This means that any information that is transmitted between your website and web server like usernames and passwords, credit card information and any other data submitted by users, is secure and encrypted.<\/p>\n
If an SSL is not present, the information is submitted in plain text.<\/p>\n
What is the problem with that? If a hacker manages to intercept the connection between your website and server, can get access to the information.<\/p>\n
What is https?<\/strong> Websites that have an SSL certificate installed and configured can be accessed using https:\/\/www.example.com<\/em> instead of the traditional non-secure way of http:\/\/www.example.com.<\/em><\/p>\n Modern browsers, label https websites with the word secure<\/em> as shown below.<\/p>\n When a website is using an extended validation SSL (EV-SSL), their company name is shown in the browser green bar as in the example below.<\/p>\n To get an EV-SSL, the certificate issuing company needs to verify your organization details (like company address, registration id) to ensure that the particular website is the official representative of that company.<\/p>\n Https is not something new, it\u2019s been around for years but it was until 2014 that Google decided to start an initiative to make the web more secure <\/em>and introduced the slogan \u201chttps everywhere\u201d.<\/em><\/p>\n They started by making all google searches https and also announced that https websites would gain a very small ranking boost.<\/p>\n You can read below the related paragraph from their 2014 announcement in Google webmaster central blog<\/strong><\/a>.<\/p>\n When Google says a lightweight signal<\/em>, it means that other things being equal, a webpage that is https will rank above a webpage that is non-https.<\/p>\n The adoption of https is still low but recent studies show that the percentage of https websites in increasing steadily.<\/p>\n Source<\/a><\/strong><\/p>\n Despite the low adoption, Google in several occasions encourages webmasters to migrate their websites to https.<\/p>\n Note:<\/strong> Https is a page ranking factor and not a website ranking factor. This means pages that are https will take advantage of this benefit even if the website as a whole is not https.<\/p><\/blockquote>\n This is definitely something you need to do now or in the near future.<\/p>\n Sooner or later, https will gain more importance as a ranking signal and everyone will rush into making their websites https, so the faster you do the migration the better.<\/p>\n In addition, https is something that increases user\u2019s trust so if you have an eCommerce website it is a must and not something optional.<\/p>\n Here are the steps on how to move your WordPress website from https to https.<\/p>\n The first step is to purchase and install an SSL certificate on your web server. Google states that you can use any modern SSL certificate as long as it supports 2048-bit key encryption.<\/p>\n The cost of a normal certificate is approx $50 per year and can be issued instantly by the provider.<\/p>\n The best way to get past this step is to contact your web hosting provider<\/strong><\/a> and ask them to install an SSL certificate on your server.<\/p>\n Most web hosting providers have options in their account dashboards (or cpanel), where you can purchase an SSL.<\/p>\n Once they install the SSL, you can check that it\u2019s working ok by navigating to your website using https.<\/p>\n The second step is to login to your WordPress dashboard and locate the GENERAL option, which is located under the SETTINGS menu.<\/p>\n Make sure that both your WordPress Address (URL) and Site Address (URL) start with https.<\/p>\n Once you click the SAVE CHANGES button (located at the bottom of the screen), you will be locked out of WordPress and you will have to login again.<\/p>\n So far, you have installed an SSL certificate on the server and changed the default WordPress URL to be https.<\/p>\n This is not the end of the process. In order to gain the SEO advantage from https, your website needs to be configured to redirect http requests to https requests.<\/p>\n In other words, the default URL for all your posts should start with https and not http.<\/p>\n The easiest way to do this is to add the code below to your .htaccess file (you will need to access and edit the file using FTP).<\/p>\n Hint:<\/strong> If you don\u2019t know how to EDIT the .HTACCESS file via FTP, refer to Chapter 8 of the Complete SEO Guide<\/a><\/strong><\/p><\/blockquote>\n What this code does is to redirect (using permanent redirect \u2013 301), all http request made to your webserver to the equivalent https page. This way you don\u2019t have to create a page by page mapping. Once you save your .htaccess<\/em> file, open a browser window and perform a few tests.<\/p>\n First, try to access any http URL and make sure that it successfully redirects to the equivalent https URL.<\/p>\n Second, try different combinations i.e. http:\/\/www.sampleurl.com<\/em> and http:\/\/sampleurl.com<\/em> and make sure that both redirect to the correct https URL.