In this Guide, you’re going to learn exactly how to redirect HTTP to HTTPS your WordPress site. For your convenience, I’ll explain every single step and answer the questions that you are about to ask. So stick with me till the end. Let’s get started…

There are two ways to redirect HTTP to HTTPS

1. Contact your hosting provider

It’s one of the easiest ways to implement HTTPS. All you need to do is, go and contact your hosting provider.

Almost every popular hosting company offers SSL. You can either purchase a premium SSL or get a free SSL from your hosting.

Many hosting companies like Bluehost, HostGator and DreamHost offers you the free Let’s Encrypt SSL.

You can start a live chat conversation with customer support and ask them to install free SSL on your server.

Once you get SSL installed on your server, you can further ask them to complete additional steps like changing site URL, adding 301 redirections and testing.

Everything is done from the core side of your website. Remaining things like updating Sitemap, changing external linking and adding a new property to search console will be done manually.

Now you’re all set. You have successfully redirect HTTP to HTTPS.

NOTE: Don’t use free SSL if you’re running your online e-commerce business.

This is how you can redirect HTTP to HTTPS without too many headaches.

Another way to move from HTTP to HTTPS is “By following these steps“

Redirect HTTP To HTTPs In WordPress: 11 Easy Steps To Follow [Advanced Guide]

Contents Redirect HTTP To HTTPs In WordPress: 11 Easy Steps To Follow [Advanced Guide]

QUESTIONS

STEP 1. Take a full backup of your existing website

STEP 2: Purchase an SSL certificate and install it on your server

STEP. 3: Install ‘really simple SSL’ plugin

Step 4: Change both site address and WordPress address

Step 5: Add 301 redirection

Step 6: Update internal links in your content

Step 7: Add HTTPS version of your site to Google Search Console

Step 8: Update your XML sitemap with HTTPS

ADDITIONAL STEPS

STEP 9. Change your CDN URL

STEP 10. Update Social Media profiles

STEP 11. Add HTTPS property to Google analytics

CONCLUSION

QUESTIONS

In this section, you’ll get the answers to the questions.

These are the questions which you could ask before or after redirecting HTTP to HTTPS.

Let’s begin…

#1. Should I redirect HTTP to HTTPS?

The quick answer is YES.

In fact, Google encourages webmasters to move to a secured HTTPS protocol.

“HTTPS blocks the misuses of your site. It protects the privacy and security of your readers.”

Apart from that, it also helps improve your search visibility and rankings.

Now I don’t think you should make further excuses for not using HTTPS.

#2. What do I need to know before moving from HTTP to HTTPS?

The first thing you should be knowing is ‘what type of SSL you must purchase?’

As I already told you that it all depends on your site type.

If you are a blogger like me, then better you use ‘Domain validation SSL’. And you can get this SSL type for free from popular hosting companies.

But if you are running a business or e-commerce website then better you go with highly secured SSL available on DigiCert, COMODO or GlobalSign.

Note: – BlogSpot users do not need any HTTPS. There is an option within the setting where they can enable HTTPS protocol for free.

#3. IS HTTPS total solution to website security?

Many newbie bloggers think that HTTPS is the total security solution, but they are wrong.

Because HTTPS only encrypt your data communication between browser and website. It makes online transactions risk free and also secure buyers from any data breaches.

But it doesn’t secure your site from malicious and DDOS attack. Your website is still prone to get hacked.

So don’t keep your blog or website at risk. I suggest you to use website security service to keep your database and web server safe.

Being a WordPress user, you can go with Sucuri, Wordfence or Sitelock to protect your site.

It means for total security you need both HTTPS and website protection service.

Also, read: –

#4. How much traffic I will lose after moving from HTTP to HTTPS?

However, Google confirms that HTTPS migration does not affect traffic. But it brings traffic fluctuations.

And you may lose 30 to 70% traffic temporarily. It means if you are getting 100 visitors every day, after migration, you’ll get only 30 to 70 visitors and it will continue up to 2-3 months.

But you don’t need to worry about traffic because you’ll get it back again sooner than later if you’ve followed the right direction.

See my report below… (Traffic lose)

I agree that HTTP to HTTPS redirection still affect traffic but at the same time, it improves bounce rate and rankings.

#5. What kind of errors I could get while moving from HTTP to HTTPS in WordPress?

The most common error is ‘mixed content error’ that you may encounter while migrating.

Mixed content is when your assets/resources on pages load over HTTP instead of HTTPS.

It occurs because of improper HTTPS redirection. And in this case, some of your page resources (like media, scripts or CSS) are not redirected to HTTPS properly.

However, ‘really simple SSL’ plugin fix this error automatically. But if you’re still getting the error, then no problem you can fix it manually.

For fixing, first, check your WordPress address and Site Address. You can find these options in General under settings.

