How to get WordPress to HTTPS

How to get WordPress to HTTPS ? Your WordPress site is still in HTTP ? It is a mistake. Your WordPress site is well in HTTPS ? Are you sure ? We will check that out.

Going through WordPress in HTTPS is not very complicated, I will offer you 2 simple, fast and efficient solutions. In this tuto, I give you the essential steps to pass WordPress well in HTTPS

Before moving WordPress to HTTPS ?

Concretely, switching WordPress to HTTPS amounts to making a site migration, that is to say to create a new site in which the contents of your different pages will be transferred.

The first step to moving your WordPress site to HTTPS is simply to obtain an SLL certificate

Your host or domain name manager generally offers you a free SSL certificate in their offer. Add the “s” at the end of the HTTP of your domain name. If you are still on your website, the certificate is already installed. Take the next step.

If not, ask your host to activate a free Let’s Encrypt certificate.

In certain themes and for certain e-commerce sites, it is sometimes advisable to choose a more secure paying certificate. Your host may advise you on a certificate adapted to your situation.

The HTTPS protocol allows you to secure your website a little more. Today is the norm and you cannot afford to have a website without HTTPS. Visually what changes is only the URL .

In reality, there will always be an HTTP version and an HTTPS version of your website. For Google, these are almost two different websites. You must therefore ensure that the HTTP version automatically redirects to the HTTPS version

Switching WordPress to HTTPS: the ultra easy method

Whatever the method of passing WordPress in HTTPS, there is always a step to be carried out before each manipulation on your WordPress site: to carry out a backup. It would be a shame to lose your website. In my WordPress & SEO formation, I recommend the installation of the Updraft Plus plugin to make automatic backups.

The ultra easy method will take you 3 minutes to all broken:

You will simply install the “REALLY SIMPLE SSL” plugin.

You go to your WordPress – Extensions – Add back office, you search for the plugin and you activate it. That’s all. = 3 minutes.

This method of switching WordPress to HTTPS is ultra fast but it is not the best method. First, Really Simple SSL is not foolproof, he can forget pages, images or links that will remain in HTTP. It’s pretty quick to check if the pages are good in HTTPS on a small website but it’s horror on a big website.

Second, the more WordPress plugins you have installed and the more your web row website, and lowers your loading time and potentially your natural referencing. It is therefore not advisable to add a new plugin if another solution exists.

There is one precisely. A bit more technical but within anyone’s reach.

Switching WordPress to HTTPS: the advanced method

This is the method I recommend for moving WordPress to HTTPS. You must follow these 5 steps:

Go to your WordPress backoffice in Settings – General. You will have to change the main address of your site. Replace the URL with HTTP with its version in HTTPS. You must modify the two URL fields: “WordPress web address” and “Site web address”. You will be disconnected because your backoffice also goes to HTTPS

From now on, your entire website must be in HTTPS. Unfortunately, it’s not that simple. The problem is that your website is now duplicated: an HTTP version and an HTTPS version. You will have to redirect each URL to HTTP to their HTTPS version

You will have to go to FTP. You must have received your FTP codes when purchasing your domain name and accommodation. If you no longer have them, you can contact your host so that they can send them back to you. There are generally :

  • A host name
  • A user name
  • A password
  • Two digits: 21 or 22

Download the Fillet (Server) software and connect with your identifiers. This software allows you to access the files and files on your website.

On Filezilla, in the folder “www. You must find the Wp-config file and the “.htaccess” file. By a slide-deposit, recover these two files and make in 2 copies. You must have 2 original files and 2 files that you will modify. Please note, you must wait 24 hours after the online publication of your website to see the .htaccess file appear.

You will have to copy a piece of code to these files. To do this, you must download the Notepad ++ software (TextWrangler for Mac).

Open the Wp-config file and copy the following code to line 2 of the file:

define (‘FORCE_SSL_ADMIN’, true) ;

Save and replace the original file with the one updated in Filezilla.

Check that everything is ok on your website. If you no longer have access to your website, it is because you have made a line error or have forgotten a character. You can then send the original backup file to Filezilla and start the maneuver again.