<\/p>\n The next step is to correct any internal links that you have in your content to point to the https version.<\/p>\n For example, if you have internal links<\/a> <\/strong>in your content that start with http, you will have to change them to point to https, otherwise this will create mixed content<\/em> warnings and the browser will not show your website as secure.<\/em><\/p>\n The best way to do this is to use a plugin. Install and active the search and replace<\/a><\/strong> plugin (it\u2019s free).<\/p>\n Then go to TOOLS and select SEARCH & REPLACE.<\/p>\n Note: Before running a search and replace on your website, it is highly recommended to take a backup of your Database.<\/p><\/blockquote>\n Click the SEARCH & REPLACE tab and adjust your settings as shown above (use your own domain in the SEARCH FOR and REPLACE WITH input boxes.<\/p>\n When you click the DO SEARCH AND REPLACE button, the plugin will change all URLS it can find in the database from http to https.<\/p>\n The next step is to check for any external links you have in the content and make sure that start with https and not http.<\/p>\n You can do this by navigating to your website\u2019s pages. If the browser bar shows that the page is not secure (like the example below), find the link that is not secure and change it to https.<\/p>\n There are 2 ways to find these links.<\/p>\n First, is to use Chrome\u2019s developer tools. Right click anywhere on the page and select INSPECT. This will open the developer tools.<\/p>\n Click the CONSOLE tab to find the URL that is causing the issue. Edit your content and change the URL to https.<\/p>\n Second, check your website using this free service<\/a><\/strong>. It will crawl your pages and give you a report on the links that need to be changed.<\/p>\n If you followed the above steps successfully, then most probably your website should be fully https with no mixed content warnings and you won\u2019t have to do anything else.<\/p>\n As an extra measure, you can check and ensure that you don\u2019t have any broken links (either http or https).<\/p>\n You can use this free tool by Xenu<\/a><\/strong> to get a report of the links that need to be fixed.<\/p>\n To maintain your current Google rankings and to officially inform Google that your website is now https, you need to add the https variations to your Google search console.<\/p>\n This is the same procedure as before (if you haven\u2019t done this already for your http versions, see Chapter 2 of the Complete SEO Guide<\/a><\/strong>).<\/p>\n So, at the end of the process you will have 4 website variations registered in the Google Search Console (as shown below).<\/p>\n Note:<\/strong> It is necessary to keep both the http and https versions in your Google search Console since Google considers these to be 4 \u2018different\u2019 websites.<\/p>\n Repeat the same procedure and submit your https websites to Bing Webmaster tools<\/a><\/strong> as well.<\/p>\n While managing your websites in Google search console, it\u2019s also recommended to re-generate your XML sitemap and make sure that all links are now https and re-submit it to Google.<\/p>\n This guide \u2018How to optimize your XML sitemap for maximum SEO<\/a><\/strong>\u2019, will give you all the details.<\/p>\n Another check to make is to ensure that your ROBOTS.TXT file is not accidentally blocking search engines from accessing your https website.<\/p>\n Login to the Google Search Console and select ROBOTS.TXT TESTER (under Crawl). Click the TEST button and make sure that you get a GREEN bar with the word ALLOWED.<\/p>\n This means that Google can successfully access your website without any blockings.<\/p>\n The next and final step is to submit your new website to Google.<\/p>\n Although we resubmitted the XML sitemap and Google will know about the change in URLS, to speed up the process you can go to FEATH AS GOOGLE (under Crawl), click FETCH AND RENDER.<\/p>\n Check for any errors by clicking the PARTIAL link and if everything is ok, click SUBMIT TO INDEX and choose the option to SUBMIT ALL URLS.<\/p>\n The process in now complete. Your website is configured to redirect any http requests to the equivalent HTTPS, you have fixed any mixed content warnings, your sitemap is updated and the website is submitted to Google.<\/p>\n If you want to help Google (and other search engines<\/a><\/strong>), update their index faster, you can go and edit all external links (that you can access) pointing to your website to https.<\/p>\n For example, you can go to Facebook, Twitter, Pinterest and other social networks that you added your website\u2019s link and change it to https.<\/p>\n Don\u2019t worry about the links you cannot change, the 301 redirections we added in the .htaccess<\/em> file are responsible to inform search engine\u2019s spiders that the links have changed to https.<\/p>\n The above procedure is straight forward and under normal conditions, your rankings will not be affected negatively.