HTTP to HTTPS: How to Migrate Your WordPress Website

Last Updated: August 5, 2021
Filed Under:  SEO, WordPress

Migrating your website from HTTP to HTTPS is a Must-Do now that most web browsers are displaying warnings when a site is not secure.

In this blog post, you’re going to learn how to move your site from HTTP to HTTPS, in order to secure your WordPress website and avoid those browser warnings.

You’ll also get an explanation of what HTTPS is, what SSL is and why (together) they’re needed to secure your website.

Additionally, I’ll share with you the SSL Checker I used, so you too can check that your move to HTTP with SSL was successful.

And finally, below you can download the Actual Checklist I Used when I recently migrated one of my sites over to HTTPS.

My Own Website Move From HTTP to HTTPS

Http to HttpsAfter putting it off for a long time, I finally moved my Honest Wine Reviews website over to HTTPS.

I procrastinated for so long because I had heard that you could lose a lot of your website traffic when you make the switch.

I had also heard that it would take a long time and would be very technical.

But, with Google’s secure web initiative underway and Chrome marking HTTP sites as “Not Secure” beginning in July 2018, the time had come.

So, I set aside a full week for the project, put together a checklist from my research and off I went!

When all was said and done, it only took a few days.

And, within a few more days I saw that there was a bit of a traffic increase to my site as Google started to re-index my new and improved HTTPS URLs.  Yes!!

So, all in all, not so bad and I’m glad I did it!

My Turn to Help You

HTTP to HTTPS HelpNow that I’ve survived my own HTTP to HTTPs move, I figured I’d write this blog post to try to assist others who might be doing the same.

I do want to say that my implementation may be different than yours.  So, definitely do your own research and please use what I did as a guide only.

However, I found that what worked for me was very similar to other instructions I found online.  Given that, I suspect that many of the steps apply to most people.

OK, with that said, let’s start by covering a couple important concepts, SSL and HTTPS.

I think it’s smart to understand WHY you are doing something and not just blindly do it.

What is SSL?

SSL stands for Secure Sockets Layer.  It’s a well-established security protocol for encrypting links and traffic between web servers and browsers.

Getting SSL on your site is done through the installation of an SSL Certificate that is normally provided and installed by your hosting provider.

To get you started, most good hosting providers give you a free SSL Certificate from Let’s Encrypt.

Let’s Encrypt is a certificate authority the provides SSL Certificates.

What’s important about this, is you need to have an SSL Certificate in order for HTTPS to be enabled for your website.

Think of it as step one.

What is HTTPS?

HTTPS is the next step.

HTTPS stands for Hyper Text Transfer Protocol Secure and it provides for secure communication on a computer network.  i.e. The Internet.

That secure communication requires encryption, and that encryption is enabled through SSL.

See how the two come together?

So, put together, this is referred to as HTTP over SSL which results in HTTPS.

Installing SSL and enabling HTTPS

If this is already starting to feel overwhelming, know that your hosting provider will most likely do the technical work of installing the SSL Certificate and making the switch to HTTPS for you.

You’ll have some work to do before and after, and will also need to ask your hosting provider to enable SSL and make the switch to HTTPS…  Most likely through submitting a support request.

With that said, if you’re feeling brave, some hosting providers give you the tools to do it yourself.

I chose NOT to do that and would suggest you take advantage of help from your hosting provider and have them do it.

HTTP to HTTPS – Step By Step

Now that you’ve got the background, let’s get into the actual move from HTTP to HTTPS.

I found that there were really three phases to this move:  Before the Switch, The Switch and After the Switch.

So, below we’ll break this little project up into those three phases.

Also, you’re going to want to set aside some good “focus time” for this, especially if you’re not very technical.

So, plan on a few days of uninterrupted work time and get yourself in the mindset to work.  If you’re really fast, it may only take you a day or two.

Another thing I want to mention is that you might think this would be a good time to also change around the structure of your website or URLs.

Don’t do that!

Google is going to need some time to process the move and re-index your site and you don’t want to confuse their algorithm with “extra stuff.”

