If you’re a blogger you probably know that securing your blog with SSL encryption is now a must if you want your blog to succeed, for these reasons:
1 – Google has now started giving preference to SSL secure https pages in their search results.
That means all other things being equal, pages that have URLs that begin with https will rank higher than pages that begin with http.
Google has also begun displaying the URL’s of encrypted pages in their search results. That means it won’t be long before many searchers will simply skip over non-secure pages and visit the next available secure page instead.
2 – Virtually all of the major web browsers are now displaying “This site might not be safe!” type warnings to visitors when they load a page with an unencrypted http URL.
And as you might expect, most visitors who see a warning like that will immediately hit the “Back” button without bothering to hang around long enough to read the content on your page.
The good news is it’s now easier than ever to enable SSL encryption on your WordPress blog (for free no less) by installing a free security certificate from Let’s Encrypt along with an awesome plugin called Really Simple SSL.
In a nutshell, all you have to do to enable SSL on your blog is install a free certificate from Let’s Encrypt (your web host can help you with this) and then install the Really Simple SSL plugin from the WordPress Plugin Repository.
You’ll likely also need to use a great tool called WhyNoPadlock? to find and fix any residual mixed content errors on your blog, but after that you’ll have that awesome green padlock showing in your visitors’ address bars, letting them (and Google) know that your blog pages are now secure and “safe” to browse.
If you wanted to you could simply stop there and all would be well, but if you’re like most bloggers you would probably prefer to eventually wean your blog off the Really Simple SSL plugin.
In order to do that you’ll need to do the three things listed below, but before we get to that I must ask you to read and agree to my semi-standard disclaimer:
Before you proceed you need to understand that making just one mistake when altering the WordPress database can cripple your blog and prevent it from loading.
You also need to understand that you’ll be making these changes at your own risk.
Therefore, if the golden sands of your favorite beach turn an ugly shade of red, your chickens start laying igneous rocks instead of eggs or your blog fails to load after following the steps below you agree that it won’t be the fault of your humble tech blogger (me).
If you end up deciding to make these changes yourself instead of hiring a WordPress pro to make them for you, I STRONGLY recommend that you first create a backup of your entire WordPress blog (theme, plugins and database) before following any of the steps listed below.
There are several ways to back up a WordPress blog. Just choose your preferred method and get it done!
If you agree with everything I said above feel free to follow the steps below to change the URLs of all your blog’s pages and posts from http:// to https://…
1 – Change your blog’s base URL from http:// to https:// in the Dashboard settings.
To do that simply log into your blog’s Dashboard and click Settings>General, then change both URL fields from http to https (in other words, just add the letter s to the http part).
2 – Add a snippet of code to your blog’s .htaccess file to redirect all incoming URLs to your blog from http to https.
You’ll find several of these code snippets to choose from if you do a Google search but I recommend that you ask your web host’s support staff to supply the code that works best for your particular server.
3 – Change all the http references for internal links from http to https in your blog’s database.
Step 3 is a critical step and it’s very important that you do it correctly since it makes numerous changes to your blog’s database. (You did back up your blog as recommended earlier, right? If not, do that before proceeding any further.)
Your web host’s control panel (CPANEL or something similar) will have a tool for manually making changes like this to your blog’s database, but it’s actually much easier (and safer) to use a plugin unless you’re really good at manipulating your blog’s database.
The plugin I use to make global changes to my WordPress blog’s database is called Better Search Replace. You can install it on your blog by clicking Plugins>Add New and then searching for Better Search Replace.
Once you have the plugin installed and activated you can follow these steps to change all of your blog’s URLs from http to https in the database:
1 – Launch the plugin by clicking Tools>Better Search Replace.
2 – Enter your blog’s http base URL into the “Search for” box and the https version in the “Replace with” box.
For example, when I changed the base URLs for this blog in the database I entered this into the “Search for” box:
http://www.ricksdailytips
And I entered this into the “Replace with” box:
https://www.ricksdailytips
Note: Be sure to replace the ricksdailytips part with your blog’s domain name.
3 – Select the database tables you want to apply the changes to. You can safely select all of the tables if you’re unsure which ones you really need to alter.
4 – Perform a “dry run” on the search and replace procedure to see a summary of the changes that will be made.
Note: The “dry run’ will perform the search according to your settings but no changes will actually be made to the database.
The “Run as dry run” box is already checked by default so just click the Run Search/Replace button.
5 – If everything looks good you’re ready to perform the search and replace for real. To do that simply uncheck the “Run as dry run” box and click Run Search/Replace again.
That’s it – you’re done. You should now be able to reload your blog and see the green padlock and https version of the URL for every page on your blog!
That being said, if something went wrong (i.e. your blog won’t load, the pages look weird, etc.) you can simply restore the database from your backup (you did make one before you started, right?) and be right back where you started. You can then give it another try.
Bonus tip: This post explains how to find out why one or more of your pages might not have the padlock indicating that the page is encrypted and secure.
Never miss a tip! Click here to sign up for my free Daily Tech Tips Email Newsletter!