Switching a Wordpress website to HTTPS
According to recent communications from Google, sites encrypted using the https protocol will be better referenced than http sites in the search engine results. On the other hand, the weight of https is still minor compared with other criteria (responsive site, relevance of content, etc.), but this is a long-term trend. Whether it's for your SEO strategy, your image or the confidentiality of exchanged data, this wordpress tutorial will explain it all.
What's the difference between http and https?
A classic http site communicates information "in clear" with the surfer. In concrete terms, when you access a site, you send an http request and the site sends you a response. An http site sends you unencrypted and therefore unsecured information.
Conversely, a site using https encrypts the data exchanged between the surfer's browser and the server hosting the site. Please note, however, that the https protocol does not secure the data hosted on the site, as security concerns only the data transferred.
An https site has two advantages in addition to data protection:
- it reassures web users, who feel more confident. It makes your site more credible.
- it improves your SEO. HTTPS will become increasingly important in the future.
Follow the steps below to set up your https protocol:
Generate an SSL certificate
If you host your site with OVH, it's your lucky day! By logging into your management interface, you'll see that you have a free SSL certificate enabling you to set up your site in HTTPS. If it hasn't been generated, click on the "regenerate SSL certificate" button. If it's already activated, you don't need to do anything:
If you don't use OVH for your hosting (Gandi, GoDaddy, 1&1, etc.), then you're going to have to do some digging. If your provider doesn't give you a free SSL, you'll need to buy one from them.
Switching Wordpress administration to HTTPS
The simplest step is to force HTTPS on your admin console (www.monsite.com/wp-admin). To do this, follow the steps below:
-
- Open the config.php file at the root of your site using FileZilla or another file transfer tool (FTP).
- Add the line define('FORCE_SSL_ADMIN', true); to the configuration parameters:
Changing the site URL in Wordpress
If you're working on an existing site, the procedure is simple: go to Settings > General then add an "s" after the http in the two fields containing the URL:
You may need to log in again after this procedure. If you're working on a new site, enter the full URL including https:// each time the site address is requested.
Modify your .htaccess file
The final step is to modify your .htaccess file, located at the root of your site, so that http redirects to https systematically for all site URLs:
- Connect to your file server with FileZilla
- Right-click on the .htaccess file in the root folder, then "View / Edit".
- Add the following lines to the file:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.monsite.com/$1 [R=301,L]
Final rendering of .htaccess file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.monsite.com/$1 [R=301,L]
</IfModule>
# END WordPress
Remove mixed content from WordPress
Is your site not displaying https in green? This is probably because you have mixed content (http and https) on your site. You need to transform all http links that call up images into https. This is often the case for logos or footer images. Reviewing all the links on your site can be time-consuming. That's why it's best to switch your site to https as soon as possible.
And that's it! Your site is now in HTTPS. Remember to tell Google that your site has changed domain in Google Webmaster Tools, so that there's no confusion between the old and new URLs.
Article translated from French