In January of this year the amount of traffic passing through Firefox to HTTPS sites finally surpassed HTTP https://letsencrypt.org/stats/
However the canny of you will have clocked that doesn’t mean half the web is now HTTPS. Certainly the top sites, Facebook, Twitter, Youtube all have HTTP certs and have done for a while and the slow adoption by big news corporations e.g. The Guardian has pushed that traffic indicator over the edge but for many HTTP is still the preferred protocol. A lot of the blogs I follow still use HTTP.
I’ve recently migrated all my wordpress websites to HTTPS and it is very easy, so I thought I’d show you step by step how you can get setup.
Disclaimer! This tutorial is assuming you have a small/medium wordpress website. It’s not the process you should take if you’re migrating a larger site with more integrations. If you’re looking for detailed HTTPS migration advice get in touch.WordPress HTTPS Migration Step 1
Firstly you need to get the server setup to handle a HTTPS request, without a certificate your site will show a warning like this.
Tut tut Edmund.
So first of all you need to get a HTTPS cert. There are plenty of providers out there, most hosts also offer a HTTPS installation program but these are generally quite expensive around £50-100.
I use TSOhost for my hosting needs and I’m going to use them as an example – highly recommend worth checking them out. Use “willcecil” for 10% off!
Login to your Cpanel and under advanced settings you’ll see a sign saying let’s encrypt.
Click on it and follow the instructions to automatically issue and install a HTTPS cert. Warning these certificates only last 3 months, while most hosts auto renew it’s worth keeping a reminder in the diary in case it fails and you need to trouble shoot. Again this cert shouldn’t be used for large websites, but more personal sites.
WordPress HTTPS Migration Step 2
Now you have a certificate check to see whether you can access the site using https. You should have both a HTTP and HTTPS response for your site address. If this isn’t the case go back to step 1.
Step 3
Now before you go any further you need to make sure you’ve got a snapshot of all the content your “old” site has. After all part of the reason to do this is to reap the SEO benefits associated from going secure.
We need to do two things, crawl the site & download all the backlinks that point to your site.
We want to ensure when you switch to secure all your old links 301 redirect to your new site & that all your old URL’s direct to their HTTPS counterpart.
Crawling the site
Option 1 ) ScreamingFrog
ScreamingFrog is the SEO industry standard for web crawling. It’s one of the most affordable tools out there at £99 a year.
ScreamingFrog is very simple to install and download, we’re going to use it to crawl all content on our website, PDF, images, scripts we want to capture as much as possible before and after.Here are the settings we’re going to use, enter in your website address and let it run.
Update all issues pre migration
One thing to note, if you have 301,302 or 404 errors picked up on this crawl you’re going to want to go through and update all those links on your posts before continuing. It’s a good reason to do a spring clean.
Option 2 ) Custom Crawler
You can build a crawler yourself, I’m yet to write a post on creating your own web crawler but I will, until that time check out some of my repo’s they’re quite crawl based.
Alternatively get familiar with scrapy, realpython have done a really good blog post on how to set up a spider with mongodb.
Gathering backlinks
So the backlinks are still without a doubt the most important part of your SEO success so we need to treat these carefully. In order to do this you need to use a tool called aHrefs. It has a really good index of backlinks which we need to download in order to validate post migrating they’re redirected to their new destinations.
Sign up for an account, follow the simple set up procedure and download all your links
Step 4 – Moving WordPress To HTTPS
Please make a backup of your wp database, & htaccess and wp-config.php files before continuing.Now that you have all the data you need it’s time to start the migration procedure. Please ensure you have access to your sites FTP account as we’ll need to update two files on your server in order to complete this migration.
Update your wordpress installation & site URL’s
In settings > general update the two fields above so that the URL’s referenced are https.
Then we need to force login to be secure by updating the wp-config file.
define('FORCE_SSL_ADMIN', true);
should be set to true in your site’s wp-config.php file to force all logins and all admin sessions to happen over SSL.
Then to make the server handle all http requests and migrate them to https add this line to the top of your htaccess file.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Now when you visit your site via http you should be 301 redirect to your https site. However I can guarantee you won’t see a green padlock.
This is because your site will still be serving content via http, the main offenders being images.
Step 5 ) Update all internal content references to HTTPS
Install this plugin – better search replace it is going to allow you to update the raw data in your db.
We’re going to search your posts table in order to update all the links to images to https.
I recommend running as a dry run first to see how many updates will be made.
If you’re using a CDN to serve images or scripts you’ll need to make sure these are set to be served via secure. If you’re using someone like MAXCDN this normally occurs by default.
Step 6 ) Validate all your old URL’s & Backlinks now 301 redirect to your new HTTPS version
Combine all your target URL’s from your ahrefs backlinks file with your original http site crawl. Open up ScreamingFrog and change the mode to list.
Paste in your combined list of URL’s and press crawl.
You’re aiming to have all 301 & 200 response code URL’s as you may already have some links to HTTPS (It happens)
This is what success looks like
Step 7) Tell Google you’ve moved
Create a new search console profile for your https site.
Submit your new site for indexing and re-submit your sitemaps which should now have HTTPS URL’s. It will take around a week before you start seeing new data in your https profile
Summary
In order to move to HTTPS you need to validate your server to handle HTTPS requests, update your wordpress settings to use the HTTPs protocol and then migrate all old url’s to new url’s by re-writing the HTTP requests in htaccess.
Any questions or if you’d like some help get in touch.