Why and how you should switch WordPress to HTTPS [Instructions]

So there are a few good reasons to switch WordPress to HTTPS. I'll explain them to you in the course of this article. But this much can already be said: If you want to rank well on Google, you should add the SSL certificate to your WordPress website.

As a WordPress agency, we have already gained a lot of experience in this area and know what we're talking about.

Let's take a look at the facts.

HTTPS as a ranking factor

In August 2014, Google decided to introduce HTTPS (hyper-text-transfer-protocol-secure) as a ranking factor. Since then, websites with HTTPS protocol have had a slight advantage over websites with HTTP. Although it is not a top ranking factor, it can certainly decide one position or another in the search results.

Imagine you decide against the SSL certificate for whatever reason. Your site is of equal or better quality than that of your competitor. However, they have decided to switch their WordPress site to https. His site is found on page 1, yours only on page 2 or even further back.

Too bad. Is that right? A fatal mistake from an SEO perspective.

You may be wondering what this HTTPS actually is. Let me explain briefly.

What is HTTPS?

Basically, like the HTTP protocol, it is nothing more than a communication protocol for data transfer on the internet. However, while HTTP transmits all data unencrypted, HTTPS transmits it encrypted and tap-proof using SSL/TLS (encryption protocol).

If you are wondering what the difference is between SSL and TLS. TLS (Transport Layer Security) is the new version of SSL (Secure Sockets Layer).

Without this encryption protocol, anyone can view, manipulate and misuse the transmitted data. For example, they could steal your credit card or bank account details. Or those of your website visitors.

If you as a website operator use the SSL certificate, data from your website is transmitted in encrypted form. This eliminates the risk of data theft and manipulation and your site is labelled as trustworthy in the respective browser.

How do you recognise an SSL-encrypted connection in the web browser?

You can recognise whether a website is HTTPS-encrypted or not by the following features:

1. A lock symbol at the beginning of the address bar
2. In Google Chrome and Mozilla Firefox, this is also green in colour
3. The address of the page begins with HTTPS

This is what ithelps.at looks like:

6 reasons why you should switch WordPress to HTTPS

Let's go through some important points regarding the HTTPS protocol together.

Reason 1: HTTPS is a ranking factor

I've already talked about this. It is explicitly a ranking factor. Even if it doesn't carry as much weight as others.

Here is a Google+ post by John Mueller (Webmaster Trends Analyst at Google) as proof of this:

Therefore, from our point of view as an SEO agency, an SSL certificate is highly recommended.

Reason 2: Security

Data that is exchanged between visitors and the website is encrypted and cannot be viewed by anyone.

Data exchange with a site without SSL encryption is unencrypted. Access data and sensitive data such as passwords and user names can be intercepted and read.

Reason 3: The visitor's sense of security

If visitors feel secure, they will be happy to visit your website or shop again. This generates traffic and, in the case of an online shop, sales.

The number of visitors also has a positive effect on your ranking.

Reason 4: Security warning in the Google Chrome browser

Since 2017, Google has started to display a security warning in its in-house browser Google Chrome (from version 56) if the site does not have a valid SSL certificate.

This still only applies to sites where sensitive data can actually be entered (e.g. login information/passwords or credit card information). However, it has already been pointed out that in future this warning will be displayed for every website without an SSL certificate - regardless of whether sensitive data is being transmitted or not!

As this warning could deter some visitors, it is advisable to switch to HTTPS.

Dein Ansprechpartner:
Florian Prohaska - Co-Founder

Möchtest du mehr Kunden über das Internet gewinnen? Wir können helfen!

• SEO: Sichtbarkeit und qualifizierten Traffic durch gezielte SEO-Strategien
• Google Ads: Effektive Werbekampagnen für maximalen ROI.
• Webdesign: Professionelles Design, das deine Besucher beeindruckt.
• Webshops: Individuelle Lösungen für erfolgreiche Online-Shops.
• Content-Erstellung: Wertvolle Inhalte, die Interessenten überzeugen.

Reason 5: Higher loading speed

The old HTTP, which is responsible for providing the website in your browser, has not been further developed since 1999. It therefore no longer really copes well with today's requirements.

the new version HTTP/2 was released in 2005. This is much faster. One of the reasons for this is that it allows multiple connections at the same time.

This still has nothing to do with HTTPS. But here it comes.

All current browsers only support HTTP/2 if the connection is SSL-encrypted.

HTTP/2 is therefore faster than HTTP, but only works with valid SSL encryption. Google likes this and visitors like it.

Reason 6: the GDPR

The European General Data Protection Regulation (GDPR) has been in force since 25 May 2018. Since this date at the latest, SSL encryption has been mandatory for all websites that process personal data. Failure to comply could result in high fines, some of which could threaten the existence of the company.

You can find out more about this in our articles: Contact forms GDPR 2018: What needs to be done on your website?

So much for the reasons why you should switch your WordPress to HTTPS. Now let's get practical.

How do I switch WordPress to HTTPS?

Let's get straight to the point and start with the first step. Log in to WordPress.

1. Create a backup of your WordPress site

If you don't have a current backup of your site, I recommend that you create a backup now.

I recommend the WordPress plugin UpdraftPlus for this. You can use it to schedule regular backups or create them manually. What I advise you to do in this case.

2. Get your SSL certificate

Most hosting providers now support the free SSL certificate from Let's Encrypt or have another one included in their hosting packages. Contact your provider and enquire. They will set this up on your server. In the worst case (if it is not included in the price), you will have to pay a few euros for it.

3. Change your URL in WordPress from HTTP to HTTPS

Once you have received the OK from your hoster and your SSL certificate is set up, you can change the URL. You can do this in your WordPress backend.