If both addresses are correct, then it’s time to replace all old HTTP URLs in your WordPress database with HTTPS.

You can use “better search replace plugin” to quickly change URLs.

First, install and activate the plugin.

After activating, open the plugin.

Here you’re asked for two things. The first one is ‘search for’ and the second is ‘replace with’.

Enter the old URL (http://yourdomain.com) in the ‘search for’ field.

Next, enter ‘ https://yourdomain.com’ in the ‘replace with’ field. Now click ‘run a search/replace’ button and you’re all set.

The plugin has successfully replaced all HTTP with HTTPS.

#6. Check Robots.txt file

Robots.txt file plays a vital role when it comes to instructing Google bots. A simple mistake can block your site to crawl.

One thing you can do is add your new sitemap URL to let Google bots know the exact location of your new sitemap.

Sitemap: https://beginnersblog.org/post-sitemap.xml

Make sure you first check your sitemap URL and then add this to robots.txt file because your sitemap URL may be different from mine.

Sitemap: https://your-sitemap-url/sitemap.xml

Let’s have a look at my robots.txt file…

I’ve answered 6 questions related to the HTTPS migration process. If you have further questions, you can leave a comment and I will try my best to give you the solution.

Now let’s get started…

STEP 1. Take a full backup of your existing website

The first step is to take a full backup of your website. However, it doesn’t play any role in the migration process but it’s essential to keep backup.

Because it helps recover your site back in case something goes wrong. You can take backup either from cPanel or by using a WordPress plugin.

I use ‘UpdraftPlus backup plugin’. With this, you can take backup manually anytime.

Or you can go with a premium version for auto backups.

For taking the backup, head to UpdrafPlus icon on the top header of WordPress dashboard.

And click on ‘Backups/Restore’ option. After clicking, you’ll be redirected to main Backup dashboard.

Now, press ‘Backup Now’ button. As you click it, the plugin starts collecting the data from your server and create separate zip files.

Once the process is finished, you’ll see five separate files. Click each of these files and download to your computer.

Database file

Plugins

Themes

Uploads

Others

Note: Make sure you don’t click ‘delete files from your web server’ button.

Finally, you have taken the full backup of your website and now you can move to next step…

STEP 2: Purchase an SSL certificate and install it on your server

For adding an SSL certificate, first, you need to purchase one.

There are many third party SSL provider companies from there you can purchase SSL at a very reasonable price.

It costs you from $30 to $200 per year.

But before you buy it, make sure you choose suitable SSL for your website.

How do you know which SSL is best for your website?

It depends on what kind of website you’re running. I mean is it an informational blog or an e-commerce website.

If you’re running an informational blog, then ‘Domain validation SSL’ type is the best option for you.

But if you have an e-commerce business website which deals with online transactions then you need highly secured SSL type.

In this case, you can go with COMODO instant SSL pro, Geo-Trust or Global-Sign SSL certificate. These are trusted SSL and secure buyers from all kind of transactional breaches.

For bloggers, Domain validation SSL is the best choice, because it is cheaper than other SSL types.

You can get one for free from your hosting provider. In fact, I’m also using let’s encrypt free SSL.

And the good thing is that it is NOW available on all popular hosting companies like…

HostGator

BlueHost

DreamHost

Kinsta

WP Engine

A2 Hosting

FlyWheel

SiteGround

Nonetheless, you can purchase SSL from your hosting provider. I’m using HostGator and it offers both free and premium SSL.

Just head to cPanel and purchase SSL from there. You can even buy from third-party SSL provider companies like DigiCert, COMODO or GlobalSign.

Once you’ve purchased SSL, it’s time to ask the hosting provider to install SSL on your server.

STEP. 3: Install ‘really simple SSL’ plugin

Now you’ve installed SSL on your server, it’s time to integrate SSL to your WordPress website.

‘Really Simple SSL’ is a free plugin that helps you configure SSL in just one click.

This plugin automatically detects SSL and fix mixed content issues. If you’re not getting any issues then you’re good to go.

It replaces all HTTP with https so you don’t need to change them manually.

Next, you can test your site to check whether it is redirecting to HTTPS or not.

Once it’s done, you are ready to move to the next step.

Step 4: Change both site address and WordPress address

However, ‘really simple SSL plugin’ change both site address and WordPress address automatically.

But in case you’re getting any error, then make sure you check these options in General settings and replace HTTP with HTTPS.

See the screenshots below…

Step 5: Add 301 redirection

You don’t want to lose your rankings, right?

Whenever you make big changes to your website, you would see traffic fluctuations.

And if you Redirect HTTP to HTTPS then it also impacts your blog traffic.

And if you don’t place 301 redirections, you’ll continue losing traffic. Because Google considers HTTPS as a different entity.

301 redirection tells Google that the corresponding URL is redirected to HTTPS permanently. And all old content has now shifted to the new HTTPS version.

