How to Switch Your WordPress Site from HTTP to HTTPS (with a little help from WP Migrate DB Pro)

#

If you’ve been reading our blog for a while, you might have seen Brad’s post on setting up Let’s Encrypt on a server to get a free SSL certificate. While it’s super easy and free to get an SSL certificate these days, there are likely a few more tweaks that you’ll need to get your WordPress site running well over HTTPS after installing the certificate:

  • Testing the site over HTTPS to make sure the certificate is installed properly
  • Updating the URLs in the database
  • Fixing any mixed content warnings
  • Adding redirects from HTTP URLs to the HTTPS versions of URLs

Luckily most of this is pretty easy and can be done with a few tweaks to the wp-config.php file and with the WP Migrate DB Pro find & replace feature. We’ll be doing just that in this quick tutorial.

Why HTTPS?

Of course the biggest reason every website should switch to HTTPS is security. Things like logging in, performing administrative actions, and making payments should all be encrypted to make it harder for third parties to gather sensitive information.

This has become so important that Google is even ranking sites that use HTTPS higher than sites that don’t use HTTPS. Google isn’t alone in preferring HTTPS – modern APIs and web services will often require it, and we’d certainly recommend that you use it for any migration requests made with WP Migrate DB Pro. It’s also required for HTTP/2, which offers a significant speed improvement.

Defining the HTTPs versions of the URLs in your wp-config.php file

One habit I’ve picked up from working with WordPress over the years is that I always define the new Site URL in my wp-config.php file before running any updates on the database.

This can help with troubleshooting any major issues that may arise from changing the URL. For example, the SSL certificate may not be set up properly or maybe there is some code that is dependent on the URL. If something like that happens, it’s easy and quick to remove the lines from the wp-config.php file while troubleshooting further.

To do this, simply edit your wp-config.php file by adding the following lines above the “That’s all, stop editing!” comment:

define( 'WP_HOME', 'https://example.com' );
define( 'WP_SITEURL', 'https://example.com' );

These lines take precedence over the values of the siteurl and home options in your database. Once added, check out a few pages on the site. You might notice some mixed content warnings due to images or other files loading over HTTP, but we’ll fix those next.

Running a search/replace with WP Migrate DB Pro

Now that we’ve got the main Site URL and home URL switched over to HTTPS, we’ll still need to update the rest of the content in the database to use the HTTPS versions of the URLs.

We can do this with the WP Migrate DB Pro Find & Replace feature:

WP Migrate DB Pro Find & Replace settings

As you can see, I’ve added the “http://“ version of the URL In the “Find” column, with the “https://“ version in the replace column. I’ve searched in all tables, and checked the “Backup the database before running the find & replace” option – this ensures that we can roll back if we need to later.

In the advanced options, I left the “Replace GUIDs” option unchecked – this is important if your website has already been live because updating the GUIDs could make any posts or pages show up as new in feed readers. I unchecked the “Exclude transients” option in case there are any transients (temporary options) in the database that rely on the site URL.

Next Steps

With the find & replace finished and all URLs in the database updated, you should remove the updates you made to your wp-config.php file and check a few pages on the front end of your site to make sure that everything is working as expected.

If the website isn’t marked as secure (usually with a green padlock icon in Chrome or Firefox) by your browser, you’ll want to check for any mixed content warnings. These happen when the page is HTTPS but there are some assets loading over HTTP.

You can usually spot these sorts of warnings by heading over to your browser’s javascript console and looking for any errors about content being loaded over HTTP:

Mixed content warning in console

If you do have these errors, the most common culprit is theme or plugin files – sometimes links to theme or plugin assets can be hardcoded and will need to be corrected.

You’ll likely also want to add redirects from HTTP to HTTPS, both so that any users are automatically redirected to the HTTPS versions of links, and so that web crawlers like Google will know to use the HTTPS version in search. If you’re not sure how to do that, Kinsta has a great article that covers how to do this on Apache, NGINX, or via a WordPress plugin.

That’s It!

It’s super easy to switch everything over to HTTPS now with tools like Let’s Encrypt and WP Migrate DB Pro. Why not take advantage of that and set up all of your sites with a free and secure SSL certificate?

About the Author

Matt Shaw

Matt is a WordPress plugin developer located near Philadelphia, PA. He loves to create awesome new tools with PHP, Javascript, and whatever else he happens to get his hands on.