To do this, go to the menu item "Settings > General". There you need to change your WordPress address and your website address from HTTP:// to HTTPS://. Don't forget to save.

4. Redirecting from HTTP to HTTPS

To ensure that all requests to your website that are made via HTTP are redirected to HTTPS, you must first set up this redirection.

To do this, you must insert the following code snippet at the top of your .htaccess file.

If this solution leads to an error (redirected too often), which can happen with some hosters, use this variant of the code:

You can find the .htaccess file in the root directory of the WordPress installation.

5. Customise links in the database

The best way to do this is to use the Better Search Replace plugin. It is easy to use and works very reliably. Install it in your plugin area. Then call it up under "Tools > Better Search Replace".

Select the following settings to customise the links:

• Under "Search for", enter your old address with HTTP
• In "Replace with", enter your new address with HTTPS
• Select all tables (select the first one, scroll to the end, press the Shift key and select the last one)
• For the test run, tick the box "Test run?"

Then start the test run by clicking on "Search and replace".

It looks like this:

The change to the links is now simulated. Once the test run is complete, you will be shown how many table cells were found that should be updated.

After the test run was successful, remove the tick next to Test run and start the process as before.

All links in your database will now be changed to HTTPS.

6. Test your WordPress pages and links

You can easily do this by opening the page in your browser. If you see the (green) lock in front of your address, the content is being transmitted in encrypted form. Bingo.

Check all links to ensure that everything is correct in this area too.

If you see a call sign or a triangle instead of a (green) lock on a page, there is still "insecure content" that you need to correct.

To do this, proceed as follows.

I use the Google Chrome browser for this. Right-click anywhere on the page and select "Examine". An additional window will open. Click on "Console" there. You will now see all elements that are not transmitted via HTTPS.

To ensure that your page is displayed as secure in the address bar, you must correct all links that still begin with HTTP.

With these final corrections, the switch from WordPress to HTTPS is complete.

You should still do this after switching from WordPress to HTTPS.

• Enter your HTTPS address in the Google Search Console
• Do the same in Google Analytics
• Change your URL in your social media accounts if you link to your site from them

Is there an easier solution to switch WordPress to HTTPS?

There are some plugins that promise a simple solution. Whether these solutions are also secure and reliable, I don't know at the moment. I prefer to switch manually, as I have everything under my control.

Nevertheless, I will list the most important plugins here.

WordPress HTTPS (SSL)

Really Simple SSL

I don't recommend the other plugins as they haven't been updated for a long time and are therefore probably not up to the latest security standards. However, you can search for them in Google by entering "wordpress to https plugin".

If you are not happy with either solution - one because it is too time-consuming and the other because the plugins are too insecure - contact a specialist. We will of course be happy to assist you with your switch to HTTPS. You can contact us here.

Are there any disadvantages to switching from WordPress to HTTPS?

Some opponents of SSL encryption claim that it also has serious disadvantages. However, I think that the advantages far outweigh the disadvantages and that the problems only affect a few website operators.

But let's take a closer look at the arguments against the SSL certificate.

Encryption slows down the website

This problem only affects you if you operate a high-performance system with a lot of traffic. Furthermore, this problem is more than compensated for by HTTP/2 (as discussed earlier).

Some scripts no longer run after the changeover

If you have done everything right with your website, you are already on the safe side. It is now possible that some third-party providers are still delivering in HTTP. This would result in some scripts not working as you would like them to.

If this is the case, you are faced with a choice. Security or function? What is more important to you?

You could also look for a solution that works via HTTPS.

Less advertising revenue

Yes, it's true. If you run your WordPress site to generate advertising revenue, this problem could affect you. Some providers of adverts are still lagging behind developments and still deliver their links in HTTP. This may mean that you have slightly fewer advertising options available at the moment. In my opinion, however, it is only a matter of time before these providers also switch to HTTPS.

The switch from WordPress to HTTPS has failed. What to do?

It can happen that something goes wrong. For example, when making an entry in the .htaccess file. It can happen that you suddenly no longer have access to your website.

Don't panic.

First contact your host and have the last backup restored. As a rule, this should not be older than a week.

I recently had this problem with one of my private WordPress sites. A little carelessness when entering a code in the .htaccess and my site was down. My host restored a three-day-old backup and I had access again. I then imported my most recent backup (I create a full backup every day) and everything was ok again.

If you don't dare to switch your website to HTTPS yourself after this, get in touch with a specialist.

Here you can find our instructions on how to switch Joomla to https.

Frequently asked questions about HTTPS

What does HTTPS mean?

HTTPS stands for Hyper Text Transfer Protocol Secure and ensures secure data transfer between a web browser, also known as a client, and a website hosted on a server. A request from the client is followed by a response from the server.

How do you create an HTTPS?

The prerequisite for an HTTPS is a so-called SSL certificate. This certificate confirms that the website belongs to the specified website owner. The certificate can usually be purchased directly with a domain or hosting package if it is not already included.

What is an SSL certificate?

SSL stands for Secure Socket Layers. This certificate confirms that the website belongs to the specified website owner and ensures secure data transmission between the web browser (client) and the server. You can recognise that a website has an SSL certificate by the fact that the URL begins with HTTPS (Hyper Text Transfer Protocol Secure).

What is the difference between HTTP and HTTPS?

Websites with HTTP (Hyper Text Transfer Protocol) do not have an SSL certificate, so the data transfer is not protected. In comparison, websites that have an SSL certificate have a URL that begins with HTTPS (Hyper Text Transfer Protocol Secure), so the data transfer is secure.

When is HTTPS used?

HTTPS (Hyper Text Transfer Protocol Secure) is used to ensure secure data transfer on a website. When entering sensitive data on the Internet, you should therefore ensure that the website has a secure connection. This can be recognised by the lock icon in front of the URL.