Similarly, another piece of code should be added to the .htaccess file (at the very top) :

RewriteEngine On

RewriteCond% {SERVER_PORT} 80

RewriteRule ^ (.*) $$1 [R = 301, L]

Remember to add your domain name in HTTPS instead of

Well, it’s good, you just passed WordPress in HTTPS

What to do after passing WordPress in HTTPS ?

Check that your SSL certificate is effective. An invalid certificate will display an alert message in a user browser window, which may compromise the image of confidence and security you want to convey.

It is possible to test the validity of your certificate with this SSL lab tool. If you do not check it, you may have urls with HTTPS locked in the address bar. This generally indicates that you still have HTTP links on your pages.

On the other hand, the tool allows you to check the level of security of your HTTPS site. It will give you a note and tell you the things to correct to be better rated.

If the green padlock does not appear, it is because you still have mixed content in your pages. In other words, some pages did not link to HTTPS (this is often the case with images). This is where it gets complicated. This is called mixed content.

First thing to do, URL’s that do not have a green padlock can be tested using this tool that will indicate the page redirection code. Test it with the HTTP version. The page will be in code 200 if the padlock is not green.

If you are using Firefox, you will have a lot of information by clicking on the red padlock – More information – Media. Search the media again in HTTP on the page to modify them.

You can also right click on the unsecured page and click on “Show the source code on the page”. Then do CTRL + F to open a search bar and enter “HTTP”. Identify links that are not in HTTPS and modify them.

Update from Google Search Console and Google Analytics

Once you have completed all the necessary redirects and make sure you no longer have any connection to HTTP, you will need to notify Google so that it can index your new URLs as quickly as possible. This step is very important and must be completed quickly. Indeed, the longer you delay, the more likely you will be to lose SEO positions. To do this, simply add your new site to Google Search Console by informing the URL of your new site. You will also need to submit the HTTPS website and modify its address in the robot.txt file.

Also, remember, modify your URL in Google Analytics (in the property parameter and in the view parameter).

Why switch WordPress from HTTP to HTTPS ?

Protect information from Internet users

The HyperText Transfer Protocol (HTTP) is a Transmission Protocol allowing the user to access web pages via a browser while sending data to your server. The problem is that the data that transits via HTTP is not encrypted, which can allow an ill-intentioned person to easily retrieve information that can be confidential (connection identifiers, coordinates).

HyperText Transfer Protocol Secure (HTTPS) is the secure version of HTTP. It is the result of a combination of HTTP with an SSL (Secure Sockets Layer) or TSL (Transport Layer Security) encryption layer. This is what will allow the Internet user to verify the identity of your website using an authentication certificate. The latter is materialized by a green padlock next to the site URL.

This certificate guarantees the confidentiality and integrity of the data sent by the user and received by the server. Just as the spread of malware (Malware) will be curbed, allowing this to happen . It is therefore in everyone’s interest to contribute to the development of HTTPS

But how do you know which certificate to choose ? SSL certificates are proof of identity for a website. There are different types that stand out for the extent of their identification:

  1. Domain Validation (DV): it is the standard certificate and (most often) the cheapest. These certificates allow basic encryption. They are delivered very quickly and require simple verification for ownership of the domain.
  2. Validation Company (OV): These certificates include the authentication of the company and / or the organization owning the domain.
  3. Validation Extent (EV): With this type of validation, the certification authority performs an in-depth examination of your company before issuing the certificate. This offers the highest level of security.

Be better referenced and positioned by the Google algorithm

For Google, HTTPS is a criterion in its website referencing algorithm. According to SEMrush’s annual study “Rankings factors 2017”, HTTPS is in 7th place of the referencing criteria, given the density or presence of the keywords sought in the body of the article.

After analyzing 600,000 queries and the results of TOP 100, the study findings revealed that Google’s first positions were more often occupied by HTTPS sites. HTTPS therefore has a real interest in your SEO strategy

Going through WordPress in HTTPS is not essential but remains strongly advised. Thanks to the SSL certificate, you will convey a reassuring image to your visitors and Google will thank you by slightly improving your positioning.

Leave a Reply

Your email address will not be published. Required fields are marked *