How to Add Https to WordPress


Last month, Google announced the deadline of July 2018 for Chrome beginning to mark all HTTP sites as “not secure”, urging publishers to upgrade to HTTPS soon.

This means any websites, small and large, should migrate from HTTP to HTTPS sooner rather than later, if they don’t want to lose the largest organic traffic source.

Specifically, in this article, I will show you the detailed process of how to move your WordPress website to HTTPS. And I’ll be assuming that you’ve mastered some basic knowledge of WordPress coding and already installed an SSL certificate on your website.

How WordPress Website Is Structured?

It’s important to understand WordPress file and directory structure before doing any changes to your website, which helps you solve many common WordPress issues independently.

To see the file and directory structure, you need a FTP client or File Manager to connect to your WordPress website. Usually, it looks like:

All the files and folders in the red squares are the core WordPress files that run your WordPress website and that should not be edited on your own.

In your WordPress root directory, there are some special configuration files containing important settings to your WordPress website, including .htaccess, wp-config.php and index.php. Be careful when you edit these two files because every slight mistake can result in your website inaccessible.

Besides, the wp-content folder also plays an important role after all your WordPress uploads, themes, and plugins are stored in this folder.

Prior to migration, you’d better have a complete WordPress backup in case something goes wrong. At Bisend, we offer you a powerful backup tool—the Plesk control panel, to backup and restore your WordPress website easily and quickly. Check out this tutorial to find more details.

How To Move Your WordPress Website From HTTP To HTTPS?

In a nutshell, the WordPress website migration is a process of replacing every single instance of HTTP resource link pointing to your website or external domains with an HTTP equivalent.

To avoid the mixed content issue caused when an HTTPS website tries to load HTTP resource, you need to ensure that no website resource point to an HTTP endpoint. The website resources include JavaScript files, Images, CSS files, Videos, Audios, Fonts, Form actions, iframes, as well as Internal URLs used in CSS/JavaScript files.

You don’t need to do any changes to the core files in the wp-admin and wp-includes folders but check the plugins and themes. These files are automatically HTTPS compatible and tend to cause unexpected bugs by any editing.

Step 1. Redirect HTTP to HTTPS

There are many options available to help with permanently redirecting all the HTTP traffic to HTTPS. You can do it at the server level or by harnessing the power of third party software. No matter which way you opt for, keep in mind that a 301 redirect directive is necessary in regards to SEO.

Redirect HTTP to HTTPS in Nginx

If your WordPress website is hosted on an Nginx web server, you can easily have all HTTP traffic redirected to HTTPS by adding the following code to your Nginx config file:

Redirect HTTP to HTTPS in Apache

If you WordPress Hosting use Apache web server, you can easily have all HTTP traffic redirected to HTTPS by adding the following code to your .htaccess file:

Redirect HTTP to HTTPS using Plesk Onyx

The easiest way, however, is using Plesk’s force redirection functionality. When you log into your Plesk control panel, go to Websites & Domains > Hosting Settings page, and then select the checkbox of Permanent SEO-safe 301 redirect from HTTP to HTTPS under the Security section.

Step 2. Search & Replace Hard-coded HTTP Links

After you have redirects in place, you can start fixing the hard-coded HTTP URLs. If you’re an experienced tech-savvy folk, using WP-CLI seems the most possible choice. However, if you don’t have much experience in coding, using a free WordPress plugin like the Velvet Blues Update URLs is still good.

Upon activation, you need to go to Tools > Update URLs page to configure plugin settings.

You will be required to offer both your old and new website URLs and choose where you want the URLs to be updated. As the image shows, you can update URLs in page content, excerpts, links, attachments, and customer fields, etc. After select the items, click on Update URLs Now button.

The plugin will automatically find and replace all instances of old URL with your new URL.

Step 3. Update CDN

If you’re using CDN, you need to migrate it to HTTPS to avoid running into mixed-content warning issues. However, the migration for each CDN is different and you should check with your CDN provider to ask for assistance if you have problems.

Step 4. Change URL in Google Analytics

Once you migrated to HTTPS, you may get incorrect data in Google Analytics, including referral data and a spike in direct traffic.

Firstly, you need update Google Analytics Default URL protocol in property and view setting.

Secondly, link your Google Analytics profile to new HTTPS site. You can go to Admin menu of Google Analytics -> Property Settings. You will find below configuration item and modify it as below.

Choose the new site with HTTPS protocol and hit Save. You will get a prompt about un-linking HTTP association. Hit OK.

Thirdly, update all URLs within your third party solutions that integrates with Facebook, Twitter, Bing, and more to HTTPS protocol.

Lastly, migrate all referral links from third party links, referral clicks, Adwords, or landing pages to HTTPS to prevent loss of traffic source.

Step 5. Resubmit Website in Google Search Console

Since Google treats and as different websites, you have to resubmit your website’s HTTPS version to Google Search Console and claim ownership to this property.

And don’t forget to resubmit your sitemap:

HTTPS Troubleshooting Tips

No matter how knowledgeable you are, you may make mistake in the process of moving your WordPress website to HTTPS. The most common stuff that you might confront with are:

Mixed Content Warnings

This problem arises when the browser finds non-secure links on an otherwise secure page. Many times, it is caused by updated links jquery libraries, custom fonts or similar to their HTTPS version. So, before you publish the WordPress website, you should double check your site and pay more attention to this issue.

Decreased Search Rankings

As you know, Google treats https:// and http:// URLs as two different entities. Even if you set up 301 redirects, it only guarantees 90-99% of the link juice will be successfully transferred. So, it is possible that your website might not appear in first search engine results in the very beginning.

However, there is no need to worry too much, because it is usually temporary. If you’re confident about your content, when the initial dip finishes, your traffic will climb up and the HTTPS benefit will go a long run.


As you can see, the real WordPress website migration process is not straightforward as expected. But it is not that difficult that only developers or experienced users can handle it. Just follow the steps as above mentioned, you can make it easy and save time and effort.