Simple Step by Step Guide to Move WordPress Site from HTTP to HTTPS for FREE

Recently Google has announced that Chrome will start showing “NOT SECURE” warnings for all HTTP pages it opens. It may not break your site, but its definitely going to have the impact on your users and SEO ranking.  In this article, we will guide you on how to Move WordPress Site From HTTP to HTTPS for FREE.

The Opencodez is hosted on Linode with Apache and Ubuntu. But the steps will work just fine for other flavors of Linux OS and Apache.

Note: We are assuming you have a Shell access to your website. If not, please request your hosting provider to give you access.

1. Take Back Up

This is the most important step of your migration. You need to take backup of your complete website and database before you even think of migration. Make sure you take backup of your WordPress folders as they have your actual images, themes, and plugins.

2. Get Your SSL Certificate for Free

Now there are many organizations which can help you get the SSL Certificate for your website. They may charge you anything between $50 – $250 as yearly fees to provide you a certificate. In my opinion, if you are a banking or e-commerce website which accepts sensitive data like debit or credit card you can opt for the commercial paid certificate.

2.1 How to get your certificate for free?

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). This organization provides you with free certificates that are equally secure.

You can use the Lets Encrypt or Certbot (which internally connects with Lets Encrypt) to generate your certificate.Wordpress Site From HTTP to HTTPS

Just choose your web server and operating system. It will tell you the exact steps to install certbot.

After you install certbot run below command

Make sure you use the domain names that you want to get the certificate. Please note that we are using certonly option, as we do not want anyone to change our Apache configuration.

After this, the utility will ask you on how you want to perform the authentication.

Choose 3.

Then you have to provide the webroot for your site as

Provide the root folder of your website.

If all goes well, you will see a message something like below

The certbot has placed your certificate and key in the location mentioned above.

Notice that your certificate will expire in 3 months. But don’t worry.  The certbot comes with a command that will renew your certificate in a moment. We will look into this later in the article.

3. Implement Your SSL Certificate

3.1 Update Virtual Host

So we have our certificate ready to use. Let’s change the virtual host to use port 443 and our new certificate.

Check above, and make sure your host entry is updated with SSL certificate file and private key.

3.2 Add HTTP to WordPress Admin

Open wp-config.php in your WordPress and add below line just above it says That’s all, stop editing!.

3.3 Enable SSL Module

Before we restart Apache, make sure SSL module is enabled. You can use below command for that.

Restart Apache

4. Update Site Address

Login to your WordPress Admin and changed site address as shown below. Make sure you use your correct domain with HTTPS

5. Update URLs in your contents

If you have existing contents then its very important to changes all yours in your posts, comments etc to use https. To do that we will use a very simple plugin Better Search Replace

Search for your domain without https and replace it with correct domain along with https as shown above.

You can even try a dry run to see what all things going to change.

Most Important!! – Take Backup before you change

6. Set 301 Redirect for Old URLs

This is crucial as you don’t want your search rankings to suffer. You need to tell the search engine that your old URLs are now permanently moved and available on new shiny and secure address. You can implement it in two ways.

6.1 .htaccess

Open .htaccess from your WordPress root folder and add below to it.

6.2 Redirect in virtual hosts

If somehow above does not work for you then you can add an additional virtual host entry to server HTTP and from that redirect all your request to the new address. The Virtual host entry should look like

Replace yourdomain.com with the correct domain name.

7. Submit to Google Webmaster

Google treats your protocol change and new address. You need to add the new secure address of your https website to Google and any other Search engines you work with.

Congratulations!! At this point we have completely moved WordPress From HTTP to HTTPS.

8. Periodically renewing your certificate.

As mentioned above the Let’s Encrypt issues certificate that is valid for 3 months. You need to set up a process to renew them automatically.

For that add below command to your crontab

 Conclusion

In this article, we have step by step guide to move your WordPress site from HTTP to HTTPS.

Please comment or ask a question or two if you need any information.

Add a Comment

Your email address will not be published. Required fields are marked *