Your only goal should be to switch your site from HTTP to HTTPS and nothing else.

Before the Switch

Before the SwitchBefore asking your hosting provider to make the switch, you want to take some time to gather some current data and structure for your site, fix any existing errors and in general get ready for the move.

With that said, let’s get into the steps:

1 – Document Existing Traffic

Start by creating a spreadsheet of the last 12 months of traffic from Google Analytics for comparison after the switch.  You should be able to download this from your Analytics account.

You want to do this because in the days and weeks after the move you’ll want to see if you helped or harmed your site by making the switch.

Most likely, you should see a little traffic increase since Google now looks at HTTPS as a ranking signal.

2 – Check Cloudflare (if you are using it)

If you’re using Cloudflare you may need to make some adjustments to your settings.

Before the switch, check your settings in Cloudflare.  You’ll likely find this in CPanel on your hosting dashboard.

Under SSL support, look to see that it’s set to Flexible.  If it’s not, you may encounter some downtime after the switch.

Check with your hosting provider just prior to the move for additional guidance if it’s not set to Flexible.

After the switch you’ll be checking to see that it’s set to Strict.

3 – Google Search Console Export

Next, go into your Google Search Console account and export your site’s backlinks, URLs and Keyword Rankings.

Similar to Analytics, in the days and weeks after the move you’ll want to see if you helped or harmed your site by making the switch.

With the backlinks, after the switch you may want to contact the websites that link to you and have them update their links to you to be HTTPS.

The less redirects to get to your content the better, for SEO purposes.

4 – Use Screaming Frog to Crawl Your Site

A great tool to check the SEO health of your website is Screaming Frog.

It crawls your website and looks for things like broken links and existing redirects.

You’ll want to run that to see if you have any errors or redirects that need to be cleaned up before your switch.

It’s also good for getting a full list of all URLs on your site.

After the switch you’ll be able to use this list to check to make sure all URLs were switched to HTTPS and you don’t have any rouge HTTP links.

5 – Document Your Sitemap

Before you make the switch you should save or printout your sitemap (use Yoast for this).

You’ll use this later to make sure all your sitemap URLs moved to HTTPS.  And, that there was no problem with Yoast generating a new sitemap that looks like the old one (with HTTPS URLs of course).

If there is a problem, you’ll have the old sitemap to reference.  Keep in mind Google uses your sitemap to understand the structure of your site.

6 – Benchmark Your Site Speed

Before making the switch, it’s a good idea to benchmark the “before” speed of your site.  You can use Google PageSpeed Insights to do this.

If you see that you’re getting a poor grade, consider making some speed improvements prior to making the switch and then run it again.

After the switch, you’ll run this again and check to make sure nothing bad happened speed wise to your site.

7 – Consider Deactivating and Deleting Plugins

Now’s a great time to look at the plugins you have installed and see if you really need them.  If not, deactivate and delete them.

Also, check to make sure the plugins you are using are compatible with HTTPS for after the switch.  If not, you’ll need to delete those and look for compatible ones.

I removed all but the bare essentials prior to my switch.  I figured it best to remove as many chances for problems as possible.

After the switch I reinstalled what I needed.

8 – Clear Out Spam Comments

While this was probably optional, my intent was for my WordPress DB to be as lean and clean as possible prior to the switch.

Also, the spammers love to include nasty links in their comments and I didn’t want any of those links to somehow get involved with the switch.

Probably overkill, I know.  But better safe than sorry.

9 – Do a Full Backup – Including htaccess

Last, but not least, take a full backup of your website.

If things go horribly wrong, you’re going to want that backup to get you back to square one.

I did this through the manual backup function in CPanel and I included a backup of my WordPress DB.

Don’t forget to backup your .htaccess file.  When your provider makes the switch, they’ll be adding redirect code to that file and if that’s done wrong, your website may not come up.

To do that, use Yoast SEO.

Go to SEO -> Tools -> File Editor.  Scroll down and then carefully copy and paste the code in there into a text file for safekeeping.

Now take a break…  You’ve earned it!

