Enabling HTTPS in WordPress

An Upsurge in HTTPS Adoption

I recently had a few calls to help designers enable HTTPS (SSL / TLS) on WordPress sites.

Recent advances in free and self maintaining SSL certificates such as Lets Encrypt have opened up the use of secure connections to site-owners, web-masters and site-builders who are not developers or network administrators. These tools make obtaining and enabling the SSL protocols much easier and cheaper than it was in the past. Many hosting plans, e.g. SiteGround, now include SSL as a standard feature and include tools to enable SSL for your site.

I’m not going to discuss the benefits of SSL and HTTPS, that has been covered extensively elsewhere. Nor am I going to try to convince you to convert, if you are here you are probably already deep into a conversion and possibly wondering if it was a bad idea. It isn’t a bad idea, but it can be tricky.

The Problem

Telling WordPress to use HTTPS is easy if you are building a new site, but doesn’t quite work on an existing site. There are numerous resources that will tell you to just set the WP Address and Site Address values in Settings and you’re done. This will work if you don’t have any page links in your content or any images or documents. It’s a rare one page site that doesn’t have these.

WordPress uses fully qualified URLs for links within the site, so an image source is likely to be

http://example.com/wp-content/uploads/2017/05/my-photo.jpg

WordPress will attempt to fix these, but doesn’t get them all. This will cause the dreaded “mixed content” warnings and turn off the lock badge after you convert to HTTPS. These need to be converted. Such links can be found in the database and in the theme’s CSS files.

Some articles suggest using a search and replace to fix these. That won’t work if any of them are inside “serialized data”, you should use a plugin like WP Migrate DB, Backup Buddy or the Interconnect/IT Search and Replace that understands that format.

The Process

This process assumes you are comfortable editing system files like .htaccess and wp-config.php, making database backups and importing a database from a backup as well as WordPress maintenance tasks. No programming skills are needed.

  1. put your site in maintenance mode, this is especially important if you have e-commerce since you don’t want to lose orders when you import the database
  2. backup the database, I use the WP Migrate DB plugin, but this could be done with PHPMyAdmin or mysqldump
  3. backup the wp-config.php file
  4. backup the .htaccess file
  5. backup any .css files that have http: in them
  6. set the WP Address and Site Address values in the settings
  7. create a new database with the same user access as the existing database, you can find the database name in the wp-config.php file.
  8. convert the database to use HTTPS. This can be done using WP Migrate DB by setting the URLs to change http to https.
  9. import the converted database dump into the new database. You now have two databases, one with http and one with https.
  10. change the DB_NAME value in wp-config.php to use the new database
  11. add the line
    define('FORCE_SSL_ADMIN', true);

    to the wp-config to force the admin to always use HTTPS.

  12. save the wp-config.php
  13. add the rewrite rule to .htaccess
    # force https for all pages
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    

    This is the simplest version of the rewrite and will apply https to all URLs within the site. If you have subdomains that won’t be using HTTPS yet you will need a more complex rewrite condition that tests for the main domain.

  14. test the site looking for mixed content messages
  15. fix any CSS files manually
  16. remove the maintenance mode

If you follow these instruction carefully you will have a fully converted site and sufficient backups to revert to HTTP easily. Best of luck and happy encrypting.

An Alternative Approach

If your courage and skill set are a bit more advanced there is a quicker, but slightly more hazardous way to do this. It involves a different set of database tasks.

  • back up the database
  • install interconnect/it Search and Replace in a folder on your hosting
  • read the Search and Replace documentation!
  • navigate to YourSearchReplaceFolder on your site to update the database in place.

WordPress Maintenance for Beginners

March 28th Meetup

I hosted a session at the WordPress London meetup on March 28th where we discussed the topic of WordPress Maintenance. The updated handout is under the May 23rd Meetup.

April 25th Meetup, Design Basics

Next month, Donna Todd presented Design Basics for WordPress on April 25th.  See the Meetup listing at https://www.meetup.com/WordPress-London/events/238247494/. She has posted an audio recording of the meetup.

May 23rd WP Maintenance Part 2

The May 23rd handout is an update of the March 28th version and is available at WPMaintenance102

Conversion of a WordPress site to a Responsive WordPress Website

screen shot of Cantope Standard Poodles\' new responsive web siteTwo years ago we were asked by Cantope Standard Poodles to help them with their website. They were dissatisfied with their web company and hosting company at the time. They found both were too expensive and they were not able to do updates on their own. They also wanted to be able to blog to promote their business better. Continue reading

A WordPress Website for an Author

Helping a writer with WordPress

A question about WordPress on Linkedin + a phone call + design and coaching = a happy client

Cover for the book Laughing IS Conceivable
I was on Linkedin one day a couple of years ago and decided to do a search in the Answers section on WordPress. I came across a question by Lori Shandle-Fox where she asked if it was better to have a self-hosted WordPress blog or to have it hosted on wordpress.com.

Never being one to not offer my opinion, I replied adding my two cents. I was surprised to get a reply asking why when she read my reply she understood what I was saying and all the rest of the responders spoke in “geek speak”. That was flattering. Continue reading

Professional WordPress Development Reduces Risk

Why Should I Care?

As a website owner you control how your site is developed.  Your choice is between quick, easy and risky or professional, reliable WordPress development.   You may not care much about the process your developer uses, all you want is that your site is built quickly, correctly and cheaply.  You’re sure the developer will get it right.  WordPress makes it easy for inexperienced developers to build beautiful sites with advanced functionality. Continue reading