How I switched my site from HTTP to HTTPS

If you’ve been reading my site over the past few days, you’ll notice one new change. I’ve moved the site from HTTP to HTTPS, thus giving the site a nice green lock icon next to the URL in your browser.

As Wikipedia summarizes, HTTPS is a secured, encrypted protocol for serving web pages, and a fundamental part of what makes online commerce possible. Regular HTTP pages aren’t secured, so information passed between your computer and its server can be more easily read by a third party. Most major sites, including Google, Facebook, Amazon, and so forth, are all using HTTPS.

Until recently, uptake of HTTPS has been slow, in part since the SSL certificates required were usually either too complicated to create on one’s own or required an expensive third party solution; most people went for the latter. However, Let’s Encrypt has made getting certificates easy and free for anyone to use. As such, it’s proven to be a major game changer in online website encryption, resulting in an increasing number of websites moving to HTTPS. Various ISPs, including mine, are also adding support for Let’s Encrypt into their installations of the cPanel control panel. Elsewhere, WordPress.com, Tumblr, and similar sites are making HTTPS the default for new users.

As for my site, what I did overall is outlined below, with some help from a few sites like WP Beginner.

Force the WordPress administration area to use HTTPS

I wanted my WordPress administration area to use HTTPS by default, as one way of boosting security on my end. To do that, I added the following code to my site’s wp-config.php file, above the “That’s all, stop editing! Happy blogging.” comment line:

define('FORCE_SSL_ADMIN', true);

Jetpack issues

To avoid issues with the Jetpack plugin, its troubleshooting page gave the recommendation to add this code to the end of the wp-config.php file:

define( 'JETPACK_SIGNATURE__HTTPS_PORT', 80 );

Redirect the site to the HTTPS version

To redirect all of the site’s traffic to use the HTTPS version, I added the following code to the start of the .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
</IfModule>

Replace “www.yoursite.com” with your site’s URL.

Update internal links

While redirecting is valuable, it’s also important to update internal links that used HTTP, including in the menus, sidebars, and posts/pages themselves. Given the sheer number of post links that’d have to be changed,  I went with using a plugin (Better Search Replace) to let me change the page/post links all at once.

Update social site, Google Analytics, and Webmaster Tools links

I updated the links on other sites (social media, etc.) to refer to the new version of the site.

Similarly, I also updated the information in Google Analytics and Webmasters Tools to reference the new version of the site.

Conclusion

So far, I haven’t noticed any major issues after setting everything up. One side effect, however, is resetting my Jetpack social share buttons’ share counts to zero.

Other than that, I’ll watch out for any lingering issues that might arise. However, if anyone has any concerns or questions, please ask in the comments below.

2 comments

  1. I need to bookmark this page (actually archive it in Evernote) in case I ever decide to make my sites https. Thanks for these instructions.

    It’s too bad that all the social media share counts get reset.

    1. A few places online claim Facebook’s counts will eventually catch up to the HTTPS-ified site and reinstate themselves. Otherwise, yes, social buttons are the one down side.

Leave a Reply

Your email address will not be published. Required fields are marked *