The Switch

The SwitchThe switch from HTTP to HTTPS (i.e. HTTP over SSL) should happen quickly after you ask your host to do it.

I did all the steps before the switch the day before the actual switch itself.

I made my request early in the day and spent the majority of the rest of the day working on the After the Switch tasks.

It’s important to immediately jump on the After the Switch tasks in order to correct any problems, avoid downtime and let Google know what just happened with your site.

With that said, here’s the three steps in this phase:

1 – Submit a Support Request

Go ahead and submit a support request to your hosting provider.

In the ticket, tell them you want to have SSL installed and switch your site from HTTP to HTTPS.

They should be able to take it from there.

2 – Monitor and Resolve Problems Quickly

After you submit the request, keep an eye on it.

Things should happen fast, so be ready to jump on problems if they come up.  Then work quickly with your provider to resolve them.

3 – Await Completion

As soon as you get word the migration is complete, immediately jump to the After the Switch tasks.

After the Switch

After the SwitchThis phase is mostly about testing your site and resolving issues quickly.

1 – Do a Quick-Test

Bring up your home page in Chrome and click around in the URL box.

Look for a message that indicates your site is secure, just to the left of your URL in the browser.

From there, quickly run through your most important posts and pages on your site and look for the same.

All posts and pages should now be defaulting to https://

If not, get back to your hosting provider immediately.  It means something went wrong with the switch on their end.

2 – Run an SSL Checker

There’s a great SSL checker I used called SSL Server Test that checks to make sure your SSL certificate is setup correctly.

Run that SSL checker by entering in your site into the field provided and then click on the submit button.

It will run for a bit and then give you a report on your SSL Certificate.  The report displays a letter grade as an overall rating.

Look to see that you get an ‘A’ grade.  If you do, you’re good to go.  If not, delve into the report and get back to your hosting provider to figure out what the issue is.

3 – Check Your ‘General Settings’ in WordPress

In your WordPress dashboard, go to Settings -> General.

In there, check to see that both the WordPress Address (URL) and the Site Address (URL) have been changed to HTTPS.

If not, change it.  Normally, this should already have been changed when your hosting provider made the switch.

4 – Check Your wp-login and wp-admin

Since you’ve logged in to WordPress, go ahead and check to make sure that your wp-admin URLs (when logged into WordPress) start with HTTPS.

Also, log back out.  Then go back to your WordPress login URL and make sure it starts with HTTPS now.

If you have a browser bookmark for your WordPress login, you may want to update the URL to now start with HTTPS.

5 – Check htaccess

Use Yoast again to check your .htaccess file.

You’re looking to make sure there’s been a redirect from HTTP to HTTPS.

You should see a bit of new code in there that looks something similar to this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

That’s the code that tells your website to permanently redirect HTTP to HTTPS for all your URLs.

It’s known as a 301 permanent redirect and is one signal to Google that your site has moved to HTTPS.

6 – Fix Old Redirects in htaccess

While you’re in there, check to see if you have any old redirects you may have put in there previously.

I had a few and changed them to redirect to HTTPS URLs instead of the old HTTP URLs.

The automatic redirect HTTP to HTTPS would have handled it, but I would have had extra unnecessary redirects which would have been bad for SEO purposes.

7 – Check for Too Many Redirects

As an extra step, check out a tool called Redirect Mapper by Varvy.

Enter your site in and click on the Go button.

It will let you know all the redirects that can happen with your site and is a good tool to help you fix your redirects in htaccess.

Also, you want to try to avoid having too many redirects since it can hurt your indexing and performance.

You’ll see when you run the tool that one redirect is fine.  Two or more is worth taking a look at.

8 – Set Your Sitemaps to HTTPS with Yoast

You want to make sure your sitemap is now HTTPS only.

To do this, go to Yoast SEO -> General and click on the Features tab.

From there, set your XML Sitemap to Off and click on Save Changes.

Then go back and set your XML Sitemap to On and click on Save Changes.

This should refresh your sitemap and you should see all the URLs in it to be HTTPS now.

Do compare it to the one you saved from Before the Switch and check to see it’s similar.