Remember, even if you place 301 redirections, you would still see traffic fluctuations. But after a few days, Google starts ranking your site again and you’ll get your traffic back.

Now the question comes… how do you add 301 redirections?

Being a WordPress user, you can use the WordPress plugin. But I recommend you to use the .htaccess file for adding 301 redirections.

Step by step process to add 301 redirection to your WordPress site using a .htaccess file

First, log in to your hosting cPanel.

Go to file manager

Choose your directory and enable ‘show hidden files (dotfiles)’ option.

Once you get the .htaccess file, paste the code given below on top of the file.

<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule>

Click the ‘save changes’ button and check the redirection changes whether or not it is working properly.

Once done, You’re all set. You’ve successfully redirected HTTP to HTTPS.

NOTE: –

Be careful while editing the .htaccess file because a minor mistake can make your site inaccessible and it gives you internal server error.

I recommend you to download a copy of the .htaccess file to your computer in case something goes wrong.

Internal linking is a great way to inter-connect your articles. It helps readers to learn more and reduce the bounce rate.

As I told you ‘Really simple SSL’ replaces all HTTP to HTTPS. But you can still check your internal linking and update those if there are some.

Step 7: Add HTTPS version of your site to Google Search Console

It’s really important to tell Google that you are now preferring HTTPS version.

For doing so, you need to add 2 more properties to your search console account.

The first one is: –

https://yourdomain.com

And the second one is: –

https://www.yourdomain.com

I hope you know how to add a property. If you don’t, then log in to search console dashboard. In the upper left corner, you’ll see your old property like this.

Now click the dropdown arrow. At the end of the dropdown, you’ll see ‘Add property’ option.

Just click it and add your domain with HTTPS ( https://yourdomain.com ). Make sure you do it again to add https://www.yourdomain.com.

After verifying, you’ll see all different versions of your web properties.

You’ve almost done. The final thing to do is, submit your sitemap to search console.

It helps Google to the index HTTPS version of your domain faster than usual.

Before you submit Sitemap, first create a sitemap that contains URLs with HTTPS.

If you don’t know how to do it, then no worries, WordPress has made this easy for you.

Yoast SEO plugin users have nothing to do because all URLs are already replaced with HTTPS.

All you need to do is, go and browse HTTPS version of your Sitemap by typing “https://yourdomain.com /post-sitemap.xml” in the browser (URL is only valid for Yoast SEO plugin users).

If you are getting all URLs with https then you can copy this URL (https://yourdomain.com /post-sitemap.xml) and submit to Google search console.

Congratulations!!! You have successfully redirected HTTP to HTTPS.

This was all about how to redirect HTTP to HTTPS. Now let’s discuss some additional things that you need to do after migrating from HTTP to HTTPS.

ADDITIONAL STEPS

STEP 9. Change your CDN URL

To be on the safe side, I would advise you to change the CDN URL.

Otherwise, your CDN server won’t serve immediate results to your readers. The only way to fix the issue is to change your CDN URL with SSL-CDN-URL.

If you don’t know how to do it then don’t worry here is everything you need to follow.

(Note: – Process is valid for MAXCDN users)

First of all, login to MAXCDN account Go to settings and click SSL corresponding to your domain’s pull zone.

Next, enable SSL for preferred hosting server (shared or dedicated hosting)

If you using other CDN services then make sure you check their documentation or contact customer support and ask “how do I to enable SSL?”.

However, submitting the XML sitemap to search console helps Google to find and index your HTTPS version fast.

But updating your social media profile also improves search visibility.

Not just change social media profiles but also change question-answer forums profiles. Because these are your backlinks that Google will consider sooner than later.

STEP 11. Add HTTPS property to Google analytics

With the right approach to this migration process, adding HTTPS version of your domain name to Google analytics account is also important.

Because with analytics, you can track your site performance, traffic, bounce rate and real-time stats.

And it’s important to measure the performance of your site after redirecting HTTP to HTTPS.

To add HTTPS version, you need to login to Analytics account.

Once you are in, click this gear icon shown in the bottom.

After clicking, you’ll see this admin interface…

Next, go to the mid-section and click property settings option.

Here you see the default URL section. Click on the dropdown and choose HTTPS and save the changes.

Within 24 hours, Google Analytics will start collecting the data from the HTTPS version of your site.



Congratulations! You have successfully migrated from HTTP to HTTPS.



CONCLUSION

Now I do like to hear from you…

Are you gonna use my guide to redirect HTTP to HTTPS in WordPress? I did my best and I hope now you have enough knowledge to go one step ahead.

If you haven’t moved yet because of fear, then I suggest you take your time reading this guide and I’m sure you definitely gonna do it.

If you have further issues, then ask me right into the comment section. I will answer you sooner than later.

Love this guide? Then don’t forget to share with others on social media platforms.