How To Change HTTP To HTTPS In WordPress For A Secure Blog

This post contains affiliate links. Which means I will make a commission at no extra cost to you should you click through and make a purchase. Read the full disclosure here.

Did you know? That any website that doesn’t use HTTPS is extremely likely to show a security warning in your browser.

You may have even come across it before while browsing websites. But never knew why your browser has decided to give you a warning about particular sites. Even though the website was legit and looked professional.

Well, this is one of the major reasons you need to switch from HTTP to HTTPS in WordPress. After all, you wouldn’t want your visitors to see any kind of security warnings on your blog, right? It would just look bad and might even scare them off to another website instead.

Especially, when you imagine that 84.2% of pages loaded in Chrome were over HTTPS in May 2019. Compared to only 40% back in April 2015. Meaning more and more users expect to browse an HTTPS website. And they are becoming increasingly more common. If your blog doesn’t have HTTPS it’s going to stick out in a negative way.

So, don’t make this serious mistake with your WordPress blog. And let’s get your blog moved from HTTP to HTTPS in WordPress. Which is what this guide will show you how to tackle step-by-step. Because let me be honest. Sometimes things are a little bit technical.

But you’ll see for yourself that the results and long term benefits are worth the time taken to follow this guide. Before we get started with this WordPress guide though. Let’s look at what HTTP and HTTPS actually are.

What Is HTTPS & What Is The Difference Between HTTP & HTTPS

HTTPS and HTTP are methods used to transfer data over the internet. I won’t bore you with the technical mumbo-jumbo though. Instead, think about the kind of information you input into websites. As this is the kind of information that HTTPS and HTTP deal with.

What’s the main differences between HTTPS and HTTP though? Well, most importantly HTTPS encrypts all the data it transfers. So that even if the information being transferred is intercepted by hackers or other sources. It cannot be read or used. 

This means significant improvements to the security of any passwords, usernames or other information you input into websites.

HTTPS Benefits

HTTPS sounds good, right? But just in case you’re still not convinced of the benefit of switching your blog from HTTP to HTTPS in WordPress. Let’s cover the benefits in more detail.

SEO Benefits To Boost Your Rankings

HTTPS is known to give SEO (Search Engine Optimization) benefits to websites. That can help get your WordPress blog ranked higher in search results. As Google has been using it as a ranking factor since 2014.

Whilst initially the impact might have been small when first introduced. Google has been keen to get as many websites onto HTTPS as possible. It is difficult to say for sure just how much of an impact HTTPS can have on your SEO. But many websites have claimed to see a boost when switching over.

In fact, HTTPS could have a stronger relation to a website’s ranking position. As for example, a study by Matthew Barby. Found that the URLs they examined which ranked at either #1, #2 or #3. Approximately, 33% of them were using HTTPS.

SEO ranking is just one of the benefits of using HTTPS. If you also look at the further points below. Then it should be clear that switching from HTTP to HTTPS in WordPress is a no-brainer.

HTTPS Has Access To Faster Speeds

In addition to improving SEO. HTTPS is also capable of using new technologies that can boost the speed of your blog. Such as the HTTP/2 method. So if you want to make use of the HTTP/2 support your website hosting offers. Then you must switch over to HTTPS first.

Better Security

As already mentioned HTTPS is more secure. As all data is transferred in an encrypted format. Meaning information like the below can be kept safer:

• Usernames
• Passwords
• Credit card details
• Addresses

This benefit is especially crucial for eCommerce websites. Or any website with an online store. It doesn’t just benefit online stores though. Any website or blog that handles data can also benefit from this feature.

Think of it this way. HTTPS can also improve the security for you to log into your WordPress blog. As every time you enter your username and password to login on HTTP, this is sent to the server as plain text. And could be read by anyone who decides to intercept it. Compromising your blog security and making it vulnerable to hacks.

