Here at MarcCreighton.co.uk and SocialMediaManager.ie, we recently decided to move our WordPress based site to SSL. Moving WordPress to HTTPS is relatively easy. So how do you move your WordPress site to https?
Moving WordPress to HTTPS – Why you Should do it
What is HTTPS/SSL?
In simple terms, SSL is the process that encrypts the transfer of data from your PC or laptop to the server when you browse a website. It’s easy to spot, in the address bar of your browser you will see ‘https’.
Why do you need SSL?
- Better SEO results – Google announced back in 2014 that they would give more weight to sites that run under https. These they deemed were ‘trusted’. Read the blog post
- Secure transmission of data – As I eluded to before any information transmitted, either transparently or via a contact form, for instance, is protected during transmission.
What do you need to implement SSL?
- A WordPress site that’s not hosted by wordpress.com
- An SSL certificate – These are not more affordable than ever and not usually difficult to install. We buy all our SSL certificates from SSLStore.com.
Moving WordPress to HTTPS
The steps
You will have to have installed your SSL certificate on your hosting first. We won’t be covering those steps here.
- Login to your WordPress admin dashboard
- Navigate to ‘Setting’ > ‘General’
- In here change both the ‘WordPress address URL’ and the ‘site address URL’ to the https address. Remember to match the exact URL in your certificate ‘common name’ field. The common name is usually www.mydomain.com or mydomain.com
- Save the changes.
WordPress HTTPS MixedContent
Mixed content is where some of the content on your page is https, and some are HTTP. Internet Explorer is more brutal than most when it identifies this content, up pops big warnings. You need to fix this. The easiest way to find the offending content is on WhyNoPadlock.com
Redirect HTTP requests to https automatically
When a person comes to your site via http://www.mysite.com, you automatically want to redirect requests to https://www.mysite.com. We need to do this without losing any search engine ‘credit’. Do this by using a ‘301’ redirect.
WordPress HTTPS htaccess
Copy and paste the following code to the .htaccess file on the root of your website between # BEGIN WordPress and # END WordPress.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Now by making these changes, you should be able to see your site on its https address. Is that it then, well no. There are a few ‘gotchas’ along the way.
Gotcha’s
There are some things to trip you up;
- If you use Twitter cards through the ‘Yoast’ plugin these may no longer validate correctly – Solution: Disable, then re-enable Twitter cards through the plugin
- Mixed content – This can be the most frustrating – Solution: See the section above on mixed content
- Cached content – If you use a caching plugin, remember to clear the cache on your site after you have set things up.
With the apparent search engine benefits, this simple way to improve your website should not be forgotten. I would suggest you moving WordPress to HTTPS sooner than later. Let us know how you get on in the comments below.
Leave a Reply