Learning how to move your website to HTTPS is an of import result. These days, nosotros share sensitive data like credit card and bank information or login credentials dozens of times per twenty-four hour period.

Using the web for shopping gives us many conveniences. Nosotros no longer need to become out to run errands, buy groceries, pay bills or talk to others face to confront. Hell, right before writing this guide, we were trying on glasses online!

However, in that location'due south a flip side. As a website possessor – peculiarly if you lot have an online shop and/or deal with financial or other sensitive information – you have a responsibility to keep information technology safe. One of the most of import steps to practice so is to utilize HTTPS and SSL encryption on your site. That's what we will talk near in this guide.

In this guide, nosotros will first talk about what we hateful by HTTPS and SSL and how it works. Also, we will talk about reasons to add together encryption to your site. And so we will tell y'all where yous can go an SSL document for your site and finally provide you lot with a step-by-step guide on how to move your site to HTTPS.

Set up? Then put on your safety goggles and allow'due south talk some security.

Click here to see 8 steps to move your WordPress to https://

How HTTPS Works – A Brusk Definition

Before diving into how to motion your website to HTTPS, let's first define what we are talking nearly. Even if you don't know exactly what HTTPS and SSL are, you have probably seen them at piece of work before.

HTTPS and SSL are Visible on the Site URLs

These days the URL of nearly big sites (and increasingly also the smaller ones) start with https:// instead of the familiar https://. In fact, if y'all expect into your browser bar while on this very website, you will run into exactly that.

website setup move your website to https example

Next to it, you will besides observe the padlock symbol. This is how modern browsers show that you are on a site that uses SSL encryption. In some cases, they fifty-fifty include the name of the visitor. Both are signs that you are on a site that takes the privacy of its visitors seriously.

What Does That Really Mean?

HTTPS stands for Hypertext Transport Protocol Secure. Its cousin, HTTP (which stands for the same minus the Secure at the terminate), is the communication protocol usually used for facilitating web traffic.

What'due south the difference?

The secure version uses an SSL (Secure Socket Layer) certificate to establish a connectedness betwixt browser and server. That means whatsoever information that is exchanged gets encrypted.

move your website to https how encrpytion works
By Munkhzaya Ganbold (Own work) [CC BY-SA 4.0], via Wikimedia Commons

Encryption is the process of replacing plain text data (like usernames and passwords) with random numbers and letters. That way, they are no longer readable by humans and harder to make sense of if someone intercepts them.

Sounds useful, right? Just do you really need information technology on your site? Permit's go over some skillful reasons to add together HTTPS to your WordPress website.

A quick notation: Technically SSL is not the correct name anymore. In the late 90s, the proper name inverse to TLS (Transport Layer Security) and SSL was actually retired. Nevertheless, its name stuck around.

How  to Move Your WordPress Site to HTTPS (eight Steps)

Alright, at present we are getting to the meat and potatoes of this article: how to move your site from HTTP to HTTPS. We will accept this stride past step to make sure y'all can follow along without a problem. After all – we care about your site'south security equally well!

1. Redundancy Your Website

Whenever making major changes to your site, you should always dorsum information technology up first. That way, in case something goes incorrect (not that we are expecting it) you tin can go back to the working version.

Equally this example is no unlike, bankroll up your website is your outset task. Even better – if you have the possibility, run through the process beneath on a examination server first, not only your live site.

2. Implement Your SSL Document

The offset thing we will do is get ourselves an SSL certificate. How easy or complicated this procedure is, depends largely on your host.

For example, while researching this guide, nosotros found out that our current host does non support Permit's Encrypt and doesn't plan on doing so. Needless to say, we are in the process of switching. Hopefully, your'south is a bit more forwards-thinking, such as the companies on this list.

The optimal scenario is that your host offers an choice to move your site to HTTPS right in the management dashboard. For example, to switch your site to Let's Encrypt in cPanel with Cloudways, you lot can follow these instructions. Find the same steps for Plesk here.

For everyone else, there is Certbot. If yous have administrative shell access on your server, you lot can just select the type of web server and operating system you are using. After that, the site volition tell you how to implement Let's Encrypt on your server.

move your website to https using certbot

If yous get your SSL certificate from a unlike source, follow the instructions of your hosting provider to implement the switch (that's also the reason why turning to them in the first identify is not a bad idea).

Once that is washed, you need to start making the necessary changes to your WordPress website. This is what we will talk about next. If y'all feel that the below is too technical, you tin also give the plugin Really Elementary SSL a try. It takes care of most of the heavy lifting described next.

3. Add HTTPS to the WordPress Admin Area

The first place where you will go to relish the new safe connexion is the WordPress dashboard. By securing the dorsum end kickoff, you brand certain that whenever a user logs in, their data is exchanged deeply.