9 – Check for Mixed Content Errors

This is a big one that can trip you up if your hosting provider didn’t take care of this for you.

After you make the switch, EVERY URL should be HTTPS, including image URLs.

If you have some that are HTTPS and some that are still HTTP, that’s called Mixed Content.

Mixed Content will cause browsers to give you a Not Secure warning even if the main URL in the browser says HTTPS.

When I made my switch, I had a situation where I had some old affiliate links that I hadn’t correctly cleared out years ago.

I ended up going into the HTML for those Not Secure pages and did a search on ‘http’ to find them.  Once I found them I deleted them and then the browser message changed to Secure.

Use the Inspect Tool

Another way to find the source of these problems is to use the inspect tool for your browser and look for the mixed content warnings in the console that comes up.

To correct these problems, you can manually update the HTML in your posts and pages, as I did.

Or, if the problem wasn’t caused by you and it’s the result of an incompatible theme or plugin, strongly consider switching to a different theme and finding a better suited plugin.

If you’re still seeing problems, you’re really down to two options at this point.

Option 1

The first (and most optimal) is to ask your hosting provider to fix your WordPress DB, so that all of your website URLs that still start with HTTP are replaced with HTTPS versions.

Option 2

The second is to try and do it yourself with the Better Search Replace plugin.

Using this plugin, you’ll select all your database tables and then search for all instances of your website URL that start with http and replace them with https URLs.

For example:

Search for:

Replace with:

And obviously substitute with your own website URL.

If you do use the plugin, I’d suggest taking a backup of your site and WordPress DB before doing this, in case something goes wrong.

10 – Check Cloudflare Again (if you are using it)

If you’re using Cloudflare, you now need to make sure your SSL settings are set to Strict.

Go into Cloudflare again and under SSL support, look to see that it’s set to Strict.  If it’s not, set it accordingly and make sure your website is working properly after making that switch.

You may find that your hosting provider has already done this for you when the switch was made.

11 – Check and Update Pretty Links (if you are using that plugin)

Since many bloggers use this plugin for making their affiliate links look pretty, I thought this was worth a mention.

Simply go through all your Pretty Link links (both in your WordPress dashboard and on all your posts and pages) and make sure they’re set to HTTPS.

In my case, this was handled as part of the switch by my hosting provider (SiteGround) so I didn’t need to do anything.

12 – Run Screaming Frog Again

Go ahead and run Screaming Frog again and look for any errors or redirects that need to be fixed.

Use the list you created before the switch to check to make sure all URLs were switched to HTTPS.

13 – Test Your Contact Form

Test your website’s contact form by sending yourself a message.

This will ensure the switch didn’t break anything there.

If it did, delete the plugin or form builder you’re using and look for a replacement that is HTTPS compliant.

14 – Check Your Scripts

It’s likely that you’ve manually entered scripts inside your website for things like the Facebook Pixel, Google Analytics, Tags, etc.

Go and check all those scripts and make sure they all have HTTPS URLs when a URL is included inside the script.

If not, you’re probably running an old version of the script.

Go back to where you got the script in the first place and get the latest HTTPS version.  Then, simply replace your script with the new version.

If there is none, question why you are using that script in the first place.  It can probably just be deleted.

You should also check that all your scripts are still working correctly.  Do this whether you needed to change them or not.

15 – Check Your Site Speed

Take a look at the benchmark of the “before” speed of your site.

Then, rerun Google PageSpeed Insights and take a look at your grade.

More than likely, it will be the same or slightly better.

If it’s significantly worse, run it again just to make sure.  Sometimes a second run will be more accurate.

If it’s still bad, check the reasons the tool gives and work to make improvements.  This may be another case where you’ll need to work with your hosting provider to determine what the problem is.

16 – Add Your New HTTPS Site to Google Search Console

In the eyes of Google, the HTTPS version of your site is actually a new site to them.

So, you’ll need to submit your site to Google Search Console to let them know about it, and prevent SEO issues.

To do that you’ll add your HTTPS site as a new property and then verify ownership of your site.

