WordPress is perhaps one of the most popular platforms to run your website on. One of the reasons for its popularity is that it’s easy to setup without needing to know html. You don’t need pricey software either. However, hackers now have a larger hunting ground and unsecured WordPress sites often fall victim to the digital havoc these hackers wreak. So, if you haven’t moved your site to HTTPS, you’re putting yourself and your users at risk. Most sites that handle sensitive information are secure. If you were to buy Optimum internet plans online using your credit card, the payment information would be strongly encrypted. This is a key characteristic of HTTPS sites.

Let’s look what HTTPS is, and how you can move your WordPress site to it.

What is HTTPS?

Table of Contents Why do you need HTTPS?

HTTPS or Hypertext Transport Protocol Secure is a communication protocol similar to HTTP. The difference is it uses an SSL or Secure Socket Layer to connect the browser and server. Effectively, this means all exchanges of information between the browser and server are encrypted.

If your site handles sensitive information like credit card info, bank details and credentials, it is vitally important to move to HTTPS to keep this information secure. The padlock badge on the address bar of your site is a mark of trust. Most users know they can trust a site that takes information security seriously. SSL certificates are officially a ranking factor on Google. This is helpful for SEO. Additionally, referral data from other HTTPS sites does not get blocked by Google so your analytics are more accurate.

How do you move your WordPress site to HTTPS?

Now it’s time to get to the meat of the matter. Here are seven steps to follow to get your site to HTTPS:

1. Backup Your Site

It is very important to backup the working version of a website when making major changes. This allows you to come back to the working version in case anything goes wrong. It’s just good practice. You can also follow these steps on a test server first to get the hang of it.

2. Implement the SSL Certificate

Getting an SSL certificate with ease or difficulty depends on your hosting service. Ideally, your host should offer an option to move to HTTPS right in your dashboard. Most hosts support Plesk, and Let’s Encrypt, and you can find tutorials for both online (here and here).

3. Add HTTPS to WordPress Admin

You will need to add the SSL to the backend of your website first, making it secure beforehand. Open wp-config.php and insert define('FORCE_SSL_ADMIN', true); before That’s all, stop editing!. To test this, access your login page with HTTPS in the URL. You will have a secure connection if it worked.

4. Site Address Update

Update your site address to HTTPS so that the rest of your website is secure. You can do this by going to Settings>General and adding https:// to both the WordPress address and site address. After saving, you may have to restart.

5. Update links in Content and Template

You will need to update any links that are still on the old HTTP protocol. You may need to consider videos, images and audio as well as web fonts, iframes and JavaScript and CSS files. Try changing your links to // rather than https// which will prompt them to create relative links automatically.

6. Setup Redirects

You need to setup a redirect that sends your users to the secure version of your site. The tool for this is .htaccess, an important system file usually found in WordPress root directory. Its invisible by default so you will have to allow your FTP client to show it. Add these lines to the file: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Once you’re done make sure there is no same page on both sites. This is to avoid content duplication issues that cause problems with SEO. After this, visitors should automatically land on the secure version.

7. Test and Go Live

Now its time to test if everything works smoothly. Visit an SSL testing site and input your domain name. These sites give insights on how well the SSL has been implemented and how secure your site is. They also give you an idea on what requires work and improvement. Go over your site in detail and find any links that were leftover. After that, you’re good to go live like Jimmy ESL - the teaching English in Japan blog.

By the end of it, there are only a few areas left to complete the transfer. You will need to update your sitemap, add your site to all your webmaster tools, update your Content Delivery Network, make the switch in analytics and preserve your social share counts. These are relatively peripheral tasks. For the most part, this blog has laid down the seven main steps to move your website from HTTP to HTTPS.

Like this article? Follow @AlexxBriannn on Twitter