Table of Contents

Table of Contents

Introduction 

HTTP stands for Hypertext Transfer Protocol, but when it comes to securing your WordPress website, HTTPS (Hypertext Transfer Protocol Secure) is the preferred choice. Unlike HTTP, which transmits data unencrypted and leaves your site vulnerable, HTTPS ensures a secure, encrypted connection.

Encryption transforms data into codes that are not easily understood by humans. HTTPS uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) to establish a secure connection between your browser and the server. Here’s how it works:

  1. Handshake: The browser requests a secure connection, and the server responds with a certificate containing its public key.
  2. Certificate Verification: The browser verifies the certificate’s authenticity.
  3. Shared Key Creation: Both parties use the certificate to create a shared secret key, which encrypts all data exchanged during the session.

This encryption process ensures that data remains private, the server is authenticated, and information is not tampered with during transfer. Since 2014, Google has used HTTPS as a ranking factor, highlighting its importance for SEO.

HTTPS not only provides a security layer by encrypting HTTP traffic but also significantly reduces the risk of data breaches and hacking attempts. To enable HTTPS, you need an SSL/TLS certificate, which verifies your website’s identity and establishes a secure link between the server and the browser.

Switching to HTTPS enhances both your site’s security and its SEO performance, making it a critical step for any WordPress site.

Steps of moving a website from HTTP to HTTPS

Whenever you are trying something new on the website then for security purposes it is better to take the back up of the content. If something goes wrong then you have the second copy which can save you.

1.Use SSL Certificate

Buy  a SSL certificate from your web host. Generally the host gives the option to the website owner to convert their HTTP website into HTTPS. The name of the option given in cPanel is Let’s Encrypt. which don’t have this option then, they can use Certbot. You just select the web server and operating system.

2. Edit Wp-Config File

Open your site’s wp-config.php in the root folder and add the following lines.

define(‘FORCE_SSL_ADMIN’, true);

When you update the file then open the wordpress dashboard to check everything is going well.

3. Install and configure the Really Simple SSL plugin

To fix issues with your SSL certificate, ensure all content on your WordPress site uses HTTPS instead of HTTP. Google shows the “connection is private BUT” warning if your site still includes images or media linked with HTTP. Update these links to HTTPS.

You don’t have to do this manually. Install and activate the “Really Simple SSL” plugin. After activation, you’ll see a popup. Click “Go ahead, activate SSL!” You might be signed out of your dashboard due to the URL change, but simply sign in again with your usual credentials.

To confirm all SSL settings are updated, go to `Settings >> SSL`. You should see green check marks indicating everything is properly configured.

4. Mixed Content

If you see mixed content warnings, it means some internal links still use HTTP instead of HTTPS. To fix this, find and update all internal links to use HTTPS. You can install the “Better Search Replace” plugin to help with this.

  1. Install and activate the “Better Search Replace” plugin:
    • Go to your WordPress dashboard.
    • Navigate to Plugins >> Add New.
    • Search for “Better Search Replace”.
    • Install and activate the plugin.
  2. Replace HTTP links with HTTPS:
    • Go to Tools >> Better Search Replace.
    • In the “Search for” field, enter http://yourdomain.com.
    • In the “Replace with” field, enter https://yourdomain.com.
    • Select the tables where you want to perform the replacement (usually all tables).
    • Run the search and replace process.

This will update all internal links to HTTPS and help resolve mixed content warnings.

5. For Apache Server Using .htaccess

In Ubuntu, the .htaccess file is typically located in the root directory of your WordPress installation. Find your .htaccess file and add the following code to your .htaccess file.


 
RewriteEngine On 
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

6. If you are on nginx servers add redirect from HTTP to HTTPS in your configuration

To redirect from HTTP to HTTPS in Nginx, you can add a few lines to your site configuration file in nginx. The exact location of this file can vary depending on your Nginx setup and how it was installed. Here are the typical locations:

  • /etc/nginx/nginx.conf
  • /etc/nginx/site-available/yourdomain.com.conf

Add the following code to your Nginx configuration


    server {

     listen 80;

     server_name example.com www.example.com;

     return 301 https://example.com$request_uri;

     }

Replace example.com with your domain name. And test the configuration to ensure there are no syntax errors.

 sudo nginx -t

If the syntax is fine, restart the Nginx service using the following commands:

 sudo systemctl reload nginx

7. you can easily installing and activating the ‘Better Search and Replace’ plugin

Using the Better Search Replace Plugin:

  1. Install and activate the “Better Search Replace” plugin:
    • Go to your WordPress dashboard.
    • Navigate to Plugins >> Add New.
    • Search for “Better Search Replace”.
    • Install and activate the plugin.
  2. Update URLs from HTTP to HTTPS:
    • Go to Tools >> Better Search Replace.
    • In the “Search for” field, enter http://example.com.
    • In the “Replace with” field, enter https://example.com.
    • Select the tables where you want to perform the replacement (usually all tables).
    • Run the search and replace process.

This will help ensure all your internal links use HTTPS, and the redirects will ensure users are always directed to the secure version of your site.

TRENDING OFFER

add-image

Trending Posts