17 – Submit Your Sitemap

You’ll also need to submit your updated HTTPS  Sitemap in Search Console for the new property.

18 – Fetch, Render and Crawl

Still on the subject of Google Search Console, you’ll also need to fetch your new site.  Use your homepage as the URL to fetch.

Choose the option to render it in both the mobile and desktop versions.  Then take a look to see that it looks OK.  If you’re site was never mobile ready, this is where you’ll find out.

Then submit both the mobile and desktop versions to be crawled.

Be sure to request indexing for the URL and its linked pages.

If you get an error when trying to do this, you may need to wait until the next day.

19 – Tell Google Analytics About Your Switch

Since Google Analytics has been reporting on your HTTP site up until now, you have to tell it to switch to report on your HTTPS version from here on in.

The good news is that you don’t lose your previous reporting.  It remains and then picks up on the new site as soon as you tell it.

To do this you need to go into Admin and then update both the Property Setting and the View Settings for the property you’re updating.

In there, all you need to do is change the Default URL dropdown from http:// to https://

20 – Don’t Forget Bing

You also need to let Bing know you’ve made a switch.

Fortunately, it’s much easier with them.  You just submit a new HTTPS sitemap and you’re good to go!

21 – Do a Final Check of the URLs from Screaming Frog

By now you’re probably in the clear, but, it’s a good idea to go through all those URLs in your Screaming Frog report and enter them into your browser.

Make sure each one behaves as expected and shows up as Secure in your browser.

It could be a long and tedious process, but it will confirm that no stone has been left un-turned.

If you’re feeling confident, just choose a sample and enter those.

22 – Update Internal Links

Inside all your posts and pages you’ve probably hyper-linked a lot of text, images and other things.

Give thought to where all those are and check each one to be sure that all the clickable links are HTTPS links.

It’s quite possible this was taken care of when the switch was made (and in previous steps above), but it’s definitely worth a double-check.

23 – Reinstall Plugins

Before the switch you deactivated and deleted as many plugins as possible.

Now is the time to reinstall them and make sure they’re all HTTPS complaint.

If they’re not, either go without them or replace them with ones that are.

Be sure to test the functionality that the plugins provide.

24 – Update Social Media Profiles

Go to each of your social media platforms and change the links that point back to your site to HTTPS.

25 – Next Day – Backup

The day after you’re sure that everything is working well, take another full backup of your website and htaccess.

This will be a great, clean backup with all your fixes.

26 – External Link Updates

Over time, reach out to the webmasters of the sites that link to yours.

Ask them to update those links to be HTTPS.

This will reduce the number of redirects to get to your externally linked content and help to reduce the loss of SEO “link juice” to your site.

27 – Monitor and Compare Traffic and Rank Over Time

And finally, keep monitoring and comparing your traffic over time.

Use the traffic spreadsheet you created of the last 12 months of traffic from Google Analytics, way back in the first step before the switch.

Also, use your Google Search Console export to do this as well.

You want to monitor your traffic and keyword ranking over time.

Hopefully you’ll see improvements or at least no negative changes.

If you see a decline, investigate why and make improvements.


I hope you found this guide to move your website from HTTP to HTTPS comprehensive, useful and valuable.

Don’t forget to grab the actual checklist I used below.  It’s a PDF that I know will be helpful to you.

Keep this next to you while you’re going through your change and check off each step as you do it.

Related Posts

SiteGround Review and Setup

SiteGround Review and Setup

How to Start a Blog in 2022

How to Start a Blog in 2022

7 Must-Have WordPress Plugins For Your Website Or Blog

7 Must-Have WordPress Plugins For Your Website Or Blog

SEO Basics: 13 Proven Tips to Get Your Website Search-Ready

SEO Basics: 13 Proven Tips to Get Your Website Search-Ready

Jon Rogers

I'm Jon, the founder of Online Business Ambitions and Honest Wine Reviews. I've been in the blogging and online business world since 2012 and my real world experience has taught me a lot. Here on Online Business Ambitions my goal is use that experience to help YOU start and grow your own online business and blog!

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}