Are you seeking to upgrade your WordPress site from HTTP to HTTPS and add an SSL certificate?
We’ve been getting a lot of questions about this since Google announced that starting in July 2018, the Chrome browser will flag any websites without SSL as insecure.
We’ll teach you how to correctly migrate WordPress from HTTP to HTTPS by using an SSL certificate in this article.
What is HTTPS?
HTTPS (Secure HTTP) is a security protocol that encrypts data sent between your server and your users’ browsers. Hackers will have a harder time spying on the connection as a result of this.
We exchange our personal information with many websites daily, whether we’re making a purchase or simply logging in.
A secure connection must be established to protect the data flow.
SSL and HTTPS are used in this situation. Each site is given its own SSL certificate for identification. When a server pretends to be utilizing HTTPS but its certificate doesn’t match, most modern browsers will warn the user not to connect.
You’re undoubtedly asking why you need to upgrade your WordPress site from HTTP to HTTPS, especially if it’s just a basic blog or small business website that doesn’t make any payments.
Why do you need HTTPS and SSL?
Google unveiled a proposal last year to improve general web security by pushing website owners to move from HTTP to HTTPS. Starting in July 2018, their popular Chrome web browser will label all websites without an SSL certificate as “Not Secure.”
Google also stated that websites that use SSL will enjoy SEO benefits and higher results as a result of the news. A big number of websites have migrated from HTTP to HTTPS since last year.
The “Not Secure” warning has been steadily spreading out in Chrome. When someone uses the incognito window to view an HTTP website, it will be listed as Not Secure. When a user accesses an HTTP website in regular mode and attempts to fill out a contact form or another form, the website is flagged as insecure.
This message provides your readers and customers with a negative opinion of your company when they see it. As a result, all websites must instantly switch from HTTP to HTTPS and install SSL. Not to add, SSL is required if you wish to accept payments online through your eCommerce website.
Most payment companies, such as Stripe, PayPal Pro, Authorize.net, and others, will require you to have a secure connection before you can accept payments. SSL is used to secure WPBeginner, OptinMonster, WPForms, and MonsterInsights.
WPBeginner, OptinMonster, WPForms, and MonsterInsights are all secured with SSL.
Steps to move your WordPress site from HTTP to HTTPS
Step 1: Install your SSL certificate and enable HTTPS in WordPress.
If you’re not sure where to start, we’ve already reviewed various cheap WordPress SSL certificate sources, so you might want to take a little trip there. Because SSL certificates are what allow your WordPress site to connect to the internet through HTTPS, the terms will be used interchangeably in this post.
Let’s Encrypt is the easiest SSL certificate to install if you’re utilizing shared hosting. Let’s Encrypt certificates have the advantage of being both free and extensively accepted by hosting companies.
Because you won’t be able to install an SSL certificate unless you’re hosting your WordPress site on a dedicated server, the second step is critical.
So, we propose contacting your host’s help or consulting their knowledge base to get your Let’s Encrypt SSL certificate installed.
Step 2: Install and configure the Simple SSL plugin
Remember how we said you needed to resolve some difficulties for your SSL certificate to work properly? The simplest method to do this is to use the Simple SSL plugin.
Because your WordPress site still includes photos or other material that are inserted using the regular HTTP:// URL rather than your new HTTPS:// URL, Google issues the “connection is private BUT” warning. To fix the problem, go back and change all of the image links to HTTPS://.
Fortunately, you won’t have to do it manually. That will be taken care of by the Really Simple SSL plugin. Two other significant changes will be made by the plugin:
In the WordPress settings, it changes your site’s URL to HTTPS.
It adds a 301 redirect to direct all human and search engine visitors to your HTTPS pages. This is necessary to avoid a Google duplicate content penalty.
Install and activate Really Simple SSL to take care of everything.
Step 3: Verify HTTPS success on the front end of WordPress.
