Getting your WordPress site over to HTTPS is essential these days. Not just for security and public awareness, but also SEO ranking appears to be gravitating towards HTTPS as a requirement.
To switch WordPress over from HTTP to HTTPS literally should take under 5 minutes! Of course, that is assuming you are using aMiSTACX, and any developer that has ever touched your WordPress site used relative paths and did not hardcode any of the URLs.
Tip! Avoid having to switch by using a host file during development.
Let us start with the basics.
Step 1. Migrate to aMiSTACX
Using aMiSTACX has a lot of benefits over other hosting companies. Our stacks are very fast! They are also very simple to use, and since we are on Amazon AWS you can scale up or down, or even horizontal at any time. Thus, as your company grows, you will not outgrow your hosting provider. Additionally, you have 100% control over your stacks. So no more waiting to request a feature, or having to endure silly server constraints.
AWS also offers Free hosting for the first year. So think of a migration as Free hosting for one year, and aMiSTACX bundled server support at a rate that is still an affordable premium service.
A perfect example of all of this in action is this site [amistacx.io]. It runs on a t3-small, and makes use of our WordPress G6 S3T stack. The total cost for operating this site [Including AWS Hosting] is about $50 per month. Our site is fast and stable, and has typical load times < 1 second.
Step 2. Make a FULL backup
AWS makes this a breeze. In a few minutes, you have a full image of your server, and should something go wrong, a full restore is possible in just minutes. That’s just one more reason why AWS hosting is a win.
Step 3. Acquire and Install a TLS Certificate
There are actually several ways to do this, but I’ll cover the easiest and fastest. First acquire a TLS certificate. You can do this through a Free certificate service like Let’s Encrypt, or should you be running e-commerce on WordPress, then we recommend purchasing a certificate and installing it.
A simple sudo certbot-auto –{apache, nginx} -d yourdomain.com and answering a few Let’s Encrypt questions will get you your Free certificate.
Step 4 A. HTTP to HTTPS Redirection
Once you have your certificate, the next step is to make sure HTTP to HTTPS redirection is in place. If you installed your certificate via Let’s Encrypt and selected Option 2, the redirection should already be in place. You can also have Cloudflare handle redirection.
For NGINX, please see our admin stack guide for vhost redirection. For Apache, you can simply add this re-write snippet to the vhost for port 80 at the bottom of the file, and then restart Apache:
RewriteEngine on
RewriteCond %{SERVER_NAME} =yourdomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Note: For step-by-step, please consult the admin stack guide that comes with the aMiSTACX server.
Step 4 B. Cloudflare Origin Certificates
A nice alternative to Let’s Encrypt is Cloudflare’s free origin certificates. Using these adds another layer of protection, sets expiry dates in years, and is easy to implement.
Step 5. WordPress URL Change-over to HTTPS
Important! Prior to any changes of URLs, disable all WordPress optimization and caching plugins.
Assuming all steps for 1-4 have been completed successfully, then switching your WordPress site over to HTTPS now will only take a few seconds.
From the WordPress admin panel go to Settings > General
Edit your system URLS from HTTP to HTTPS. Make sure you are using a hostname, and NOT an IP address. Then a simple save and you are technically finished.
Troubleshooting: Mixed Content Issues
Well, it happens. It’s because someone really didn’t know what they were doing and hard-coded URLs. The easiest way to fix these is to go through your site and look for any hard-coded paths. Most of the time these will be related to CSS, and if you are using a child theme [you should be], then simply opening the WP Editor [Appearance >> Editor] from the main menu will allow you to correct these paths.
Additionally, we have seen plugins that in the settings sections hard-code URLs. So check these places too!
WordPress allows this format //example.com/{path-to-file} and should be used whenever possible when a request to a path is made outside of the CMS by a third-party plugin or theme. [It all depends how a theme of module was written. High quality will not have this type of issue.]
Last Resort: Database
Sometimes you just can’t correct the HTTP mixed content errors from the frontend. The last resort would be to use phpMyAdmin’s search and replace function. [Very handy feature!] Query “http://”, then go table by table with find and replace. Of course make a full backup image, and make sure your DevOps admin has the required expertise.
…
Hopefully we made this HTTP to HTTPS transition painless for you, and if you are now migrating to aMiSTACX, then the road will only get faster and clearer from here on out.
Weaponize your Business with aMiSTACX!