Article | Date posted : 17 August, 2014 | Updated on : 25 January, 2015

Changing WordPress from HTTP to HTTPS / SSL

Sponsored Links

Google announced on the 6th of August that it will use HTTPS as a ranking signal for Organic search results. What you might have missed was that for the past year Paid search results where also benefiting from ranking HTTPS sites higher than normal HTTP connections. (Source: Google Adsense Representative in Dublin/Ireland)

The ranking is a significant boost effecting 1% of global searches. The change over to HTTPS is definitely a big bonus. In this article I will cover both WordPress and normal non CMS platforms on how to change to SSL URLs.

So lets first discus the common worries.

You do not have to do anything special to your Google Analytics or Google Webmaster settings, but you do have to re-add your website to Google Webmaster Tools. For example if your current site is and you are changing it to both platforms will automatically adopt the redirected site. (As long as you have done it correctly using my SEO friendly method below)

You could even redirect to a non www site
As you are already planning in redirecting, I would opt out using the www feature and redirect your current site directly to There will be no disadvantages if you keep www but as of late more and more companies are changing to redirect to non www format. The theory behind non www is that it’s shorter and not a sub domain. WWW is actually a sub domain, and thus would benefit removing this feature.

If you follow my SEO friendly steps correctly Google will not remove the previous earned ranking! Tested with a well established eCommerce website which is custom build and uses a WordPress blog platform.

The first stage is to get yourself a SSL certificate, all web hosting companies allow you to install these certificates automatically, simply get in touch with your hosting company for a price quote. If you’re using Media Temple than a certificate is only $75 per year.

WordPress Changing the URL

Step 1

Important if you have iThemes Security!
Before we start you need to disable iThemes Security  as we will need to re install this plugin. The reason for this is that the settings within the plugin do not update when you make the following changes, and will only work if you re install iThemes security from scratch.

Step 2

wordpress general settings ssl

Second step is to go into your Settings and select General. Within the general settings change both WordPress Address (URL) and Site Address (URL) to https

Step 3

search and replace http to https


Install the plugin Search and Replace.

We now need to replace all existing internal HTTP site URLs to HTTPS.

There are two methods, if you only have WordPress installed on your database than the first method is ok to use. If you have multiple or different sites running on one database you need to use the second option where you can select which table to modify.

When you use this plugin ensure that you have typed in the full domain name you have used previously. If you used than type this in the search for field, if you have used a non www site than type in your search query.

In the replace with field you enter the relevant site URL but instead of http:// you enter https://

Step 3

Re activate iThemes security, follow the steps in the following article on how to remove and add iThemes security correctly. Simply reactivating will not work, as you need to delete the tables in your database to enable a full reset of iThemes security.

Step 4

Check your menu for any static URLs, if you have added them manually than all of these URL’s need to be changed to HTTPS

Step 5

Update your sitemap.xml file, whether you use an offline application, dedicated or plugin you now need to reindex your sitemap.

Once you have updated your file, simply resubmit your sitemap.xml to Google Webmaster Tools / Bing / etc.

In Google Webmaster Tool you need to add the website as a new site, when adding a site don’t forget the prefix https://
As mentioned before you don’t need to do this strait away, but you will notice the tracking slowly disappearing, which is not a problem as whenever you activate the new site, it will have picked up the history for all https related traffic.

search queries

Step 6 (optional)

If you want to secure your admin panel you can use one of the two following methods.

Install the following Admin WordPress HTTPS plugin and follow the settings

If you know how to edit your wp-config.php file than add the following line to your PHP file

Redirect a normal website using htaccess

The SEO friendly method to redirect a website is by using a 302 Permanent redirect. Simply use the code below which will redirect your HTTP website to a HTTPS URL.

Step 2

Re-index your sitemap.xml file and submit it to Google Webmaster.

When can I expect changes?

Changes can be seen as early as 24 hours, this depends highly on the popularity of your website.

If you need any help simple contact me

[contact-form][contact-field label=’Name’ type=’name’ required=’1’/][contact-field label=’Email’ type=’email’ required=’1’/][contact-field label=’Website’ type=’url’/][contact-field label=’Comment’ type=’textarea’ required=’1’/][/contact-form]

Sponsored Links


3 thoughts on “Changing WordPress from HTTP to HTTPS / SSL

  1. Would you recommend SSL as a must for when you use woocommerce? Is it possible to have certain parts of your site SSL (such as shopping area). I believe I’ve seen that on other sites where the home page is not https but some of the inner pages are.

    1. Hello Mark,

      With over 200 different variables dictating your ranking, I suggest that if you are able to integrated more known ranking techniques that you are beating your competition. The site I recently changed was also partly SSL, but changed everything all pages and linking to HTTPS. And I have seen great ranking improvements.

      Now to your question, it’s not a must. If your only intention is to secure the checkout than that is fine. But you will not gain any ranking benefit. To gain ranking you must have the whole site in HTTPS.

      And yes you can have parts of your site secured and others not. There is no problem with having that. Yet again no ranking benefit.

      1. Thanks for your reply. My purpose is more to provide security on the ecommerce page than for SEO. But it is a good point. I see your point: For rankings it’s all or nothing. Maybe SSL isn’t so important if I’m using a gateway and not directly collecting credit cards? But it’s likely a nice layer of protection for the wp-admin login area. Thanks again.

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow me on Google+

Google Shopping Data Feed Generator

Sponsored Links

Hire Me