In this lunchtime #WPQuickies, I take a quick look at the best ways to move a WordPress website from HTTP to encrypted, safe and secure HTTPS.
In this webinar I cover the following topics.
What is SSL and HTTPS?
SSL stands for Secure Socket Layer which adds a layer of encryption to communications between your browser and a web server. Turning plain readable HTTP requests into secure encrypted HTTPS communications making it much harder for anyone to snoop in on the data you are sending.
This is done by adding an SSL certificate to your web browser. The SSL certificate is linked to the domain name of your website,
It comes in the form of a key pair – private and public which is validated by a trusted certificate authority.
Any site trying to spoof over HTTPS from a dodgy CA will be flagged by all the major web browsers.
Read more about CA’s at https://en.wikipedia.org/wiki/Certificate_authority
Why do you need SSL and HTTPS?
Firstly, I think it makes sense to encrypt data so that nobody can snoop, read and steal it.
Think about all that personal information your website is dealing with, emails, phone numbers, shipping addresses and credit card information – you don’t want make that information easy to get at for hackers and fraudsters.
Secondly, having a secure website has been proven to be a significant signal in the Google ranking algorithm. Nowadays it’s a must to have your entire website running securely.
The last reason you should move your site over to HTTPS is that as of 2018/2019 Chrome, Firefox and Safari started marking HTTP pages as “not secure”. You don’t want your customers seeing a not secure warning flash up on your site. That will destroy credibility and trust.
Where do I get an SSL certificate from?
You can get an SSL from your web hosting provider.
You should never pay for an SSL as the organisation Let’s Encrypt offers free SSL certificates for anyone and there are Let’s Encrypt modules built in to cPanel and Plesk which handle all the technical details.
If you hosting provider is asking you to pay for an SSL certificate – maybe you should be looking around for another provider.
If they do support Let’s Encrypt, you can request an SSL certificate yourself using cPanel or Plesk without having to contact your hosting provider – just follow the instructions. It works for single domains, sub domains and wildcard domains.
Are you developing on Windows?
Become your own Certificate Authority (CA) on Windows and add your own SSL certificates.
Find out how with my post on How to Get HTTPS Working in Windows 10 Localhost Dev Environment.
Setting up WordPress with SSL/HTTPS
The subject of SSL/HTTPS may be complex but setting up your WP site to use HTTPS isn’t magick.
Of course you need to setup and install the SSL certificate on your web hosting account before you can progress to this part.
For beginners, the best way of converting your site to HTTPS is to use a plugin such as Really Simple SSL
The free version translates HTTP requests to HTTPS in real-time. Paid version can sort out issues such as mixed content where your theme or a plugin is generating HTTP URLs instead of HTTPS.
Mixed content warnings are quite common if you’re trying to translate HTTP into HTTPS on the fly or if a theme/plugin developer isn’t properly detecting the protocol of the site – that’s the HTTP/S part.
Search the page source code for HTTP using the browser inspector and find the theme or plugin which is generating that URL, then open a support request with the developer.
If you want to actually change the content of the database from HTTP to HTTPS – use the plugin Better Search Replace.
Yes, it’s over 1 year old but it works perfectly.
Enter HTTP then HTTPS url and replace data.
Go to Settings > General: Change HTTP to HTTPS url
Add this to the wp-config.php file:
Update Google Search Console
You will need to update your Google Search Console and add the new HTTPS address of your site as Google treats HTTP and HTTPS urls as separate entities.
Open the search console at
Go ahead and click on Add Property and type in your HTTPS website URL.
Lastly you want to update your Google Analytics because Google Analytics treats http and https urls as different entities.
Navigate to https://analytics.google.com/
Go to Admin > Property Settings > Basic Settings
Change Default URL to https://
Watch More #WPQuickies
You can watch more #WPQuickies from the playlist on our WordPress Sydney YouTube channel.
The playlist is also embedded below, click the hamburger menu in the top right of the video to see the others in the series.
Suggest a #WPQuickies Topic
If you have an WordPress topic you’d like to see explained in 30 mins or under, fill out the form below.