Google recently announced that it has started using HTTPS as a ranking signal. HTTP, stands for hypertext transfer protocol. It is the protocol used to communicate between a Web server and browsers like Chrome® Firefox®, and Internet Explorer. HTTP lets visitors view a site and send information back to the Web server. However, HTTP is not secure, so anybody can look at the data being sent back and forth between the web server and the browser. HTTPS, hypertext transfer protocol secure, is HTTP through a secured connection. Communications through an HTTPS server are encrypted by a secure certificate known as an SSL. The encryption prevents third-parties from eavesdropping on communications to and from the server. The SSL certificate is responsible for the data encryption. Only servers that have their own SSL can create HTTPS connections. A site’s visitor cannot encrypt the connection. HTTPS URLs begin with https:// and use port 443 by default, whereas HTTP URLs begin with http:// and use port 80 by default.
The importance of HTTPS
HTTPS is an important way to guarantee that the content that your website serves is delivered securely. When you serve your website content securely through HTTPS, you can guarantee that your content cannot be altered by a third party. If you’re serious about doing business online, you need SSL. It’s the best way to protect user data and defend against hackers and identity thieves. Displaying your SSL Site Seal tells customers they can shop or use a website with confidence, knowing they are protected.
Obtaining an SSL certificate
In order to be able to have a secure version of your site, you must purchase an SSL certificate. This can be purchased through many domain name providers or hosting providers. Once purchased, the certificate must be installed on your site. How to install the certificate on your site is outside the scope of this tutorial since this tutorial only deals with the Worpress migration from HTTP to HTTPS and assumes that you already have an SSL certificate installed on your site.
Switching A WordPress site from HTTP to HTTPS
Before you can begin the tutorial, ensure that your hosting account already has SSL/TLS activated. If it’s not available, contact your hosting provider to request it. Once this is done, you are ready to switch over to HTTPS. WordPress is a very well-written framework, so switching to HTTPS is often a one-step process. Here is all you need to do:
To change WordPress from HTTP to HTTPS, the install URL must changed from say http://myawesomesite.com to https://myawesomesite.com.
Here are the steps:
- Login to your WordPress dashboard and navigate to Settings > General.
- Ensure that the WordPress Address (URL) and Site Address (URL) are https. If not, add S after http to make https and save it.
The screenshot above is how I would have done it for miftyisbored.com but I don’t currently have an SSL certificate for this domain. The screenshot is just for illustrative purposes only
Updating the WordPress admin to use HTTPS
Once you have installed an SSL certificate on your WordPress site, you should make sure that anything happening on the admin area is done through HTTPS. The admin section of your site is usually where the most sensitive data about your WordPress site resides and you definitely want to protect it by forcing HTTPS. To easily enable (and enforce) WordPress administration over SSL, the constant FORCE_SSL_ADMIN should be set to true in your site’s wp-config.php file to force all logins and all admin sessions to happen over SSL. An example is provided below:
Additional precautions for HTTPS