Wordpress Https Migration Help - Google Search and SEO forum at WebmasterWorld - WebmasterWorld

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Wordpress Https Migration Help

Cralamarre

4:19 pm on Oct 13, 2017 (gmt 0)

WebmasterWorld Senior Member

Top Contributors Of The Month

I have a question regarding HTTPS migration, if anyone is able to answer it. I'm considering moving my site to HTTPS this weekend, but I'm worried about losing traffic. My site is fairly small as websites go, with only about 500 pages, and it runs on WordPress.

I've had an SSL certificate up and running on my site for years, but I've only been using it to secure my membership signup and purchase pages, as well as my Contact form and my newsletter signup page. So the SSL certificate is there, and it works. I've just never enabled it across my entire site.

As I understand it, you don't actually "enable" it across a site. The SSL certificate secures all pages. You just need to redirect pages on the site to their HTTPS versions. Is that correct? If so, once I add the redirect code to my site's .htaccess file, that should be all there is to it? I use only relative links within my site's pages, so there are no hard-coded absolute links. Even if there were, the .htaccess file would just redirect them, wouldn't it?

Basically, my question is, am I missing something? Do I just need to add the 301 redirect code to my .htaccess file? I use a WordPress plugin to automatically create and submit a sitemap to Google, so will Google simply update itself with the new HTTPS links? With all the complaints I've read about people losing traffic from not doing this properly, this all seems too easy. I must be missing something.

[edited by: goodroi at 6:20 pm (utc) on Oct 15, 2017]
[edit reason] thread formatting [/edit]

koan

5:43 pm on Oct 13, 2017 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Cralamarre, I've done it recently and after enabling SSL with your host, it's a matter of updating all internal links (if they're not relative) to https, but also links to external 3rd party resources like jQuery or social media widgets, otherwise you'll get an "insecure" notification on the page. Normally just removing the protocol part should do the trick (same links, but start with

//

instead of

http://

). After all that, browse and test your https site thoroughly and make sure that it all works, and then use htaccess to redirect all traffic from http to https and you're good to go. One suprise, you will need to add your property again in Google search console (aka Google Webmaster Tools) for your site starting with https as it consider it a different property.

Cralamarre

5:52 pm on Oct 13, 2017 (gmt 0)

WebmasterWorld Senior Member

Top Contributors Of The Month

Thanks @koan, I appreciate it. Sounds like it should be fairly straightforward. You haven't noticed any loss in traffic after making the switch?

Pontificus Maximux

5:59 pm on Oct 13, 2017 (gmt 0)

@Cralamarre, there is a nifty little plugin called WP Force SSL. Works like a charm. Easy Peasy.

koan

6:08 pm on Oct 13, 2017 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Cralamarre, in case of Wordpress, there's probably a SSL option also to enable in the wp-config file and/or settings in WP admin. So far I haven't seen any traffic drop and it's been a few weeks, but it's my first experiment on a web site that lost most of it in the past years due to Google algo updates. I did notice a huge crawling spike in Google Search Console after a few days, which is to be expected.

Cralamarre

6:17 pm on Oct 13, 2017 (gmt 0)

WebmasterWorld Senior Member

Top Contributors Of The Month

Thanks @koan and @Pontificus. I do use a WordPress plugin already called WordPress HTTPS, which is how I enable HTTPS on the few pages I've been using it for. I haven't seen any option to enable HTTPS across the entire site, though. I'll look into WP Force SSL. Thanks again!

You know, I always wondered how that WordPress HTTPS plugin worked. All I've ever had to do is click a "Secure post" checkbox and just like that, the page would start using HTTPS. But I guess it's because all the plugin does is redirect users from the non-secure page to the secure page. Kind of disappointing, really, that there's nothing more impressive to it than that. But, another day, another new thing I've learned.

Cralamarre

3:17 pm on Oct 14, 2017 (gmt 0)

WebmasterWorld Senior Member

Top Contributors Of The Month

Well, I just made the switch to HTTPS with the help of people here (thank you!) and a little extra help from my web hosting company. So far, so good. My site isn't dead yet.

Already, I see my Google traffic increasing in Analytics, no doubt because Analytics is finally recognizing where the traffic is actually coming from (instead of just claiming it's all Direct). So just for that reason alone, this seems like it was a good move. And now I won't have to worry about that "Not secure" label in Chrome. Instead, I can worry that I'm going to lose all my traffic. :(

[edited by: goodroi at 6:19 pm (utc) on Oct 15, 2017]
[edit reason] thread formatting [/edit]

Cralamarre

4:03 pm on Oct 14, 2017 (gmt 0)

WebmasterWorld Senior Member

Top Contributors Of The Month

Quick question if I may... I've added a new HTTPS site property to the Google Search Console. I've also added a sitemap. I used (I hope I'm allowed to say this) my Yoast SEO plugin for WordPress to automatically generate the new HTTPS version of my sitemap, which I submitted to GSC.

However, when I switch properties in GSC back to my original, non-HTTPS site and look at the sitemap, it's also showing the new HTTPS version. Is that okay? Yoast only generates the one sitemap, so now the non-HTTPS and the HTTPS properties in GSC are linking to the same HTTPS sitemap. I'm assuming that's what I want, but I don't know. I hope that's not going to confuse Google more than it's already confused.

Cralamarre

6:50 pm on Oct 14, 2017 (gmt 0)

WebmasterWorld Senior Member

Top Contributors Of The Month

Sorry, one last question and then that's it, I promise. Rather than using the htaccess file to redirect all pages to HTTPS, my web host enabled an option directly on the server called "SEO-safe permanent 301 redirect to HTTPS". They said this was a more efficient way to do it because it's done on the server level rather than the website level. It does seem to be working fine. Has anyone had any experience or issues with server-level redirects to HTTPS?

I feel like my questions about this are off-topic, but really, I'm only switching to HTTPS because of the upcoming Chrome update. So it is Google related, and potentially traffic related, although I'm hoping not.

deriklogov

7:58 pm on Oct 14, 2017 (gmt 0)

Top Contributors Of The Month

@Cralamarre
It sounds like you are not sure what you doing. It doesnt really matter what way you choose to make 301 redirect to HTTPS , what ever is more convenient for you BUT:
1) Make sure that you do not have multiple redirects like http ://domain -> http ://www.domain -> https ://domain -> https ://www.domain
Every page needs to be redirected to last destination with 1 redirect. There are number of redirect tools to track what is going on.
2) Make sure that all content on page including external content are https otherwise you will get notification in every browser of insecure content which will make it even worse than having just http
3) Make sure that actual redirect is 301 and NOT 302 (Temporary) or any other type of redirect
Some people create separate property in GSC but it personally doesnt make any sense to me because big G will figure out that you moved to https unless you have some manual submitted sitemaps in it and want to change them from http to https. Make sure that your robots.txt includes updates https urls too.

[edited by: goodroi at 6:20 pm (utc) on Oct 15, 2017]
[edit reason] Delinked example urls [/edit]

Cralamarre

8:14 pm on Oct 14, 2017 (gmt 0)

WebmasterWorld Senior Member

Top Contributors Of The Month

Thanks @deriklogov. I kinda sorta think I know what I'm doing. At least, everything I've been told to do makes sense to me. Everything is being 301 redirected to HTTPS. All internal links are relative. All external content uses HTTPS. I've tested all pages in HTTPS and all show as secure with the green lock icon. Traffic is still normal. Analytics is reporting fine. I've tested pages using Fetch as Google in GSC and Google seems to have no trouble crawling the pages. So everything seems good.