Installing and configuring SSL on WordPress websites is a multi-step task and you need to perform each task carefully in order to ensure that the SSL is installed properly. In this article, I’m going to share the correct (and probably the easiest) method to implement SSL on a WP site. Remember that I’m not going to thoroughly cover the server-side installation of the SSL cert, instead, this post will focus on transitioning your WordPress website’s HTTP structure to HTTPs.
Before proceeding, please take a backup of your WordPress website’s database as we will be making changes to the database content during this procedure.
Step 1: Install SSL:
First of all, you obviously need to install the SSL on your website. If you are using cPanel, then the SSL should be issued automatically in most cases. On a cPanel VPS, the SSL can be enabled for the websites from WHM by switching on the Auto-SSL feature. You can consult your web hosting provider in order to get the SSL installed on your website if you have doubts and aren’t able to get this done. For ServerPilot users, I’ve written a simple bash script that will simplify the SSL installation through Let’s Encrypt.
Once the SSL is installed, you are good to proceed.
Step 2: Install Better Search Replace Plugin
Now you have to replace all HTTP URLs of your website with HTTPs ones. For this purpose, we will use a free and great plugin called Better Search Replace. The plugin is available in WordPress plugin repository so you can install it easily from your website’s plugin installation section. Once the plugin is installed, activate it and go to its page found under ‘Tools’ menu.
Remember that now we are going to make irreversible database changes and to ensure that your data is safe, you will have to take a backup of your database. You can use another free plugin called WP-DB-Backup to export a backup of your WordPress database. Remember that you don’t need to worry about the database backup if you decide to use the pro version of Better Search Replace as in its premium version, the plugin automatically takes a backup of your database before making changes.
Once the database backup issue is solved, now decide on your website’s preferred domain structure, i.e. with www or without www. I recommend that you should use the version that is indexed in Google. To find this out, do a quick search for your website’s domain in Google and see either it is indexed as http://www.xyz.tld or http://xyz.tld (without www). Once the domain’s preferred version is decided, now make the actual changes.
Say you want to use your site’s domain with www. Now on Better Search Replace plugin’s page, enter the domain name like this:
Search & Replace Action 1:
Search & Replace Action 2:
You will have to run the search and replace query twice just like I mentioned above. Don’t forget to uncheck the ‘Dry run’ option otherwise, the actual changes will not be made. After the successful execution of above queries, all HTTP URLs of your domain (including both www and non-www) will be replaced with HTTPS URLs (www version that you preferred). Remember that you will need to replace xyz.tld with your actual domain.
The above search and replace action will change all URLs including internal links and media assets resulting in complete transition of your WordPress website’s URL structure from HTTP to HTTPs. If any URLs are hardcoded in your theme’s files, then you will have to manually edit those files and convert the HTTP URLs to HTTPs ones in order to ensure that mixed-content issues don’t arise.
The Final Step, Force Redirect:
To fully move your website to HTTPs, you need to force SSL on it. You can edit your website’s HTACCESS file to force this redirection but you can use a plugin written by me as well. Search and install WP SSL Redirect plugin from your website’s admin section and the plugin will simplify this forced-redirect for you.
If all goes fine, now your website should have been fully transitioned to HTTPs without any mixed content errors. If you see mixed content errors in the browser, consider clearing all caches as well as convert the hardcoded URLs of resources to HTTPs by editing your theme files.
Why Not Any Plugin?
You may ask, why do I need to do all this manually? Why shouldn’t I use any plugin to make this entire switch? And the answer is simple; don’t compromise on your website’s performance. These plugins don’t make changes to the URLs permanently. When you use such a plugin to convert your website to HTTPs, then on each page load, the plugin parses your entire content and makes the changes (i.e. convert HTTP URLs to HTTPs) before outputting the content to browsers. This process consumes some heavy resources and may result in increased load time.
I hope you found this article to be helpful. Any suggestions or questions are welcomed.