homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

How to change http to https?

 11:21 pm on Aug 14, 2014 (gmt 0)

Has anyone any advice on how to change a wordspress based website (which has two wordpress installations - one in root and one in a folder) - from http to https?

I have the certificate installed by my hosting provider and the domain resolves in https AND http - although the https has styling issues with font etc...

in my admin panel (via http login) settings it still shows http - and if I change that to https and save I get kicked out... (maybe due to logging in from http?)

I am not sure how the https and http actually work... but at the moment I have http working fine... and a half-working https... Do I need to do a global search and replace for http to https but will that solve everything? - or should I do an .htaccess redirect...

I have only seen one https Wordpress Plugin which - reading the comments - doesn't no fully work..

Any help gratefully recieved...



 11:45 pm on Aug 14, 2014 (gmt 0)

I think there are two methods to setting up https, one is to merely map http to https, the other is to set up a completely new and secure directory that then resolves to https, i.e. an entirely new domain.

You would need to figure out which setup your host provided.

From my research so far I would go for a completely new directory rather than mapping. Then use a backup and restore utility such as Back Up Buddy to migrate to the new server / url. But I would first experiment with a non-essential website and see how it goes. As a back up to the back up I would also consider using Vault Press.

Either that or hire a professional to do it. I can imagine a slew of problems with plugins and paths and so on.

And a possible crash in rankings if anything is screwed up.

If you use Adsense I saw somewhere else that your income will crater using https as not many advertisers bid on https ads at this time.

I would advise waiting a couple months until early adopters wreck their sites and rankings and we learn from their mistakes ;o)


 11:58 pm on Aug 14, 2014 (gmt 0)

You just need a global redirect that would take all calls for http and push them to https with a 301. That would tell the search engines to remove all indexed http pages.


But be sure there are no resources that call http directly from within your website. As noted, it will cause issues.

Yes, getting booted out of the Admin panel is normal when you change the site's URL settings.

I'm curious why you want the entire site in HTTPS? Normally this would be used for eCommerce and access to the dashboard. Why lock up the public side?


 1:20 am on Aug 17, 2014 (gmt 0)


The reason the OP is asking may be due to this:


Now as to your recommendation, is it really this easy?

With a simple redirect presto chango everything will work fine? No plugins will break? No duplicate penalties from Google?

On my current host I inquired as to how to proceed with getting https and asked if this is not a completely new and different domain in the eyes of Google (and plugins):

"If you get your SSL issued for either www.domain.com or domain.com and when you order the installation ask it to be mapped to your /www then all existing content would be accessible either by HTTP or HTTPS.

"If you have the certificate installed to the /www/Secure_Server then only the content in /www/Secure_Server would be covered by HTTPS..."


 3:00 am on Aug 17, 2014 (gmt 0)

Remember, HTTP and HTTPS are treated a separate domains in Google so expect possible ranking upheavals while it's in transition.

This would be best handled in the Apache forum, but here's a solution to force the entire site into HTTPS that you add to your .htaccess file in the root of your hosting account, the httpdocs folder or whatever it's called on your server.


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

The above code basically says "IF HTTPS is OFF then redirect to HTTPS://"


If you're using a control panel like Plesk you'll find a checkbox that will configure one folder to server docs for both http and https.


If you can't click a checkbox to resolve this issue, you can do the following:

If you have shell access, and the control panel doesn't support serving it all from one folder, do something like this, which would also work on a Plesk server, adjust accordingly:

1. Delete your httpsdocs folder which may be something like:
"rmdir /home/vhosts/domain/httpsdocs"
You'll probably have to empty it first, which can be done with one command but I'll let you clean it out the hard way to make sure you don't kill anything you need.

OR, more simple and easy to recover in case all hell breaks loose is to just rename it and restore it in case you can't make this work.

"mv /home/vhosts/domain/httpsdocs /home/vhosts/domain/httpsdocs.old"

2. Create a symbolic link like this, adjust to match your paths.
"ln -s /home/vhosts/domain/httpdocs httpsdocs"

This basically says the httpsdocs folder is now located in your httpdocs folder, think of it like a 301 redirect ;)

3. Chown httpsdocs:
"chown username:psaserv httpsdocs"

Hopefully one of these two methods works for you.


Otherwise, just move all your files into the HTTPS folder and the .htaccess redirect will take care of the rest.


I'm curious why you want the entire site in HTTPS? Normally this would be used for eCommerce and access to the dashboard. Why lock up the public side?

Google's making HTTPS a ranking factor and they claim it's to help people surf securely, but my guess is it's the "final solution" for spammers.

If they really do start ranking everyone with HTTPS above the slew of garbage, all the scraper and MFA sites, that just by definition of ranking secure sites above everything else the spam will effectively cease to exist.

I'm planning to add a wildcard cert to all my servers and hope they don't require a unique cert per domain to rank. ;)

I think we're seeing the end of spammy sites as soon as HTTPS reaches the tipping point, gone in the top 10 at least, thanks to everyone running around in a wild panic just because Google dropped a little FUD about SSL ranking.

I just hope the pile of sites with ranking issues doesn't get too high when the lemmings follow Google off the SSL cliff.


 3:21 am on Aug 17, 2014 (gmt 0)


Thanks for giving me indigestion on a nice, thunderstorm filled night!

I will need to read this post really carefully before jumping on the SSL bandwagon. We try to do everything by the book and want to do this SSL thing the right way.

No problems with ranking, simply trying to keep a step ahead of the competition.

This for sure is a keeper:

"I just hope the pile of sites with ranking issues doesn't get too high when the lemmings follow Google off the SSL cliff. "


 10:01 am on Aug 17, 2014 (gmt 0)

Sorry for the lack of reply... computer problems....
yes indeed lorax - due to mromero's comment - the big G has been saying about this for some time... and recently announced that it IS a ranking signal - albeit at the moment a small one. The domain that the certificate has been added to does not rank that well anyway so no problems there.

To date... certificate installed by hosting company and all urls on domain resolve to https... which then gives me https AND http - I use an seo plugin (I don't like to name here) which gives me the option via permalinks to force to https - so far so good. This adds a canonical IF needed on the http - but 301 from http to https is the best option I am fairly certain.

Add domain in Google webmaster tools for https as Google doesn't give a domain option for https in site settings. Verification was automatic as it must have picked up that domain was already verified. Likewise in Google Analytics.

Now need to address the issue of having http urls in serps to be replaced with https... I anticipate this will happen over time...

Certificate works fine... I am not sure how I would feel in doing this on a website that was ranking well!


 1:52 pm on Aug 17, 2014 (gmt 0)

Interesting re: https and Google. I've largely ignored Google as of the past 3 years or so. I suppose this affects commercial sites but I'm working in the .edu space with a known entity.

>> Now as to your recommendation, is it really this easy?

Yes & no. It really depends on your particular setup. If you've followed the WordPress developer guidelines for any customizations (as have your theme and plugin authors) then your site should follow whatever you use for a setting in the Dashboard >> Settings screen. Otherwise, redirects may be necessary.


 10:16 pm on Aug 17, 2014 (gmt 0)

No WordPress plugins make the site 100% SSL unless you have WordPress installed at the root.

If you have any other pages on your site, you'll need my .htaccess patch to fix the issue unless the WordPress plug-in actually adds that to the .htaccess file in the first place, assuming it has permission.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved