Changing from HTTP to HTTPS (Secured Site)
The first thing that you will need to do is purchase an SSL Certificate, these come in three variants. To find out more about the different types of SSL Certificates and how you can verify them, you can check out our article "What Are The Different Types of SSL Certificates? Which Is Best For You?"
Once you have picked which type of certificate you need and have purchased and verified it, there are some changes that you will need to make to ensure that your site and pages point to the HTTPS version. The process for this will vary depending on the structure of your site.
Providing that you have no custom coding, the change will be automatic. There is nothing more needed than following the verification set up. This will automatically switch your site to HTTPS.
If you have any custom code or snippets – these will need to be checked and changed to the HTTPS version if needed. All full URLs must be checked (for example if it’s pulling from an “insecure site” this can flash up warnings).
For recent WordPress sites, all of your links and such are relative to the URL; you will simply need to change the URL in the Admin Panel from HTTP to HTTPS.
To do this login to WordPress – go to “Settings” > “General” and ensure that the WordPress Address & Site Address are both HTTPS, then Save.
If your site was setup with an older version of WordPress (prior to version 4.1 – anything older than a year to 18months), everything (such as link, images, etc) will be stored with the full URL, so you will need to run a Search & Replace in order to change everything over. You can visit here for Search & Replace plugins or here to download a file that you can add via FTP.
If you do use the second option; be sure to delete the file upon completion – to maintain security.
If you are unsure which version of WordPress you are currently using, this link explains how you can check. Please note that it is dependant on which version your site was set up on; not which version you currently have installed (for instance if you have the latest version of WordPress, but you set your site up 2 years ago, you will still need to run the Search & Replace).
When running a Search & Replace always remember to enter the full URL with https:// at the beginning.
In order to force all traffic to the HTTPS site, you will need to add some code to the top of the .htaccess file; the code can be downloaded here, just replace yourdomain.com with your actual domain.
Other Sites (FTP):
Locate all files with HTTP and replace with HTTPS. Be wary of any content that is pulled from other sites – for example anything in an Iframe, and apply the secure version if available.
To force all traffic to the HTTPS site, you will need to add some code to the top of the .htaccess file; the code can be downloaded here, just replace yourdomain.com with your actual domain. If you don’t have a .htaccess file, create one with the above mentioned code in it , and save it to .htdocs.
3rd Party Applications & Sites Hosted Elsewhere:
While the main priority is to ensure that all aspects of your site are directed to and served by HTTPS, if you are using a 3rd party application or builder, you may need to contact your host for any specific instructions. Most popular programs will have support, advice or forums online that you can refer to.
While our certificates are compatible with most other hosting services, you may have to confirm with your hosting provider whether they are happy to accept a certificate that was purchased from a 3rd party.
Visit our SSL Certificates Page, to take a look at the certificates we offer and to get started.
To find out more about the advantages of securing your site, check out our blog post: SSL Certificates - Securing Your Site With HTTPS.