Introduction to HTTP to HTTPS
More and more websites are switching to HTTPS these days. As per BuiltWith, there are 85,167,054 HTTPS sites secured by SSL certificates on the internet.
But why has running your site on HTTPS has become mandatory in recent years?
Internet browsers have been using HTTP (Hypertext Transfer Protocol) since the beginning of the internet. It is a set of rules concerning the transfer of web pages between a web server and the browser.
But the issue with HTTP is that when your browser receives or sends private information, the conversation takes place in plain text. Any third-party can see the information in your browser, and thus hackers on the prowl can steal them and use them for nefarious means.
To discourage this practice, HTTPS (Hypertext Transfer Protocol Secure) came into being. Though it is the same conversion process, the messages are now encrypted and it deters hackers from stealing information.
You can switch your website to HTTPS by installing an SSL certificate.
What are the benefits of HTTPS?
The primary purpose of HTTPS is to encrypt the information that is transferred between the browser and the server. But it has many other benefits as well. Let’s take a look at them:
- Encryption – HTTPS protects the communication between the server and the browser so that no third-party can see and access personal information such as passwords and payment information.
- Authenticity – Since you undergo a verification process before any trusted certificate authority passes on the SSL certificate to you, your website is seen by visitors as an authentic website. Your site is what it claims to be.
- Builds trust – Trust is a crucial factor when you do any kind of business. Without building trust, no customer would be willing to associate with you. SSL certificate’s trust signals like a green padlock lock in your browser’s address bar and trust seals can increase the trust of customers. When your customers trust you, they will be more willing to share their personal information.
- SEO benefits – Another benefit of an SSL certificate that is often overlooked is SEO benefits. Google announced in 2014 that HTTPS would be a ranking factor. So if you are adding an SSL 2048-bit key certificate on your website, you will get a ranking boost.
Considering all these benefits, you should BE switching to HTTPS if your site is still running on HTTP.
How to switch HTTP to HTTPS
Since WordPress is the most widely used CMS, we will be focusing on how to switch your WordPress website from HTTP to HTTPS:
Checklist before you switch to HTTPS
- Do you have a seasonal site? Switching to HTTPS at peak visitor times is not recommended. In case there is a downtime, your sales will be affected.
- Ensure that your host can deliver an HTTPS website.
- The process is long, and it is a lot of work, so make sure you have plenty of time and be prepared.
- Backup your website as a safety measure.
Obtain and install an SSL certificate
If you are maintaining multiple subdomains, you can buy a Wildcard SSL Certificate so that you can apply it to your domain and subdomains.
Just ensure that you are obtaining your cert from a trusted certificate authority. Your web host can install and activate your certificate. Once it is done, you will have to make the necessary changes to your WordPress website.
Secure your back end/WordPress Admin Area
Your dashboard is the first place that you can secure. If you add HTTPS to the back end first, whenever a user logs in, the information can be exchanged securely. Go to your WordPress root folder and open wp-config.php.
Now, enter the following command:
Once updated, try accessing your login page with HTTPS in the URL to see if you get a secure connection. Continue to the next step if it works.
Secure your site address
To do that, go to Settings and select the General option. At the beginning of the WordPress address and site address, add https:// and save it.
Plugins such as interconnect/it can help you change the links from HTTP to HTTPS in your content and database.
Check the links to external resources in your theme templates and function files. If they are HTTP links, you will have to update them too. It is recommended to update your links to // rather than https:// so that they will create relative links automatically.
Must Read: Other blogging tips
Set up 301 Redirects in .htaccess
When you set up a redirect using .htaccess, it will automatically send your website visitors over to the secure version. Since .htaccess is not visible by default, set your FTP client to show hidden files.
In case there is no .htaccess in your installation, you will have to create it. Generate a plain text file and enter .htaccess. You can then upload it to the root directory.
Next, add these commands:
Don’t make your pages available in both versions to prevent duplicate content. You can also conduct a test using a tool to see if everything is working correctly.
Complete the transfer
To fully switch your site to HTTPS follow these steps:
- Update the site map. Your SEO plugin may do it automatically. If not, try switching off the plugin for it to update. Add it in your robots.txt file. Update all the hardcoded links.
- Add your HTTPS site to each webmaster tool as a new property.
- Switch your Content Delivery Network to HTTPS.
- Some analytics will need a default URL. Upgrade it with HTTPS.
That’s it! You have successfully switched your site to HTTPS.
Though it takes a lot of work and time to switch your old HTTP site to HTTPS, it is worth the effort. SSL comes security, and there are plenty of benefits that you will get, including increased customer trust and authentication, which is crucial to run a business. If your site isn’t running on HTTPS yet, make the switch today.