Creates A Positive & Trustworthy Impression

Here’s another benefit to changing from HTTP to HTTPS in WordPress. By using HTTPS you prevent any security warnings from appearing to your visitors. Making your blog look more professional, trustworthy and secure.

Not to mention that it shows that you care about the security of your blog and your readers. Which I guarantee means a lot to you whenever you are browsing the web, right?

If you don’t use HTTPS then you risk your visitors seeing warnings like the below. As browsers, including Chrome and Firefox. Are increasingly making users aware of when HTTPS is not being used.

Improved Accuracy Of Analytics & Reporting

As a blogger, Google Analytics and the reports you can get from affiliate marketing are a gold mine. But did you know? If you are using HTTP instead of HTTPS. Your analytics and reporting might not be as accurate.

For example, if your audience browses from someone else’s HTTPS website to your HTTP blog. Then you won’t get any information about where those visitors came from. In fact, Google Analytics will just list them as Direct traffic. Meaning it could have come from anywhere.

Which is much less helpful than knowing that the traffic came from Pinterest. Or someone on another blog that is linking to you.

The same can also be true for affiliate marketing in its own way. Why? Well, I recently discovered that my ShareASale reports were missing important information. As they weren’t showing the page URL my commissions were coming from.

In the end, it turned out that some of my affiliate links were pointing to the HTTP version of the sales page. So the information was being lost. Now that I’ve changed it though. I can see exactly which blog posts are converting to actual sales!

What Do You Need To Setup HTTP To HTTPS?

Okay, so what exactly do you need to make the switch from HTTP to HTTPS in WordPress? Well, there are a few things you must have before you start.

SSL Certificate – This creates a certificate for your website from an authorized provider. It is what browsers look for when they verify whether your blog is secure or not. I’ll talk a bit more about how to get one real soon. Promise!

Time – Because this is something you don’t want to be rushing and trying to do last minute. So plan ahead!

Social Shares Recovery – When you switch from HTTP to HTTPS you will lose any social share counts. Because the URL of your blog will have changed. That little extra ‘S’ makes a big difference surprisingly.

So you’ll want most likely a social media plugin that can restore your shares for you. You can find features like this in plugins like Easy Social Share Buttons, Shareaholic and others. If your blog is brand new and you don’t have many shares. I wouldn’t worry about this too much though.

A Complete Blog Backup – Since we are dealing with a lot of variables with this guide. Backing up your blog is super important. You may even want to take multiple backups as you go along.

One of the following: Last but most importantly you’ll want to have either:

• The Really Simple SSL Plugin
• Or access to your blog’s FTP and the .htaccess file.
• Or the third option is access to the cpanel through your blog hosting.

How To Get An SSL Certificate

Getting an SSL certificate sounds like it could be expensive. And it was for a while as it ended up being yet another expense for a new website. Luckily these days thanks to the free SSL certificates provided by Let’s Encrypt. Most web hosting packages that support WordPress also come with a free SSL certificate. Such as:

• Bluehost
• Siteground
• WPEngine
• Kinsta
• And more.

Check with your web hosting if they provide a free SSL certificate or support Let’s Encrypt. If in doubt, ask your web hosting support to check for you. Because if they don’t I would strongly consider making the switch to a different hosting company. As it’s a really big hindrance as a new blogger. Since you’ll likely have to discuss with them getting a custom SSL certificate which will cost extra.

Installing The SSL Certificate To WordPress

Because SSL certificates are included in many hosting packages. You’ll also often find that it only requires a few clicks to install.

For example, on Bluehost, all you need to do is log in to your Bluehost dashboard (Or CPanel as some like to call it).

Then navigate to the Advanced section on the right sidebar. From there you can scroll down until you find SSL/TLS. Click this and then on the next screen click the Manage SSL sites at the bottom.

Here you should be able to request a free SSL install. This can take a few hours to action. (Bluehost is currently revamping their dashboard. So things might not be where they should be.)

For other hosts check their user guides to see full instructions. But they should all be very similar. Finding the right SSL section is usually the hard part.

