This is a step-by-step guide to converting a WordPress Website from HTTP to Secure HTTPS. This is a simple guide for non-technical people, with no coding required. I’m going to show you how to save a lot of money by getting a free SSL certificate. With this guide you can convert any WordPress website to HTTPS, including websites, blog and shopping sites.
I’ve documented the steps to move from HTTP to HTTPS so you can easily repeat the process.
I’ll include my learnings from making the switch, so it’ll be even easier for you. In this guide, you’ll find:
How to Change your WordPress Website from HTTP to HTTPS:
- Step 1 – Get an SSL Certificate
- Step 2 – Install your SSL certificate
- Step 3 – Make Changes in your WordPress Dashboard
- Step 4 – Check your Website for Errors
- Step 5 – Update Links from External Sites
A Quick Introduction: Why I Finally Changed my Website from HTTP to HTTPS
I’d been aware of the need to move my website to HTTPS for quite some time. I’d researched it, and looked at the cost of an SSL certificate. I always felt it was too expensive and too time consuming. So I kept putting it off.
I eventually decided moving to HTTPS was no longer optional – but a necessity. My blog was displaying as ‘non-secure’ to visitors redirecting from search results and social media – mostly from Pinterest. I was losing visitors and my bounce rate was high.
Bloggers are trusted people. Non-secure warnings on our blogs run contradictory to the image we try to create. I had to make the switch to HTTPS.
Why move your Website from HTTP to HTTPS?
- Trust – ‘Non-secure’ warnings on HTTP sites (like these) is isn’t good for user experience. It’s not only shopping websites where HTTPS is needed for when password or credit card information is required. Unsecure warnings now show up for any websites with a form field, for example, search boxes, comment forms, or sign up forms asking visitors for their name and email.
- SEO – in 2014 Google announced HTTPS is a ranking signal
- Speed – HTTPS websites load significantly faster than HTTP.
This is an example of a speed test on an HTTP site (Completed in 2.004 seconds)
This is an example of a speed test on an HTTPS site (Completed in 0.393 seconds).
What I thought was a complicated process to change my website from HTTP to HTTPS turned out to be really easy.
You just have to follow the right steps:
Step 1 – Get an SSL Certificate
My recommendation would be to first ask your webhost if they support free SSL Certificates, like Let’s Encrypt. Let’s Encrypt is a non-profit internet security group that provides certificates for HTTPS free of charge.
If your webhost doesn’t support free SSL certificates, ask them how much they charge per year for a SSL certificate purchased through them. If you don’t mind paying for an SSL certificate, buy one through your webhost and ask them to install it. Then you can jump to step 3 of this guide.
If like me, you don’t want to pay for a SSL certificate, I recommended doing what I did – change your webhost to a hosting company that does support free SSL certificates.
I’d been with my webhost for more than 5 years but staying with them would be very expensive. Year after year I would have had to pay $39.99 per year for the SSL certificate, on top of my hosting fees, which would be about $159.00/year for one domain, which is really expensive for me.
The process to change your webhosting company is easy. I’ve documented the 6 steps to change your webhosting company so you can follow the exact steps I took.
I changed my webhost from my previous provider to Siteground. With SiteGround I now have a free SSL certificate for my website for life.
SiteGround are renowned for their excellence in customer support, fast hosting speed and low monthly fees. Importantly, they make it super easy to install a free SSL certificate:
If your webhost doesn’t support free SSL certificates, you can still purchase an SSL certificate through them. Ask your webhost to install your SSL certificate, and jump to Step 3 of this guide.
However, I decided I didn’t want to pay for an SSL certificate. Here are the exact steps I took:
Part 1 – Get Started with SiteGround
The following link is an affiliate link to SiteGround which means I will get paid a small commission at no additional cost to you if you use this link (which I hope you will!). This link will take you to the correct page to get started with SiteGround and get a free SSL certificate. Thank you! : )
The first thing I did was choose a hosting option. I went for the cheapest hosting option and signed up with SiteGround for $3.95/month. I’d recommend this option for smaller websites. If you have a larger website with a significant following, or a shopping site, you may need to choose one of SiteGround’s premium hosting options:
SiteGround have servers located all over the world: USA, UK, Netherlands, Milan and Singapore, so wherever you live they are an excellent choice.
Once I completed the sign up process, I waited for SiteGround to complete their free service to transfer my blog’s database files from my existing host to SiteGround’s servers.
SiteGround said the transfer would take 24-48 hours, but within 4 hours I got an email saying the transfer had been completed successfully! ‘George’, the Tech Support Rep handling my transfer made the process super easy. He was knowledgeable, polite and very responsive – everything you want in a Tech Support Rep.
George provided me with SiteGround’s (United States) DNS server names, email server names and ports.
I checked my blog to make sure everything was working correctly after the move – everything was perfect!