<\/p>\n Nevertheless, it\u2019s always wise to monitor your traffic in Google Analytics<\/a><\/strong> and ranking positions (using your favorite keyword research tool<\/a><\/strong>), to pinpoint any issues and try to resolve them as fast as possible.<\/p>\n In all websites we migrated to https we saw a slight increase in rankings and traffic.<\/p>\n Remember that https is a low ranking factor (at least for now), so don\u2019t expect huge differences.<\/p>\n Don\u2019t forget that you are adding the secure certificate not only to benefit from the ranking boost but also to increase user\u2019s trust, which can prove more beneficial in the long run.<\/p>\n Migrating your WordPress website from http to https is not difficult. The steps described above are all you need to do and for most websites the migration process takes only a couple of hours.<\/p>\n There is a cost involved since you will have to renew the SSL certificate every year, but for an online business who wants to stay in synch with the latest SEO developments and cares about data security, this is not an excuse of not migrating to https.<\/p>\n Have you migrated to https yet? Do you have a question that was not answered above? Let me know in the comments.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" This step by step guide will show you how to migrate your WordPress website from http to https without losing your rankings or SEO. To go through the process successfully you will need an SSL certificate and FTP access to your website. Before we get into the technical details, let us first examine what do […]<\/p>\n","protected":false},"author":2,"featured_media":5840,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","mc4wp_mailchimp_campaign":[]},"categories":[3],"tags":[289,290,291,292,13,234],"_links":{"self":[{"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/posts\/5829"}],"collection":[{"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/comments?post=5829"}],"version-history":[{"count":2,"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/posts\/5829\/revisions"}],"predecessor-version":[{"id":32112,"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/posts\/5829\/revisions\/32112"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/media\/5840"}],"wp:attachment":[{"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/media?parent=5829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/categories?post=5829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.reliablesoft.net\/wp-json\/wp\/v2\/tags?post=5829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"secure](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/secure-websites-in-browser.png\")
<\/p>\n![\"extended](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/extended-ssl-certificate.png\")
<\/p>\nIs https a ranking signal?<\/h2>\n
![\"google](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/google-https-guidelines-1024x239.png\")
<\/p>\n![\"https](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/https-share-in-search-results.png\")
<\/p>\n\u00a0<\/em>Should you migrate your website to https?<\/h2>\n
How to Move a WordPress Website from http to https<\/h2>\n
Step 1: Install\u00a0an SSL Certificate to your server<\/h3>\n
Step 2: Change WordPress Default URL<\/h3>\n
![\"wordpress](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/wordpress-https-settings-1024x221.png\")
<\/p>\nStep 3: Add 301 Redirects to Redirect http requests to https<\/h3>\n
\n
\n# HTTPS redirect
\n<IfModule mod_rewrite.c>
\nRewriteEngine On
\nRewriteCond %{HTTPS} off
\nRewriteCond %{HTTP_USER_AGENT} !FeedBurner\u00a0\u00a0\u00a0 [NC]
\nRewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
\nRewriteRule (.*) https:\/\/%{HTTP_HOST}\/$1 [R=301,L]
\n<\/IfModule>
\n<\/code>
\nNotice in the above code that feedburner<\/em> is excluded from https. This is needed if you are using feedburner to generate your RSS. If you are not using feedburner you can exclude those 2 lines (Feedburner and FeedValidator).<\/p>\nStep 4: Use Search and Replace<\/h3>\n
![\"replace](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/replace-http-with-https-wordpress-884x1024.png\")
<\/p>\nStep 5: Check for non-https links<\/h3>\n
![\"non](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/non-secure-page.png\")
<\/p>\n![\"mixed](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/mixed-content-warnings-1024x378.png\")
<\/p>\nStep 6: Check for broken links<\/h3>\n
Step 7: Add your https website to Google Search Console<\/h3>\n
![\"https](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/google-search-console-websites-867x1024.png\")
<\/p>\nStep 8: Re-generate your XML sitemap and submit to Google<\/h3>\n
Step 9: Check Robots.txt<\/h3>\n
![\"robots](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/robots-txt-tester-1024x813.png\")
<\/p>\nStep 10: Submit your https website to Google<\/h3>\n
![\"fetch](\"https:\/\/www.reliablesoft.net\/wp-content\/uploads\/2017\/02\/fetch-as-google-options.png\")
<\/p>\nStep 11: Change incoming links from http to https<\/h3>\n
Step 12: Monitor your rankings and traffic<\/h3>\n
Will my rankings increase after migrating to https?<\/h2>\n
Conclusion<\/h2>\n