Before moving on to the next steps you’ll want to wait a few hours. Then go to your blog and check that your SSL certificate is working. You must check that the SSL certificate has installed correctly. Otherwise, you could lock yourself out of WordPress.

To check it is working you can go to the HTTPS version of your blog. All you need to do is use https:// before writing your full domain name. Such as https://www.individualobligation.com for example.

If your SSL is working then there should be a green padlock in Firefox next to your blog URL. Or a little grey padlock if you are using Google Chrome. If you click on these padlocks it should look something like the below:

How To Redirect HTTP To HTTPS In WordPress Using Your New SSL Certificate

Right, so now that you have your SSL certificate setup. The next step is to ensure that anyone who browses to your blog. Always gets the HTTPS version. Even if they try to navigate to the old HTTP version of your blog. (It can happen.)

1. Really Simple SSL

This first solution is the simplest and quickest to use. However, it should be considered a temporary solution as plugins can break. As well as introduce another potential layer for security issues. Which is the complete opposite you should be aiming for when setting up your blog to go from HTTP to HTTPS in WordPress.

The Really Simple SSL plugin can also be useful for troubleshooting mixed content issues. (Issues with images and other content within a page that is still using an HTTP URL.) But I’ll cover more on this later.

So to begin with, all you need to do is log in to your WordPress dashboard. Then go to Plugins > Add New and search for the Really Simple SSL plugin.

Install and activate it. Once it is done click on Go ahead, activate SSL!

If you want to see more settings for this plugin then you can go to Settings > SSL. The main thing you want to look for on this page is that the ‘SSL is enabled on your site‘ has a green tick next to it. Like this:

Other than this. There isn’t much to change settings wise. As everything should work out of the box.

The Benefits Of Using Really Simple SSL For Setting Up HTTPS

Overall, this plugin will help to fix any mixed content issues if you have images or other content that loads using an HTTP URL. It will also set up for you any redirects you might need. So your visitors always land on the HTTPS version of your blog.

However, keep in mind that there is a slight performance loss for using this method. As the plugin will try to make fixes to your URLs during the page load. This means your pages might take slightly longer to load.

Also as I mentioned before, your SSL will rely on this plugin. So if it breaks or becomes vulnerable this could cause you a big headache further down the line.

2. Htaccess File

If you want a long term solution for finalizing the setup on HTTPS for your blog. Then this is the recommended method. As it removes the reliance of plugins and can help squeeze more performance out of your blog.

It can be a little scary since you need to edit a file with some code. But it should be a simple copy and paste with the below instructions.

If you do struggle with this method though. Then you can always request your host to do it for you through their support.

Okay, so where do we start? Well, let’s start with doing another backup on your blog. So that any progress made so far isn’t lost.

Then we’ll need to change the default settings in the WordPress dashboard under Settings > General. Here set WordPress to use the new HTTPS URL in both boxes like the below. Then click Save Changes once done.

Next, you’ll need access to your FTP. You should have got these details from your hosting provider when you signed up. It was most likely in the form of an email. You can use these details to create a login in FTP software like FileZilla.

Once set up and logged in. You’ll then need to browse to the public_html folder for your blog and look for the .htaccess file.

Download and open this file to your computer. (You may need to open it with Notepad.)

Then paste in the following code into the beginning of the file:

# Redirect all visitors from HTTP to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Once done, save the file. You’ll then want to drag and drop the updated file into the same FTP folder you downloaded from. So that the new version can be uploaded.

How To Check Your HTTP To HTTPS Redirects Are Working

Your blog should now be using the SSL certificate we set up earlier. And if you browse to the http:// version of your blog. It should automatically redirect you from HTTP to HTTPS in WordPress.

You can check this yourself by typing the HTTP URL into your browser. And then checking what the URL looks like once the page fully loads. (It should always result in HTTPS.)

