Using WordPress: Migrating from HTTP to HTTPS for a more secure site

Migrating from HTTP to HTTPS has historically been viewed as tedious, but it looks like it just got a bit easier with a potential one-click interaction 

WordPress just made the switch from HTTP to HTTPS less windy for site users everywhere. Why even migrate in the first place? Well, for one, site security.

Besides understanding how the HTTP/HTTPS disconnect came to be, we’ll also consider the following:

  • Benefits of having an HTTPS website, including security;

  • Common challenges that might be faced when migrating; and

  • How to easily migrate from HTTP to HTTPS.

The sudden need for HTTPS sites instead of HTTP

The need isn’t really “sudden” like some site-users might think. Remember that in 2018, Google told webmasters that if you have a non-HTTPS website, you risk losing traffic. A horrible pop-up notification that reads that your connection is not private displayed before Chrome users get to your website.

What made this pop-up notification worse is that the message included a smaller, more detailed message that essentially cornered users into believing that attackers were trying to steal their information such as passwords, messages, and even credit card information. If that isn’t jarring in the least for site-users, we don’t know what is.

Then in the summer of 2014, Google announced that they would be showing a preference for HTTPS sites in search results. Wait, what? Is HTTP that bad?

In Google’s defense, though, sites were encouraged to go to HTTPS in 2010 (we can’t ignore the fact that this was advised over a decade ago). However, the change apparently wasn’t as popular as Google expected it to be and, as a result, didn’t happen quick enough, if at all.

HTTP vs. HTTPS; what’s the difference? HTTP sites have been around for quite some time anyway

It’s true that HTTP sites have adorned the interwebs for a while now. But there is a key difference between HTTP and HTTPS.

SSL provides a secure channel between two machines or devices operating over the internet or an internal network. One common example is when SSL is used to secure internet communication which turns a website’s address from HTTP to HTTPS, the ‘S’ standing for ‘secure’.

Implementing SSL secures any data transmitted between server and browser during a users session interacting with your site. This is a key component in the realms of data protection and especially the new GDPR legislation surrounding protecting personal data.

 If you’re interested in why all sites now require SSL (https), read the publication here.

Benefits of having an HTTPS website, including security 

Search Engine Journal published an article that highlights these differences. One of the main benefits of HTTPS is that it adds security and trust. It protects users against man-in-the-middle (MitM) attacks that can be launched from compromised or insecure networks. Hackers can use such techniques to steal your customer’s sensitive information.

    • HTTPS verifies your website is the one the server it is supposed to be connecting to.

    • HTTPS uses its superpower shield to prevent tampering by 3rd parties.

    • HTTPS encrypts all your communications to protect your users browsing history, passwords, credit/debit card numbers, etc.

    • As mentioned earlier in this article, Google has confirmed they are giving a little ranking boost to HTTPS sites. This is not a magical potion for seeing a spike in rankings. But, it could weigh more down the road.

    • When traffic comes through your HTTPS site, your referral traffic data is saved. This means you can determine where your traffic is coming from.

There is another important advantage in switching to HTTPS. No serious modern business can afford to overlook mobile technology. Making sure that your site is mobile-friendly by considering such factors as page loading speed, is as crucial to success in the modern marketplace as employing the latest in SEO strategy.

Common challenges that might be faced when migrating and how to address them 

In the past, one of the major pain points for organizations moving to SSL was the cost of the certificate, but Let’s Encrypt stepped in to issue free certificates for anyone who requested them, which helped push the progress of those looking to make the jump to HTTPS.

There’s no doubt that migrating to HTTPS has gotten much easier over the past couple years, but there are still issues and concerns that should be considered when making the move. This is especially true if you don’t have the resources or support to move your site from HTTP to HTTPS.

Let’s take a look at some of the challenges that come with making the transition.

When you have mixed content issues after a migration. 

A user is visiting an HTTPS page which features an image, a script, or any other kind of content that is being retrieved through HTTP. Initially, the page was supposed to be secure, but any unencrypted resource present on it serves as an open door for sniffers and man-in-the-middle attackers. That’s what mixed content is. Apart from causing an unattractive warning in a browser, it can actually render the protection worthless. THE SOLUTION: revise all the internal links and all the assets your website relies on, and make sure they are only referencing HTTPS.

While changing the Site Address and WordPress Address to use HTTPS is trivial, updating references to the old URLs in existing content is not.

When it comes to rankings, Google will work out the changes, but you’ll inevitably hit some ranking turbulence. There’s no cure to that, but things should get back to normal shortly if everything’s done right. You would need to be able to check the impact carefully and make sure it was just a short-term fluctuation. THE SOLUTION: Have some pre-migration history at hand. While planning a switch, make sure to check the rankings daily for around a week to get a comprehensive picture of where your website normally stands.

In WordPress 5.6, there is no clear guidance in the Site Health screen about how to migrate to HTTPS, even though it shows as an issue.

The user would need to learn more about how to update it manually, starting with changing the site URLs. THE SOLUTION: In WordPress 5.7, if HTTPS is supported, the Site Health Status screen will notify users and guide them with a new button that updates the site with a single click.

Read the ultimate stress-free guide for HTTP to HTTPS migration here.

How to easily migrate from HTTP to HTTPS

Prior to migration, you have to back up your website via your hosting provider’s backup functionality. It’s important to have a backup so that you can restore your website in case something goes wrong. 

You’ll also need to download the files from your backup to perform search and replace operation on your computer.

  1. Search & Replace in Files – To begin, search for instances of your domain pointing to HTTP URLs of your site and replace all your domain links with its HTTPS equivalent. TIP: Never bulk replace! If you bulk replace without checking whether the external domain supports HTTPS connection, you may get broken resources or image issues on your website and it will throw an error when loading the external resource.

  1. Search & Replace in the Database. Similar process as above. Read a more detailed description of the database changes (and the other processes) here.

  1. Implement Redirects.

  1. Update CDN – If you use a CDN, there should be a URL setting similar to Google Analytics where you can update your website to an HTTPS version. The migration for each CDN is different and you need to check your CDN provider documents or contact support for details how to do that.

  1. Change URL in Google Analytics – You need to change in Google Analytics “Website’s URL” settings in Admin > Property > Property Settings and Admin > View > View Settings. 

  1. Resubmit Website in Search Console – Since Google treats http://www.example.com and https://www.example.com as different websites, you have to resubmit your website’s HTTPS version to Google Search Console and claim ownership to this property.

In a nutshell: Don’t get fancy with your HTTPS site migration. Advice from Google: Keep it simple and consistent, and use 301 redirects. Still, though, the process could be intimidating especially if you’ve never done something like this before. 

Be sure to review this guide to moving a wordpress website from HTTP to HTTPS. 

If you’re still feeling anxious, reach out to a WordPress expert! We happen to do unlimited WordPress changes so we take the migraine out of migra-tion and make sure your site is secure, whole, and functional.

Share this post