Blogging Tips: Switching your site from http to https (How to guide)

What took me so long?

I am a bit late in switching my site from http to https but I finally got it done a couple days ago. Why did I wait so long? Well, any big changes to my site always makes me nervous. I was a mess when I switched from blogger to wordpress years ago.

Why switch to https? First of all, search engines prefer it and there is potential to boost search rankings. Not only does it help with keeping your site secure, it also can help with SEO. There is a lot of information about it out there which was why while I was getting my site GDPR Complaint (at least the best I could), I started working on switching to https about the same time. I put it off long enough. Besides, it didn’t make much sense to try to get my site compliant and not switch.

I host my blog with Dreamhost and I got a lot of my step by step instructions from Dreamhost help articles and some other information that I got elsewhere when searching on how to make this switch. I am not an expert, I am writing this post based off information I found and from my experience through this process. Regardless of who you host with, these steps are ones you will need to take to make the switch. Keep in mind, this guide is for a self hosted wordpress site.

Obtaining an SSL Certificate 

The first thing you need to do is to obtain or purchase an SSL Certificate and then install it on your site. A lot of hosting companies (not all of them) have been providing their users with a simple free certificate they can add to their sites because of Google pushing https. Dreamhost has one and that’s the one that I used. You should check to see if you hosting company provides this. For me, it was easy. All I had to do was add the free “Let’s Encrypt SSL” from my host admin dashboard.

Once you add an SSL, you will have to wait until it’s set up and ready. For my case, it was only about 20 minutes. I got my email from my hosting company that it was ready to go. Huge tip – make sure you wait to find out if your SSL was properly installed and you should backup your website (just in case) before you do anything else. Because this isn’t as simple as just obtaining and installing and SSL on your site. We’ve got some work to do.

*The following steps are steps that I took according to Dreamhost. There were some guides on other sites that listed some of these steps in a slightly different order.

Step 1: Update the WordPress Address and Site Address in WordPress

Log in to your wordpress admin dashboard. Naivigate to settings > general. In the URL boxes, add the ‘s’ to your urls changing them to https.

Then save your changes. At this point, wordpress should log you out. This might be a time where you might freak out a little. Like I did. Because of this change, you won’t be able to log back into your admin dashboard. Not until you complete the next step.

Step 2: Update your wp-config.php file

Now you need to log into your webserver via SSH or SFTP. You can use an FTP client you prefer to use but I used WebFTP from my host admin dashboard. Then you need to find and add a little code to your wp-config.php file.

define('FORCE_SSL', true);
define('FORCE_SSL_ADMIN',true);

Add the above two lines above the line that says: /* That’s all, stop editing! Happy blogging. */: However, mine just said /* stop editing*/:

Now that you have done that, you will be able to log into your wordpress admin dashboard again. This time when you do, your admin url addess will have the https version. At this point, you should probably see that your site also has the https version as well. You should see a little padlock on your browser next to the address on the browser too. But this most likely won’t last long.

Right now your site most likely has some mixed results. If the padlock goes away and you see an ! instead, that means you have mixed results even if your address is still displaying the https version. Other links may still be displaying the http version as well. This is because we have to redirect those http links to https.

Please note the following:

If you are hosting with Dreamhost and have Cloudflare enabled with your site, you will need to configure your Cloudflare SSL settings. When I completed this first step, I still couldn’t log into my wordpress admin dashboard at first and couldn’t figure out why.

I found out that I had to configure my Cloudflare SSL settings first. If you need to do this, log into your Cloudflare dash at https://dash.cloudflare.com/login. Click on your website that you have listed. You will then see some buttons at the top of the page. Click on the Crypto button and you will see your SSL listed. By default it’s set to “flexible” and you need to set it to “Full (strict)”. After I did that, I was able to log into my wordpress admin dashboard.

Step 3: Force the URL to redirect to HTTPS

There are two ways that you can do this. The first way was to use the WordPress HTTPS (SSL) plugin. I went this route first because it was the easiest way to go. Of course nothing can be that easy. For the most part, it did fix most of the url problems I was having but not all of them. The other way you can force the url redirect is by updating the rules in your site’s .htaccess file.

I really didn’t want to have to do this but this is really the best way to go. Especially when it comes to all those links that you previously shared via social media. For example, any posts that I shared via facebook or twitter weren’t being directed to https. When I clicked on a shared link that I had tweeted, I landed on an unsecured http version of my post. After I updated my .htaccess file, I didn’t have that problem anymore.

Updating .htaccess file

To update your .htaccess file, you have to be able to view and access your hidden files. Using an FTP client, make sure your hidden files are visible. I wasn’t able to find mine using the WebFTP in my host admin panel and I was suggested to use FileZilla. However, if you are using the Yoast SEO plugin, you can edit your .htaccess file from there. Yoast SEO > Tools > File editor. Since I wasn’t familiar with any other FTP clients, that’s the route I took. Anyway, copy the code below into your file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This should be added above where you see the # BEGIN WordPress line. Below is an example of what it should look like after you copy the above into it:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Because of the WordPress HTTPS plugin I used, I had some other coding above the # BEGIN WordPress line already. I just added the above code above everything in the file. Once I had that done, everything was working just fine. I didn’t have anymore issues and everything was coming back https! Woohoo! After all that, you can use the Better Search Replace plugin to find any internal urls from already existing images, posts and pages that may not be pointed to the secure https version.

Now you can breathe!

All the hard work is done. After all that, you can even check and test if everything works correctly by using SSL Test. If you go over there and enter your website url, they will test to see how well you implemented your SSL on your site. Not only will it give you an overall score, it will also list and details about potential problems so that you can fix them. 

Other things you want to do

Now that you are finished, there are a few other things you probably want to do. First you want to make sure your sitemap is updated. Usually this is done automatically. I use Google Webmaster Tools which does do it automatically but other plugins may not. You should also add your site to the webmaster tools you use. You want to add your https version of your site and also upload the new updated sitemap. If you use Google Analytics you should change your default url. It’s under Admin > property settings > default url. Change the default from http to https.

NOTE: You may see a slight dip in rankings at first because Google sees both versions of the url as two separate urls even with the redirects. But over a little bit of time, they will start to climb again and more than likely they will be better than they were before making the switch. I have been through this kind of thing before when I moved from blogger to wordpress. I don’t think the dip will be as drastic as it was then though – I hope. Regardless, I am excited to see how this works out!

UPDATE

It has now been two months since I made the switch. I was expecting a drop in my rankings and traffic. Only after a couple weeks of making the switch, I noticed a slight increase in traffic although my ranking didn’t budge at all. That’s better than dropping. I didn’t hold my breath though because at that time I had only been a couple weeks. Not knowing if it was a fluke or not, I just kept my eye on it.

I am very pleased to say that I never had a drop. Right after switching I have only seen a steady increase. My traffic has improved by over 5,000 visitors a month! That old http address was holding me back for sure! Just keep in mind though that all sites and blogs are different so you may receive different results in the beginning. It will make a huge difference regardless.

I hope this guide is helpful to anyone making the switch from http to https easier. Happy blogging!

Comments are closed.