Peter Comeau
Share the love...
convert your wordpress blog to https

How To Convert Your WordPress Blog To HTTPS

I’ve just been converting all my sites to HTTPS, including my WordPress blogs. Convert your WordPress blog to HTTPS isn’t easy, on the face of it. I found a myriad of instructions about convoluted ways to do it, including editing the htaccess file and then converting all your links, including image links, video links, links for attachments, internal links and so on. Urrggh!

If you think I’m going to go through all that for each of my blogs you’ve got another thing coming!

So, I had to find a quicker way, and I did. And I’ll show you how you can do it in a minute…

…but, first, why bother?

What’s so great about https:// and why should you change anything?

HTTP (Hyper Text Transfer Protocol) was set up as the default code for site pages at the beginning of what we now call the Internet. Initially, it allowed for links to other pages and sites within the page text and, over the years, has grown into a style of programming code that makes site pages visually entertaining and informative.

However, there are no security protocols within HTTP. Basically, http:// pages are wide open to all sorts of abuse. And you’ll probably have seen Warnings when you’ve accessed some sites, recently, with Google trying to keep you away from sites that might ‘steal your personal info’.

This is going to become more prevalent, especially for sites which collect information such as email addresses and credit card details (for example if you have a squeeze page on your site or sales page with a buy button).

Even more worrying is that Google has announced that it has started giving ranking advantage to sites which have HTTPS. So, if you’re using your blog for SEO purposes (and who isn’t?), you’ll want to convert your wordpress blog to https://

Using HTTPS (S=Secure), computers agree on a ‘code’ that is scrambled so that no-one else can read that code. This is set up through an SSL (Secure Sockets Layer) to send the information back and forth.

To do this your domain must have an SSL certificate in place. Thankfully cPanel has started adding basic SSL to domains automatically and most web hosts will already have them in place (if you haven’t been notified of this, contact your web host to see).

Note: if you are running ecommerce on your site, you may need a higher rated SSL certificate. Domain providers like GoDaddy and Namecheap offer these, as do many web hosting services.

How to convert your WordPress blog to HTTPS

Right, now that you understand the benefits of https:// and, hopefully, have an SSL certificate installed on your site, here’s the quick and easy way to convert your WordPress blog to HTTPS:

  1. Log in to your WordPress Dashboard
  2. Disable any cache plugins like WP Super Cache
  3. go to Settings/General
  4. Add an s after http to your website URL in the WordPress Address (URL) and Site Address (URL) boxes
  5. Click the Save Changes button at the bottom of the Settings page
  6. You will probably be logged out automatically at this stage (if not, log out) – log in again to the new https:// URL
  7. Go to Plugins/Add New
  8. In the Search Plugin box, type ‘velvet’, then hit enter
  9. Velvet Blues Update URLs‘ will show up near the top of the list
  10.  Click on the plugin name
  11.  In the window that pops up, click the Install Now button
  12.  The window will close and show you the Add Plugins page again. Click the Activate button next to ‘Velvet Blues Update URLs’
  13. You’re almost finished! Go to Tools/Update URLs
  14. Under Step 1, put your old http:// URL in the first box and your new https:// URL in the second box
  15. Under Step 2, check all of the checkboxes except the last one (IMPORTANT – do NOT check ‘Update ALL GUIDs’)
  16. Click the Update URLs Now button
  17. A little box will come up telling you how many changes were made
  18. Return to Plugins/Installed Plugins and deactivate ‘Velvet Blues Update URLs’. Once it is deactivated, you can delete it.
  19. This is optional, but I suggest you go the plugin’s page on WordPress.org and either leave them a nice review or donate a dollar or two (or both) since they just saved you from having to search all over your website for links that needed to be updated: 
  20. Visit Site to check everything is ok
  21. Turn your cache plugin back on (if you have one)

Yes, I know it is 21 steps but, really, it will take you a couple of minutes to do this. Just make sure you have that SSL certificate installed first.

Then you can rest easy that Google won’t penalize your blog for lack of security and you’ll be giving peace of mind to your blog visitors too!

About the Author Peter Comeau

follow me on:

Leave a Comment:

3 comments
Peter Beckenham says December 16, 2017

Hi Peter,

Well you did it. By breaking it down to 21 steps even a technically challenged moron like me could understand how to make this essential security change to our websites.

Many thanks for sharing your research but more importantly for the way you explained the why and how of the process.

Well done

Cheers from the village marketer

Peter

Reply
    Peter Comeau says December 16, 2017

    So pleased you found it useful, Peter.

    Reply
Paul Conway says December 16, 2017

Hi Peter

Great informative and actionable article. I completed this task about 10 days as I wanted to be sure that my site was Google compliant ASAP 🙂

Best Wishes
Paul

Reply
Add Your Reply