “SSL/TLS Status” in cPanel’s Security section to view the SSL status of your domain.

If the SSL certificate for your domain is active, you will see a green lock sign, and you can go through the next steps.

If the SSL certificate for your domain is not active, you will see a red circular cross sign.

Don’t worry; in this case, you can activate the SSL certificate yourself.
Check the checkbox next to the domain whose SSL certificate you want to activate, and then click on the “Run AutoSSL” button at the top of the screen. Wait for some moment; the SSL certificate will be activated automatically.

Step - 3: Update the wp-config file

You must configure SSL in the wp-config.php file if you want to force SSL and HTTPS on your WordPress admin area or login pages. You can see the wp-config.php file in the root directory of your WordPress website. Simply open the wp-config.php file and add the following code above the “That’s all, stop editing!” line:


define('FORCE_SSL_ADMIN', true);

After updating the file, you need to check if HTTPS is working or not. For this, try to access your WordPress website login page with HTTPS. For example, the login URL will be like this https://yoursite.com/wp-admin. If all goes well, then this allows WordPress to force SSL / HTTPS in the WordPress admin area.

Step - 4: Update the Site Address

After moving the WordPress backend URL to HTTPS, you need to move all frontend URLs to HTTPS. For this, you need to log in WordPress dashboard, Then click on Settings > General.

Add https:// at the beginning of both the WordPress address and site address. Then click on the “Save Changes” button to update it.

Step - 5: Update .htaccess file

Now we need to implement 301 Redirects in .htaccess so that visitors can go to the secure version of your website automatically. This means that if anyone wants to browse the HTTP version of your website, they will automatically switch to the HTTPS version.

The .htaccess file is in the root directory of your website. It usually contains some codes for some settings, so your site probably already has one. Since .htaccess is hidden by default, you’ll need to allow your FTP client to reveal hidden files to discover it. If you don’t have it, just create a plain text file, rename it to .htaccess and upload it to the WordPress root directory.

Then open the .htaccess file and put the following codes.

<IfModule mod_rewrite.c>

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]   

</IfModule>

One thing to keep in mind is that it is better to put the above code at the top of the .htaccess file. Otherwise, problems may arise in some cases.

Step - 6: Update Your Site Environment - Extra care

There are Facebook advertisements, Google ads, Image posts and a few others in Ad Copy. It’s useful for not only writing copy for you, but also for coming up with punch lines that you can expand on.

Update sitemap — Usually, most SEO plugin does this automatically. With Yoast SEO plugin, you can update the sitemap.

Add site to Google Search Console — Go to Google Search Console and add the HTTPS version of your site as a new property. On Google Search Console, add the new sitemap. You can do many things here about your site’s health.
Update CDN — If you are using a CDN ( content delivery network) to speed up your WordPress site, You should also change it to SSL. Most of the CDN have that feature built-in, and they have documentation on this.
Make Changes in your analytics — If your analytics uses HTTP as the default URL, make sure to change it with HTTPS. In Google Analytics, you can find this option under Admin > Property Settings > Default URL.

Keep track of social media shares — If you have social shares on your website, you may need to make some changes to keep their current site address with HTTPS. Don’t forget to change your site link in social profiles! Make the same changes to your email templates.

Congratulations!!! You’ve successfully upgraded your website to a secure version. You can remind us if you have any problem in this regard. We can help you with useful troubleshooting tips and tricks.