Are you looking to move WordPress from HTTP to HTTPS and install an SSL certificate on your website? We have been getting a lot of requests on this topic because Google announced that Chrome browser will start marking all websites without SSL as insecure starting July 2018. In this article, we will show you how to properly move WordPress from HTTP to HTTPs by adding a SSL certificate.
Don’t worry, if you have no idea what SSL or HTTPS is. We’re going to explain that as well.
What is HTTPS?
HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.
Every day we share our personal information with different websites whether it’s making a purchase or simply logging in.
In order to protect the data transfer, a secure connection needs to be created.
That’s when SSL and HTTPS come in.
Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and its certificate doesn’t match, then most modern browsers will warn the user from connecting to the website.
Why do you need HTTPS and SSL?
Last year Google announced a plan to improve overall web security by encouraging website owners to make the switch from HTTP to HTTPS. As part of this plan, their popular Chrome web browser would mark all websites without a SSL certificate as “Not Secure” starting July 2018.
As part of the announcement, Google also said that websites with SSL will also see SEO benefits and higher rankings. Since last year, a large number of websites have switched from HTTP to HTTPS.
Google has been slowly rolling out the “Not Secure” warning in Chrome. For example, if someone visits a HTTP website using the incognito window, it will be marked as Not Secure. If someone visits a HTTP website on regular mode and tries to fill out a contact form or another form, then the website will be marked as insecure.
When your readers and customers see this notice, it gives them a bad impression for your business.
This is why all websites need to move from HTTP to HTTPS and install SSL immediately.
Not to mention, if you want to accept payments online on your eCommerce website, then you need SSL.
Most payment companies like Stripe, PayPal Pro, Authorize.net, etc will require you to have a secure connection before accepting payments.
Requirements for using HTTPS/SSL on a WordPress Site
The requirements for using SSL in WordPress is not very high. All you need to do is purchase an SSL certificate, and you might already have it for free.
For more details, see our guide on how to get a free SSL certificate for your WordPress website.
If your hosting company does not offer a free SSL certificate, then you’ll need to purchase an SSL certificate.
By purchasing a SSL certificate from them, you also get a TrustLogo site seal for your website, and each SSL certificate comes with a minimum of $10,000 security warranty.
Once you have purchased an SSL certificate, you will need to ask your hosting provider to install it for you.
Setting up WordPress to Use SSL and HTTPs
After you have enabled SSL certificate on your domain name, you will need to set up WordPress to use SSL and HTTPs protocols on your website.
We will show you two methods to do that, and you can choose one that best fits your need.
Hawk Hosting, go to CPanel – SSL/TLS Status, active auto SSL
Redirection to https
Submit Your HTTPS Site to Google Search Console
Search engines like Google consider https and http as two different websites. This means you will need to let Google know that your website has moved to avoid any SEO issues.
To do that, you just need to go to your Google Search Console account and click on ‘Add a Property’ button.
This will bring up a popup where you need to add your website’s new https address.
After that, Google will ask you to verify ownership of your website. There are several ways to do that, select any method and you will instructions to verify your site.
Once your site is verified, Google will start showing your search console reports here.
You also need to make sure that both the https and http versions are added in your Search Console.
This tells Google that you want the https version of your website to be treated as the primary version. Combined with the 301 redirects that you setup earlier, Google will transfer your search rankings to the https version of your website, and you will most likely see improvements in your search rankings.
We know that we did when switched our websites from http to https.