Converting to HTTPS/SSL is one of the scariest tasks out there.
It feels like SUCH a big project with a billion little details. Feels like you need to hire a programmer or server expert or someone to make all the edits on your website, webserver, and Google accounts.
Here are some simple steps to manually set up HTTPS and HTTPS redirects instead of using plugins (further slowing down your site). This will give you the proper URLs and fast speeds.
STEP 1 – Install SSL certificate
Either you do this on your own from cPanel or your webhosting panel. (It’s also possible to get free shared SSL from CloudFlare. But you should still be doing it the proper way, which is from your webserver/webhost.)
- Can’t do it yourself? Ask your webhost, or programmer or server guy to do it.
- SSL’s are free now! – thanks to LetsEncrypt. Don’t let anyone fool you into thinking you need to pay for it! (Yes, it’s true that not all SSL certificates are the same and that some big stores may prefer the fancier kind that shows your brand name in the address URL. Most sites don’t need this.)
STEP 2 – Change WordPress URL to HTTPS
Go to your WordPress settings and change the website address and site address to HTTPS. If you can’t get in there for whatever reason, you can edit wp-config.php.
STEP 3 – Update your database URL’s
This is the part where most people either get lazy or don’t know how to do it. They’ll use a plugin like some “Really Simple SSL” that forces HTTPS or enable the feature from their security plugin. I HATE THIS…don’t install another plugin just for this basic function!
The best way is to do it manually from your database so that all your asset URL’s and internal links use native HTTPS instead of wasting server resources to reload the links in HTTPS.
How to update your database URL’s manually:
- Install Better Search Replace (by Delicious Brains)
- Back up your database if you’ve never done this before.
- Enter “http:” in the top field and “https:” in the bottom field. Please write it exactly as I say…otherwise, if you put only “http” and not “https:”, you risk jacking up all the entries that already have “https”.
- Select all tables.
Honestly, editing database URL’s manually is very easy to do but also very easy to completely screw up your site if you don’t know what you’re doing. Please be careful and make backups.
STEP 4 – Update Google Search Console
Update your website settings in Google Search Console and also Google Analytics to use your new HTTPS address!
STEP 5 – Apply HTTPS redirect in your htaccess file
This is the last step. Put whichever code fits the address you want your users to redirect to….HTTPS with or without WWW? Then relax and you are done!!! WOOHOO! (Don’t have htaccess or you’re not on Apache/LiteSpeed? You probably don’t have to worry about this, but do ask your webhost.)
WITHOUT www (all visits go to “https://domain.com”):
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]WITH www (all visits go to “https://www.domain.com”):
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]STEP 6 – Resolve any problems (if needed)
Everything should be working. But just in case, here are a few diagnostic steps you can do if the HTTPS doesn’t show green of you don’t get that padlock.
- www.whynopadlock.com – this should be your first order of business. Check here and it will tell why you’re not getting a full HTTPS status.
- Google Chrome > Developer Tools > Security – another way is to right-click anywhere on the page, then click “Inspect”, then “Security” TAB. Then reload the page.
Most likely, you may still have some assets loading from HTTP instead of HTTPS. Use the search-replace tool again or go through all your theme/plugin settings.