You can also use this tool from Varvy.com. For a better look at how your blog is now redirecting to HTTPS. Typically all options should show as having only 1 redirect except for 1 of the HTTPS boxes. Depending on whether you have your blog URL set to www. or without it.

Other Places To Update Your Blog URL To HTTPS

If everything checks out as working okay, then you are done with setting up your blog. You may, however, want to go and update your blog URL in several places outside of your blog. Depending on what you have set up already for your blog.

In an ideal situation, on a brand new blog. You would setup up HTTPS before launching. But in case you are moving over at a later stage. Here are some suggestions you should check and update to use the HTTPS version of your blog:

• Google Search Console + Sitemaps.xml
• Google Analytics
• Bing + Other search engine Sitemaps
• External scripts or code you might have added to your blog
• CDN (Most will update automatically after clearing your cache.)
• Social media profiles like Pinterest, Facebook, Twitter, etc.

In fact, in many cases, the HTTPS version of your blog is considered separate to the HTTP version. Including for tools like the Google Search Console. Which is why it is important to point as many people to the HTTPS version of your website whenever possible. As the redirect we set up, should be a last resort.

What To Do If You Are Getting The Mixed Content Error Message In The Browser?

Sometimes depending on your blog’s content. You might find that installing SSL. And redirecting your URLs to HTTPS isn’t enough to get your blog 100% secure in your browser’s eyes. If you see a message related to mixed content or parts of this page are not secure. Then you’ll need to take some extra steps to change these hardcoded URLs to HTTPS.

To begin with, make a backup of your blog. After all, you wouldn’t want to lose all the hard work you put in recently. Then install the Really Simple SSL plugin. As this will fix the problem in the short term. While you troubleshoot the issue either through a staging site version of your blog. Or hiring a developer.

How To Use Better Search Replace To Fix Mixed Content Issues

Then I would suggest using a search and replace to change all HTTP variations of your blog URL to HTTPs. One of the easiest ways to do this. Is to use a plugin called Better Search Replace.

Once installed. Go to the Tools > Better Search Replace menu within your WordPress dashboard. Add your old URL (HTTP version) into the Search for box. Then add the new HTTPS version into the Replace with box.

Select all your WordPress tables then untick Run as dry run if you want to make the changes now. Or leave it ticked if you want to see all the results before any changes are made.

For example, I would use this plugin to change all references of http://individualobligation.com to https://individualobligation.com

This would help update any URLs for images, scripts and so forth. Which should remove the mixed content error message.

When you are ready to make the changes click Run Search/Replace. Repeat the process for both www. and non-www. versions of your URL.

If you still have issues after this. Then you’ll need to review any external scripts, WordPress plugins or themes. As some of these might be outdated. Anything like this, that is still using HTTP should be replaced as a priority.

Recap For How To Change HTTP To HTTPS In WordPress

Overall, switching over your blog from HTTP to HTTPS can take a bit of effort to set up. But it is perfectly practical if you follow this guide and make sure to take your time.

This setup can be a little lengthy. So you should do it when you are sure you have some free time to work through it.

As a reminder. Get yourself backed up before starting this project. And repeat this at regular intervals throughout the process. You should even consider using a free staging site if your hosting package provides one. As it is much safer to practice on if you are not 100% confident with these types of tasks.

If you do find yourself stuck. Then your web hosting should have free support included in the package they gave you. So always try to reach out to them first, since they can see and make changes to your blog set up for you.

They might not be the fastest way to get a response but sometimes things need a little patience. But don’t be afraid to contact them for an update if you haven’t had any updates from them within a day or so.

Remember! Whilst this might get a little frustrating to sort out. The sooner you get it done. The faster you can see the security, SEO, trust, and speed benefits for your blog! In fact, the sooner you do it the fewer problems and conflicts you are likely to come across. So I’d definitely prioritize doing this before you launch your blog if possible.

How has changing your blog from HTTP to HTTPS in WordPress been for you? Did you have any problems along the way?

If you found this blog post useful then please consider taking a few seconds to share it to your favorite social media platform!