Migrating a Simple WordPress Website from HTTP to HTTPS

When Google confirmed https as ranking factor back in August 2014, many digital marketers added ‘migrate website to https’ to their SEO task list.

Over the past 12 months, a number of content websites have purchased an SSL certificate and configured their secure site padlock, but the true impact of migrating from http to https is yet to be fully realised.

Setting up SSL

Regardless, if you’re writing blog content and tweaking meta titles, chances are you’re looking for some quick wins to bolster your search engine visibility. Alas, as with many technical SEO duties, there’s no such thing as a five minute job – even with super easy content managed WordPress websites.

There are many considerations which ultimately determine the smooth transition from http to https, so before you begin your SSL quest make sure you have the following at your disposal:

  • Full access to domain registrar
  • Full administrator access to WordPress
  • Full access to domain email provider
  • Access to web server / FTP
  • A unique IP address
  • Access to Webmaster Tools (now called Google Search Console)
  • Ability to purchase an SSL certificate

A quick heads up: if you are looking to setup and configure https last thing on a Friday, I would suggest waiting until next week – give yourself a day and start in the morning. There are quite a few variables which can impact the procedure.

Note: this guide is aimed at simple WordPress websites and assumes WHM and cPanel dashboard. It’s not designed for complex e-commerce website migrations, but the same principles apply!

Step 1: purchase your SSL certificate

You can purchase SSL certificates in a variety of shapes and sizes, so be sure to cut through the marketing jargon and find something simple. After all, the majority of WordPress websites are not transactional by nature, so the required level of added security is minimal. Namecheap provide SSL certificates from as little as £7 per annum!

Once you have purchased your certificate, a management dashboard will be available to commence the installation process.

Step 2: configure your hosting dashboard (eg. cPanel)

When it comes to SSL certificate installation, cPanel is nice and easy to use. Simply navigate to SSL/TLS Manager and select Generate, view, or delete SSL certificate signing requests (CSR).

If you can’t see this option, your hosting provider has disabled it. You will need to contact your host and request a CSR.

Here you can generate a CSR code which is needed by your SSL certificate provider. Fill in the appropriate fields (don’t worry about the non-required fields) and generate your CSR code. Note: if you intend to use www with your domain name, you need to specify this here.

Once you have the CSR code, head on over to your SSL certificate provider and copy & paste the snippet into the appropriate field. Some providers ask for a server type – you can choose cPanel if generating from cPanel. If you are unsure, check with your hosting provider. Once the CSR has been confirmed, you will need to validate domain ownership.

Step 3: validate domain ownership

The fiddly parts of migrating from http to https is the administration. First you must prove ownership of the domain name you are attempting to validate, which is a simple verification email. Depending on your SSL certificate provider, you will have a few choices for validation using typical admin email accounts such as [email protected] or [email protected]

Make sure the email account you intend to use is fully operational. If you don’t have an appropriate email account, simply create a new mailbox or forwarder and be sure to select this option when validating your domain. The chosen email address will receive an email, which contains a verification link. Click the link and approve the SSL certificate, making sure the details are correct.

Once verified, you will receive an email containing your SSL certificate in the form of a CSR code.

Step 4: install your SSL certificate (CRT)

Now that you have verified domain ownership and received your CRT code, head on over to cPanel and navigate to Generate, view, upload, or delete SSL certificates (CRT).

In typical fashion, cPanel gives you multiple options to upload a CRT. I would suggest simply pasting the CRT code from your email into the available field, and clicking ‘Save Certificate’.

Once the CRT certificate is uploaded and saved, stay within cPanel and navigate back to Install and Manage SSL for your site (HTTPS). Here you can select the domain name to install the certificate. If you have a unique IP address for your website, simply select the domain from the dropdown menu. The blank fields will auto-complete, after which you can hit ‘install certificate’.

If you don’t have a unique IP address, you will need to request one from your hosting provider. SSL certificates require a unique IP to validate, so without this you cannot proceed!

WHM has a built-in tool for changing the IP address of websites, but you’ll need to have them activated first by your hosting provider. Once configured, remember to update the DNS of your domain name to reflect your new IP address.

Step 5: update your WordPress website URL

WordPress is great. Simply navigate to settings > general and update your old http address to your new https address. Hit ‘save changes’ and login to your website again.

SSL is now technically configured, but users who visit your old http will not see the fruits of your labour. You now have to force all http requests to https, which requires the following code to be pasted at the top of your .htaccess file:

# https redirects
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/wp-admin
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]

I would recommend using the Yoast SEO plugin to do this, otherwise you’ll need to access the website via FTP and edit the .htaccess file manually. Make sure you copy and paste in plain text to avoid errors.

Step 6: tidy up internal links

You’re almost at the finish line. To ensure your website loads all of your assets over https, you will need to check your website for any old internal links. Simply go through your pages and posts, and update the links from old to new.

Make sure that your WordPress theme is loading all theme assets and images correctly, which can be tested easily by simply visiting your webpage in Google Chrome or Firefox and waiting for the green padlock to appear. If it doesn’t appear, then check your console for a list of assets that are not loading correctly.

This is a painfully manual task which can probably be achieved using scripts, but if you’re working solo and you don’t have tech support then manual updates is a necessary evil.

Step 7: submit your new web address to Google

To ensure search engines are aware of your hard work, don’t forget to add the website as a new site in Google Webmaster Tools and Bing Webmaster Tools. You’ll need to submit a new sitemap as per any other website.

Note: you cannot submit a ‘change of address’ in Webmaster Tools for an http to https migration. The website is not treated as a new address, so you will need to have both domains in your WMT dashboard.

So there you have it: how to migrate a simple WordPress website from http to https. Definitely not a quick job, and arguably not worth the effort if your resources are limited, but the benefits to both users and search engines cannot be overlooked. In fact, recent reports suggest that the weight of https as a ranking factor is going to become more valuable.

What we know for sure is that trust dictates online behaviour, and any steps to bolster your authority is taking your digital presence in the right direction.

Posted by Kath Sellwood on 25 Aug 2015