Part 2 – Change your Domain Nameservers (DNS)
The next thing I did was login to GoDaddy, my domain register.
I changed my Domain Nameservers from my existing webhost’s to SiteGround’s (United States) Domain nameservers (DNS):
Now everything was in place to get a free SSL certificate, and move my blog to a secure HTTPS site.
Step 2 – Install your SSL certificate
If you purchased an SSL certificate through your webhost, you can ask your webhost to install your SSL certificate for you.
If like me, you chose to go with SiteGround and get a free SSL certificate, I’ll show you how to install it.
First, I logged into SiteGround’s Cpanel and scrolled down to the Security section.
I clicked on ‘Let’s Encrypt’. This is where you can install your free SSL certificate for HTTPS:
I selected my domain and clicked ‘Install’.
Next I switched on ‘HTTPS Enforce’ and ‘External Links Rewrite’:
‘HTTPS Enforce‘ redirects HTTP to HTTPS, forcing your website to work entirely over an encrypted HTTPS connection. ‘External Links Rewrite‘ solves ‘mixed content’ issues from external websites with non-secure connections that load data into your website. (You might have heard of WordPress plugins like Really Simple SSL. With SiteGround, you don’t need the Really Simple SSL plugin, because SiteGround has this functionality built into their portal – making everything really easy).
My free SSL certificate was now loaded – and my blog had moved from HTTP to HTTPS. I checked my blog to see if it had the green padlock – it did!
However, this isn’t the end of the process. The next few steps are really important.
Step 3 – Make Changes in the WordPress Dashboard
To successfully migrate your site from HTTP to HTTPS, there are important changes to make in your WordPress dashboard.
Part 1 – Take a Backup of you WordPress site
The first thing I did was take a backup of my blog. I knew SiteGround would roll back my blog if I made a mistake, but it’s always wise to keep a backup yourself.
I installed a free plugin called ‘UpdraftPlus‘ to make a backup of my blog.
You can install the plugin through your WordPress dashboard and click ‘Backup’.
Part 2 – Deactivate Caching and WordPress Builder Plugins
If you use caching plugins (like W3 Total Cache), clear their caches (click ‘Save Settings & Purge Caches) and deactivate them now.
(If you use W3 Total Cache and receive an error message saying: some files appear to be missing or out of place, follow the solution here to fix the W3 Total Cache error).
If you’re using WordPress page builders like Elementor, deactivate those plugins now.
If you use social sharing plugins (and want to keep your sharing counts after your site moves to HTTPS) you will need to migrate your counts, which is explained in Step 5 – Part 5 of this guide.
You can turn any plugins you deactivated back on once everything’s been completed.
All other plugins, and non-caching plugins can be left active.
If you use a Content Delivery Network, like Cloudflare, turn that off now.
Part 3 – Change URLs in WordPress General Settings
Then, I went to Settings -> General. I added an ‘s’ to ‘http’ in the ‘WordPress address URL’ and ‘Site address URL’ -> and clicked ‘Save’:
Part 4 – Change Internal Links from HTTP to HTTPS
Next, I used a free plugin to change all internal links in my pages and posts from: ‘http’ to ‘https’. These include image URLs and links to attachments. These links will already be redirecting from http to https (because we ‘forced HTTPS’ in the SiteGround portal), however for optimal speed and performance, I’ll change these outdated references of HTTP to HTTPS.
E.g – example of outdated references to HTTP on my site:
To change all references of HTTP to HTTPS on my site I used a free plugin called ‘Velvet Blues update URLs‘.
This plugin changes every reference of HTTP to HTTPS. Once you’ve made the changes you can delete the plugin.
I installed and activated the ‘Velvet Blues update URLs’ plugin through the plugins section in my WordPress dashboard.
Then I went to settings – Tools – ‘Update URLS’.
I added my old URL and my new URL. In my case they looked like this:
I checked all the boxes, apart from the last one.
I clicked on the blue button to ‘Update URLs now’.
Once I got confirmation that the changes had been made, I checked a few page and posts to make sure, and deleted the plugin.
Step 4 – Check your Website for Errors
Next I cleared my browser’s cache. This is so I could see the updates I made to my blog.
Next I checked to see if my site was showing as a secure HTTPS site – and had the green padlock. It did!
Then I checked my site for errors, including missing images, links to background images, adverts, plugins errors (plugins may need to be deleted and reinstalled) and affiliate links and affiliate images.
Everything was working perfectly!
If you deactivated any plugins, you can reactivate them now.
If you use a Content Delivery Network, turn that back on now. Your Content Delivery Network sub-domain URL must also be changed to HTTPS. Therefore you may have to install a free Let’s Encrypt SSL certificate in the settings of your Content Delivery Network portal. Check with your Content Delivery Network on how to configure your site to work through SSL. If you choose SiteGround to host your website, follow these instructions to configure Cloudflare to work through SSL.
