[info_box type=”note_box”]Important Note #1: You need to be able to use FTP or your File Manager to follow this tutorial.[/info_box] [info_box type=”note_box”]Important Note #2: If you do any of this coding incorrectly (ie: an extra comma) it can break your entire site![/info_box]
2. Convert all URLs to the https counterpart
3. Fix “Mixed Content” using SSL Checker tools
4. Miscellaneous but Important Changes
Cost ranges from free SSL certificates to roughly $99/year.
Most of you will only need the free SSL certificate from LetsEncrypt². And you will need your hosts’ help to install this. For everyone else, follow these steps:
This is the part that can easily be done with a plugin. Except that if you remove that plugin, it all falls apart. And who wants to be reliant on a plugin?
Instead, do it properly like this:
Please remember that when editing files directly with FTP, one wrong character can bring down your site. be careful
If you have two doors in your house, one is locked and the other is open – the house is not secure. Both doors need to be locked. So now that we have the first door locked (the URLs), it’s time to find all the windows and doors and force them to use SSL too.
The job of finding and securing links, scripts, iframes, and anything else is a bit onerous. The places we need to look are your active theme, plugins and any other code or image that you’ve added to your site via widgets or content. Everything must come from a secure HTTPS source.
To find insecure items in your page, turn off your cache plugin, clear the cache and use an incognito tab (for Chrome). Check each page, using the inspector or developer tool set options in your browser. You’re looking for a “Mixed Content” warning. It will look like this:
Check the following pages:
When you have finished all the obvious sources of mixed content, it is time to use an SSL checker to find those stragglers. Use the following tools to find any missed insecure items:
This is where a lot of people skip and use a plugin. However, a plugin is not changing the URLs, but at best using jquery for on-the-fly changes; and at worse, using redirects which slow the site.
In Google, you’ll need to login to your Search Console and start recording the stats from your new URL. There is a “Change of Address” function which I’ve seen on some tutorials, but it does not work![info_box type=”note_box”]From Google: The tool does not currently support the following kinds of site moves: subdomain name changes, protocol changes (from HTTP to HTTPS), or path-only changes.³[/info_box]
To start using Google Webmaster tools / Search Console, simply “Add a New Property” just like you did originally. Add both the https://www.mysite.com and https://mysite.com.
Verify them both. And continue to set them up as you did with the non-https sites: select preferred domain and link your analytics profile.
**I recommend keeping your old sites there as reference. But soon, Google will begin crawling and indexing the new site. There will be no duplicate content issues if you’ve followed what I’ve indicated above.
You’ll want to be sure that the https stats are tracking in Google Analytics as well. To do this, go to Property> Property Settings > and change the “Default URL” to https.
When you force WordPress SSL you’ll automatically generate a new sitemap (if you’re using Yoast’s SEO plugin for WordPress). Just use this url and re-submit to Google Search Console:
Don’t forget to verify your new WordPress SSL URL with: