If you haven’t already made the move yet, then here’s your reminder that Chrome will mark all HTTP sites as “not secure” starting in July. I’m actually guilty of not having all of my sites over to SSL yet and am spending this week making the changes to get them all secure. I’ve heard from people that they haven’t yet done this because they’re not tech geeks and worry that they will break something or that it will be a challenge. Honestly, it’s a pretty simple process and I have a five-point checklist that I use each time I do it to make certain that I don’t fuck anything up – cause no one wants to lose all their traffic due to a careless mistake.
HTTP to HTTPS in 5 Steps
Before giving you my steps, let me be clear that I’m making the assumption that you’re using WordPress and that you’ll be using one of the free Let’s Encrypt SSL certificates. Plenty of web hosts offer these for free. So, look for it in your cPanel. Here’s what it looks like in my Siteground hosting:
With Siteground, they already have certificates created for all the domains on my hosting package, but you can check yours by clicking on Let’s Encrypt and seeing if there is a live certificate for your site. If not, then you need to scroll down and install one.
Now that you know you have a SSL certificate installed, it’s time to start making that move!
Step One: Update The OBLs for Your Amazon Images
If you have a site hotlinking to images from Amazon before they changed to SSL, then you need to update to URLs to point to the secure location. Unfortunately, it is not as easy as changing http to https in the links because Amazon changed the entire image linking domain on us.
Those old images start with: http://ecx.images-amazon.com/
So, search all of your posts, pages and Tablepress tables for that domain to see if you happen to be linking to it anywhere on your site. If so, you need to replace those links one by one – yes, it’s tedious as hell – by going to Amazon and getting the new URL.
Note: if you’re linking out to any other images with HTTP, that will need updated as well.
Don’t skip this step because if you’re linking out to HTTP resources like this, your site will not be fully secure and you won’t get the green “secure” label.
Step Two: Update Your WordPress Install Location
Log into your site and go to Settings–>General
You need to update your WordPress Address (URL) and Site Address (URL) to HTTPS. When you do this, it will make you log back into your WordPress dashboard on the HTTPS version of the site.
Step Three: Force The HTTPS Redirect
You need to make sure that all visits to the site are redirected to the HTTPS version by forcing that redirect. In Siteground, this is easily accomplished via their SG Optimizer Plugin, or via your cPanel after clicking on Let’s Encrypt.
Alternatively, you can accomplish the same thing via your .htaccess file with the following code:
RewriteEngine on RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR] RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC] RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]
Change every instance of yoursite.com
to your WordPress URL.
Note: As you can see in the image above, you can force HTTPS on all external links if you want, but I tend to avoid that because you never know what it will break!
Step Four: Change Your Internal Links
Now that you’re forcing all visits to your site to be HTTPS, it’s time to update any internal links that you have in your posts. So, go through your posts and look for instances where you link to other posts via HTTP and update those to HTTPS.
I did this manually, but I’m certain you can use a plugin to automate it, if you want.
Step Five: Let Google Know
You’re almost done! Now you just need to let Google know about this new version of your site. While it’s technically a URL change according to Google, you don’t have to actually do a “site move” in Google Search Console.
Instead, you just need to claim this new HTTPS version of the site to prove that you own both versions. And the, submit a sitemap to the new HTTPS version in Search Console.
Now, you’re done!
What If My Host Doesn’t Offer Let’s Crypt For Free?
Let’s Encrypt has page that list all their hosting partners and gives you tips on how to manually install the certificate. But, if you find that you’re with a web host that doesn’t offer Let’s Encrypt and won’t let you manually install the certificate, then you either need to pony up the fee they charge for the SSL certificate or consider moving to a better hosting company! I highly recommend Siteground, and they will move your site to them for free!
Will I Lose Rankings When I Change To HTTPS?
This is a question that I see a lot, and one that I had before I made my first site moves to HTTPS.
In the nine site moves that I have made to HTTPS, only one lost rankings temporarily. The rankings ranked for around 10 days – and I was panicking bit time! I’d followed the exact same process as outline above with all nine sites, but this one site took a beating.
Ten days later, the site showed back up at the top of the SERPS, and even gained some spots for a few keywords.
So, will you lose some rankings when you make the move? Maybe.
And that sucks, but in my experience it was only for ten days – so it could have been a lot worse.
Notes: Keep in mind that I’m not a super techy person, so feel free to consult other resources on moving to HTTPS. The above steps are just what I follow for my own sites.
Also, if you’re using a CDN with your site, then you’ll need to confirm that they support SSL before you go through this whole process.
Hey, I’m Shawna. I make a living working from my laptop in places like London, Sydney, Dubai, Rome, Oslo, Bangkok, Las Vegas, Barcelona, and Amsterdam. I share how I do some of that on this website.