To exercise so, open up wp-config.php in your WordPress root folder and add the following line somewhere before where information technology says That'due south all, stop editing!.

ascertain('FORCE_SSL_ADMIN', true);

Once you accept updated the file, it's time to exam if it works. For that, try to admission your login page with HTTPS in the URL, for case via https://yoursite.com/wp-admin. If everything worked correctly, you should have a secure connection now. So continue.

4. Update the Site Accost

After moving the WordPress backend over to HTTPS, it's time to do the aforementioned for the residue of your site. You can exercise that by updating your site address nether Settings > Full general.

move your website to https change WordPress settings

Add https:// to the beginning of both the WordPress address and site address. And so update your settings past saving. Exist aware that you might need to log in again subsequently.

5. Change Links in Your Content and Templates

Now it's time to update whatever links in your content and database that include the old HTTP protocol. A plugin like Velvet Dejection or the Search and Supplant script can help with that. However, be conscientious! If handled incorrectly, they can also screw up your site. Skillful thing yous made that backup earlier, right?

If yous have links to external resources and assets in your theme templates and function files with absolute HTTP links, it's of import to correct these, too. Things to consider:

  • Images, videos, audio hosted on your site
  • Web fonts
  • Iframes
  • JavaScript and CSS files or assets referenced within those files
  • Internal links

If possible, modify your links to // instead of https://. They volition so create relative links themselves!

six. Implement 301 Redirects in .htaccess

The next step in moving your site to HTTPS is setting up a redirect that sends visitors automatically over to the secure version. For that, nosotros will employ .htaccess. This is the name of an important system file on your server (usually in the WordPress root directory).

It ordinarily contains settings for using pretty permalinks, then your installation probably already has ane. To find it, brand certain to let your FTP client to show hidden files because.htaccess is invisible by default. If you lot don't accept 1, just create a plain text file, rename information technology to .htaccess and upload it to the WordPress root directory.

After that, add together the post-obit lines to it:

<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [Fifty,R=301] </IfModule>

That'south it. From now on, visitors (including Google bots) should automatically land on the HTTPS version of your WordPress site. Make certain no page is bachelor in both versions. This can atomic number 82 to bug with duplicate content. Non good for SEO.

vii. Test and Go Live

Ok, now that we are washed with the primary steps, it'due south time to examination if everything works correctly. For that, head on over to SSL Examination. Insert your domain proper name and click Submit. This will requite you an overall score of how well you lot implemented SSL on your site and details to find out potential bug in order to prepare them.

After that, crawl your site with a tool like SSL Check. That style, yous tin take hold of any leftover links that you forgot. If everything fine, it's time to become live.

jitbit ssl checkerWell washed! Now you only need to update some peripheries.

8. Update Your Site Environs

If that worked fine, now it's fourth dimension to exercise the concluding few steps to complete the transfer to HTTPS:

  • Update your sitemap — Ideally, your SEO plugin does this automatically. However, it doesn't always work that style. With Yoast SEO you might accept to switch off the plugin once for information technology to update the sitemap. Don't forget to include it in your robots.txt file and update all other hardcoded links you might accept there.
  • Add together site to your webmaster tools — Go to every webmaster tool you are using and add the HTTPS version of your site equally a new property. While you are there, upload the new sitemap. You might also consider doing a fetch and crawl and submit whatsoever disavow files that are already active for the sometime version of your site.
  • Update your CDN — If you are using a content delivery network (one of the means to speed upward your WordPress site), you also need to switch it to SSL. Many of them take that feature built-in and your CDN should have documentation on this. Otherwise, ask their back up to help you.
  • Make the switch in your analytics — If your analytics needs a default URL, make certain to upgrade it with the new prefix. For Google Analytics, you find the choice under Admin > Belongings Settings > Default URL. As well, note downwards when you made the switch to HTTPS to understand traffic changes.
  • Preserve social share counts — If yous show social share counters on your site, you might take to make some changes in order to continue them upwardly to date. Don't forget to update the links to your site in your social profiles! And do the aforementioned in your electronic mail templates.

That's information technology! You take successfully managed to move your website over to HTTPS. Congratulations, that was no pocket-size feat. If everything went fine, all that's left is patting yourself on the back and celebrating. Should yous encounter problems, we have some troubleshooting tips up next.

Why Should You Move Your Website to HTTPS?

Currently, but 57 million of all websites utilise SSL. Consequently, information technology doesn't seem like applied science is essential to run a successful web presence. Notwithstanding, there are nevertheless convincing reasons to become part of the minority.

