If you design, update or otherwise work on websites, you’ve been hearing for over a year now that this is the year to move your website from http to https.I had my first experience moving a website to https last weekend, and I thought I’d write my experience of how it went.
Google has been the mover behind this and since most website owners obediently comply to every directive from them, many sites are moving that way. Google is the maker of the Chrome browser and if you use it, you’ve probably seen warnings as you look at some sites that are not secured. They announced beginning in January, the browser will label http connections as insecure.
Moving A Website From HTTP to HTTPS
The most important thing I found out was that there is not a cookie cutter process to move a website from http to https. This is because every website is set up and has certain things about it that make it unique from others.
There are variables such as hosting environments, what is in your .htaccess file and other things that you may have on your website that make it just a little bit different.
One Size Doesn’t Fit All for Going to HTTPS
I’ve been reading (and dreading this), since the middle of last year. It seems like there are so many articles out there about how to get your site converted. Some say they sites are now secure because their webhost has already put a free SSL certificate on their website. They are sadly mistaken to think they are finished – far from it. For example, my host, A2 Hosting has already given me a free Let’s Encrypt certificate, but I haven’t gone through the additional steps to get the ‘green padlock’ of safety and compliance!
Prepare for HTTPS
For me, I did a lot of reading articles from sources I trust (Search Engine Land, Google, WPBeginner) and many others. I watched a fair share of YouTube videos too. In addition, I took 2 classes. One was from iThemes (a paid class), and an informational webinar from BlogAid.net with a pitch at the end to join her web design member site. I decided to go with iThemes since I already have a subscription there :). Brian Richards did the training and he is a trusted resource.
Steps to Move to HTTPS
These are the steps, in order that Brian went through and I followed them and everything worked out. I’m giving you the steps, but the actual doing of each step may be easy or hard for you, depending on your experience level. There are many good articles out there on how to move to https.
Part 1 – Setup
- Acquire an SSL certificate – get them through your host (A2, SiteGround, Liquid Web, and maybe more are free).
- If you purchased one outside your webhost, it’ll need to be installed (I’d get your webhost do it – it’s usually only about $10).
- Test the certificate – you can go to SSL Labs and run a test on your url.
Part 2 – Content Updates
- Update all your internal URLs. These are all the links, images, etc. that have been uploaded to your website. They all need to go from http to https. Brian mentioned using BackupBuddy to do this. I have BackupBuddy, but he didn’t go into detail as to how to do it, so I did some extra searching and found a great article at WPBeginner that said to use the Velvet Blues plugin to change the internal URLs. I’ve used that plugin before and it worked great, so that’s what I did. After using it, I removed the plugin.
- Update any hard-coded URLS in your custom theme and plugins. This applies to custom code written for your site. I didn’t do anything with this.
- Go to your WordPress dashboard and open Settings>General and change your URLS to https. You’ll be immediately logged out. Log back in, this is normal because your URL changed.
- Test your pages to see if you get the green padlock. I did not have green padlocks, so I used the website, Why No Padlock to find where my insecure or mixed content was. Important: there are places where you have insecure images you may not think about. So here are some tips. Check your header and footer for insecure images (I had one in a footer). Also my Google Fonts were giving me an insecure rating. All I had to do there was go to the css stylesheet and add an ‘s’ after the http going to Google Fonts! Other places to check are optin boxes, widgets, social media links, RSS feed services and things like this.
Part 3 – Follow Through
- You’ll need to edit your .htaccess file to do a permanent 301 redirect. There are many examples of this code around. I searched at my host (SiteGround), and found the code they suggested to use. This code redirects anyone coming to your site to the https version of the site – so they will have the green padlock!
- You need to let Google know by updating your Search Console Profile and your Google Analytics Property to update them to https. I chose the https to be my main URL.
- Update your email signature, social profiles and any other external links.
- There’s a step to make changes on your CDN, if you have one (Content Delivery Network). You’ll need to enable SSL support, update your origin URL to the https URL, enagle HTTP/2 support, if available. Your CDN should have documentation to help.
Summary
So there you have it – the steps to move from http to https, but reading through these, you can see how there isn’t a one-and-done instruction set to fit this. Everyone has a unique setup and needs.
Can an average user do this? I would say no. If you have only ever gotten into your WordPress backend to write posts, or make minor changes to pages, then you probably don’t have the background and skill set for it. If you’re familiar with CSS, html and code, then maybe. If you’re comfortable with logging into your webhost and opening and making changes to files there, then you can probably handle it.
Before you start your https migration, make sure you have your ducks in a row by starting with a good backup of your website. A good backup is one that you can and know how to restore.
I’ll be moving the other websites I manage to https throughout the year – I’ll even work on my own one of these days! There is one large site I don’t want to tackle. For that, I have contacted FixMyWP. I’ve used Makis in the past, I trust him and he’s been very reliable and a good on-line friend.