If you use Elementor you’ll also need to update all references of http to https. Go to Elementor -> Tools -> replace URL tab. Then in ‘update site address’ – put in your old http address and new https address. Click ‘Replace URL’.
Where to get Help Migrating from HTTP to HTTPS
In the event your site isn’t working as expected, you can go to the following sites to diagnose your errors: Why No Padlock? and JitBit or install the SSL Insecure Content Fixer WordPress Plugin which finds and fixes these issues for you.
HTTP to HTTPS.org
If have questions, need help, or want to hire a specialist to migrate your website to HTTPS for you, go to HTTPtoHTTPS.org. There’s a forum here to ask questions and get answers about your HTTPS migration, website encryption or SSL certificates. (If you have experience with HTTPS migration, problem solving, website encryption or SSL certificates – you can answer other user’s questions and help them successfully migrate to HTTPS. You can also advertise your client services for free, post articles, showcase your services, share your HTTPS migration experience etc).
Next we’re going to complete the process by updating external sites HTTP to HTTPS.
Step 5 – Update Links from External Sites
Then I updated all external links pointing to my blog from HTTP to HTTPS.
I followed these exact steps:
Part 1 – Update Google Search Console
First, I created a new Google Search Console profile for my new HTTPS site.
(Google Search Console is the new name for Google webmaster tools. If you don’t have a Google Search Console account, now is a good time to get one).
Login to Google Search Console and go to the Home page.
Click ‘Add a Property’. Enter the new URL of your website- don’t forget you now have a HTTPS website!
In my case I entered:
Then I clicked ‘verify property’ and added the line of code to my website. If you need help verifying your website, I put together a short guide on how to verify your websitein Google Search Console using code.
Once my blog was verified, I submitted my new sitemap. Remember you now have an HTTPS sitemap!
If you use the Yoast SEO plugin which I highly recommend, you can find the link to your new sitemap in the XML Sitemaps section. Click on the link to open your site map and copy the link into Google Search Console.
Before you submit your sitemap, test your sitemap first to make sure Google can read it. Click on ‘See the results’.
If Google successfully reads it, you can now safely delete your website’s old HTTP Google Search Console profile.
If you get an error message when testing your sitemap that reads …….. – see my guide to fixing the LINK
Part 2 – Reauthenticate Yoast SEO plugin with Google Search Console
I use the Yoast SEO plugin, if you do too, you’ll need to reauthenticate it with your new record in Google Search Console. Do this by clicking on Yoast SEO -> Search Console -> Settings -> Reauthenticate with Google – and follow the instructions.
Part 3 – Update Google Analytics
Unlike with Google Search Console, we are NOT going to delete your existing Google Analytics profile. We are going only update it.
Login to Google Analytics and go to the Administration section. Make the following 3 changes:
Update 1. Under PROPERTY – go to Property Settings – Change ‘Default URL’ from http to https
Update 2. Under VIEW – go to View Settings – Change ‘Website’s URL’ from http to https
Update 3. Under PROPERTY – go to Property Settings – ‘Search Console’ – Click on ‘Adjust Search Console’. Reconnect your Google Analytics account to your Search Console Site.
Part 4 – Update Comments Plugins
I use the native WordPress comments function, so I didn’t need to take this step. If you use Disqus for your website comments, you’ll need to migrate your comments from http to https. Follow this excellent tutorial on Migrating Disqus Comments to HTTPS.
Part 5. Migrate Counts on Social Plugins
If you use a social sharing plugin, and want to migrate your social counts, you’ll need to make changes to your social sharing plugin. Every social sharing plugin is different, so you will need to refer to your plugin’s support guide to learn how to migrate your social counts. For example, if you use the Social Warfare plugin, you will need to buy the pro version to recover your social counts. Go to the Social Warfare plugin setting, click ‘turn on activate share recovery’ – in ‘Previous Connection Protocol’ – change it to ‘http’ and save changes. This will bring back your social counts. If you don’t have high social sharing counts, or if you don’t display your social sharing counts, you can skip this step.
Part 6 – Update Social Media Profiles and other Sites you own that link to your website
Update links to your website. Just change http to https in the settings page on your accounts. For example if you have any of the following accounts:
Affiliate Networks and Affiliate Programs
You’ve successfully migrated your website from HTTP to HTTPS! You’ll now have the green padlock on your URL and your site will show as ‘secure’!
The last thing to do is complete the steps of migrating to a new webhost, including changing your email address settings.
Watch the Easy Step-by-Step Video?
Please Share this Guide on moving from HTTP to HTTPS!
If this guide has been helpful to you, I would be very grateful if you would share it with your friends, or your readers. Thank you!