1. Your Site Handles Sensitive Data

Beginning of all, if you have an online shop that handles credit card data or similarly sensitive data, moving your site to HTTPS is an absolute must. Clients want to trust your site and they should exist able to. Information technology is your responsibility to make that happen.

For instance, if someone uses a public wifi spot to access an unsecured site, others are able to steal their payment details. If they use that information to steal from your client, how likely do you think that person is to come back to your site? Not very.

Without HTTPS it is too possible to alter the data your visitors receive. That way, a tertiary party could add together ads, malware, or other things you definitely don't want others to encounter on your web presence.

Nonetheless, even if you lot "just" deal with normal login information, it'southward not a bad idea to offer an actress layer of security and keep it condom. Your users volition certainly capeesh it.

two. HTTPS is a Sign of Trustworthiness and Actuality

Speaking of visitors: because of the general push for HTTPS adaptation on the web, encryption has get something that consumers increasingly expect.

Why practice they intendance? Considering the little padlock doesn't simply mean that their traffic is protected only also that the website is authentic and who information technology claims to be, not some fake.

So, if they have the pick between your site without HTTPS and a competitor who has implemented it, chances are skilful they will make up one's mind against you. Specially since major browsers (Chrome, Firefox) now marker sites, which have forms on pages without HTTPS, every bit insecure.

In the futurity, they might generally warn you of whatsoever site that doesn't have encryption in place. And y'all actually don't want to exist among those.

iii. Benefits for SEO

Not but practice consumers wait y'all to make the move over to HTTPS, merely search engines also do. Google officially announced in 2014 that having an SSL certificate in place is now a ranking factor. What's more – while weak at the moment, the importance of HTTPS will increase over time.

In add-on to that, referral data from HTTPS to HTTP is blocked in Google Analytics. So, if you take a website running on the sometime protocol and get a lot of referrals from sites running on HTTPS, you won't encounter information technology correctly in your web analytics. That way, you might not be aware of platforms that send you lots of traffic and lose out on amplifying your marketing channels.

four. Faster Loading Times

Staying on the topic of SEO, HTTPS is also significantly faster. Don't believe us? Try information technology here (apply a individual window to prevent paradigm caching). When we ran the test, HTTP was 144% slower than HTTPS!

http vs https speed comparison

Pretty bad, right? Especially since folio loading speed is too a ranking factor.

Not only that only visitors care nigh it. In fact, a large chunk will get out your site if it doesn't load inside iii seconds. For that and other reasons, bank check out our guide on how to speed upwards WordPress.

HTTPS Troubleshooting Tips

Unfortunately, moving your site to HTTPS is non all sunshine and rainbows. Some stuff might come that needs dealing with.

Mixed Content Warnings

The virtually mutual problems that arise after you move your website to HTTPS are mixed content warnings. This happens when the browser finds non-secure links on an otherwise secure page. This is usually a matter of updating links to jQuery libraries, custom fonts, or similar to their HTTPS version.

You should usually take care of this while scanning your site before publishing it. However, if you lot find a alarm like this, make sure to check what is causing it.

Aside from the same tools, you can also use Why No Padlock? for single pages. Then, correct any is the consequence.

Decreased Search Rankings

Making the switch from HTTP to HTTPS can influence your rankings negatively. What?! Didn't we say before that this is good for SEO? Why would your rankings go down then?

Earlier you become back and kick HTTPS to the curb, hear us out get-go. If your SEO is affected negatively, this is usually only temporary.

You lot see, Google treats https:// and https:// URLs as two different entities. Fifty-fifty if you fix up 301 redirects (as nosotros have done above), those only transfer 90-99% of the link juice. That's why your rankings might go down in the beginning.

However, later on the initial dip, they should really increase over time. As mentioned, Google considers the utilise of SSL a positive ranking factor, and so if you move your website to HTTPS, you actually make it more than attractive in their optics. This volition benefit y'all in the long run.

In a Nutshell…

Keeping your site and its traffic secure is one of the near important problems for any website owner. Knowing they tin trust y'all with their sensitive data matters to consumers. In times of increased data theft, that is a huge asset and HTTPS and SSL are the tools to achieve information technology.

Besides signaling trustworthiness to consumers, when you motility your website to HTTPS information technology also lets you benefit from increased speed and improve SEO. Plus, with a costless service like Let's Encrypt, the cost is no longer a deterrent.

Higher up, yous have learned how to obtain a free SSL certificate and implement information technology on your WordPress website. We have gone through the necessary steps to movement your entire site over to HTTP's secure cousin and also talked nigh other considerations to take into account when making the switch.

If you take followed along, you are at present able to add together HTTPS and SSL to your WordPress website. Know that this is a dandy investment for the future and where the spider web is moving. Your visitors, users, and your site will thank you.