Now you should go to your site’s public areas and double-check two things:
To begin, double-check that entering your URL as http://yourdomain.com automatically redirects you to https://yourdomain.com.
Then, on all of your site’s pages, make sure you see the “green padlock.”
That’s all there is to adding HTTPS to WordPress! If you’re using Google Analytics, a CDN, and/or Google Search Console, you’ll still need to take care of a few housekeeping issues.
Step 4: In Google Analytics, update your site’s URL.
To ensure that your statistics are correct, convert your Google Analytics URL from HTTP to HTTPS. Go to Admin Property Settings to do so. Then, under the Default URL setting, change the dropdown from HTTP:// to HTTPS://.
Make a note of your settings and save them.
Step 5: In Google Search Console, make a new property.
You can’t merely change the URL for your site if you’re using Google Search Console, unfortunately. As a result, you’ll need to construct a new HTTPS version to create an updated property. To add a property to Google Search Console, go to the site and select Add Property.
Everything about Search Console will work as it did before once you’ve added the HTTPS version of your site.
Step 6: Update CDN URL to HTTPS
If you’re using a CDN, you’ll probably need to alter your URL in your CDN settings as well. We can’t provide you with particular instructions because the process will vary depending on the CDN you’re using.
To determine if/how you can update your URL to HTTPS, contact your CDN or study your CDN’s support materials.
This step can be skipped if you have no idea what a CDN is!
Step 7: Update any links you control to HTTPS
If you have any social media profiles or other external sites linking to your WordPress site, you should alter all of these links to refer to the HTTPS version of your site. You can also send an email to any friendly webmasters that link to your site, requesting that they adjust your site’s URL.
Because the Simple SSL plugin introduced 301 redirects to automatically move HTTP traffic to HTTPS, this isn’t a requirement. However, it is a best practice that avoids the need for redirects.
Why Should You Move Your Website to HTTPS?
Only 57 million websites use SSL at the moment. As a result, it does not appear that technology is required to maintain a successful online presence. However, there are still compelling arguments for joining the minority.
1. Your Site Handles Sensitive Information
To begin with, if you operate an online store that processes credit card information or other sensitive data, switching to HTTPS is a must. Clients want to be able to put their trust in your website, and they should be able to. It is entirely up to you to make that happen.
If someone utilizes a public wifi hotspot to browse an unsecured website, for example, others may be able to steal their payment information. How likely do you think that individuals will return to your site if they utilize that information to steal from your client? Not at all.
It’s also feasible to tamper with the data your visitors receive if you don’t use HTTPS. In that manner, a third party may inject advertisements, malware, or other content on your website that you don’t want people to view.
Even if you “just” deal with the standard log-in information, adding an extra layer of security and keeping it safe is a good idea. It will be much appreciated by your users.
2. HTTPS is a Sign of Authenticity and Trustworthiness
In terms of visits, encryption has become something that consumers expect as a result of the widespread adoption of HTTPS on the web.
Why are they so concerned? Because the small padlock signifies not only that their traffic is secure, but also that the website is genuine and who it claims to be, rather than a forgery.
So, if they have an option between your site and a competitor that has incorporated HTTPS, odds are they will choose the competitor. Especially when major browsers (Chrome and Firefox) are already labeling sites with forms on pages that aren’t secured with HTTPS as insecure.
In the future, they may issue a broad warning about any site that does not use encryption. And you certainly do not want to be one of them.
3. Benefits of SEO
Not only do your customers expect you to switch to HTTPS, but so do search engines. In 2014, Google declared that having an SSL certificate in place is now a ranking consideration. Furthermore, while HTTPS is now underutilized, its value will grow with time.
Furthermore, Google Analytics blocks referral data from HTTPS to HTTP. As a result, if you have an outdated protocol website that receives a lot of referrals from HTTPS sites, your web analytics will not reflect this. You may not be aware of platforms that send you a lot of traffic as a result, and you may miss out on expanding your marketing channels.
