Definitive Answer for SSL Migration??

  • I have read many how-to articles and posts on various sites for how to correctly move a wordpress site to SSL so the entire site is using HTTPS without affecting Google rankings or WordPress functionality. Some were very long winded and used 301 redirects in .htaccess and manual database changes, whilst some were simply saying use the HTTPS plugin(which has not been updated for a while, so I do not want to use)

    So I experimented and found that after installing the SSL cert, just changing the site urls in WordPress General settings to https instead of http seemed to make the entire site work with HTTPS and seemed to take care of 301 re-directs from http to https on all pages and has no negative impact on Google ranking – although I’m not sure quite how these 301 re-directs are working with no change to the .htaccess file!!

    Can anyone advise whether this is a good solution or should I be doing something else?

    The only problem I have come up against is that all of the image URL’s on posts and pages were still HTTP so I had to manually change them all. If anyone is aware of better solution can they please advise. I will soon need to do this with a site that has 3000 images ??

Viewing 7 replies - 1 through 7 (of 7 total)

  • That’s where database changes are necessary, when you need to update a large number of http URLs to https. But also not break any serialized data in WordPress. I use this search and replace script that serializes data to prevent plugins and other options from breaking.

    Always backup database before any changes.

    301 redirect is necessary to make sure that https://domain.com always redirects to https://domain.com. If it doesn’t, Google will think they are 2 separate sites and you might get penalized for duplicate content.

    WordPress HTTPS plugin hasn’t been updated because it works, we’ve used it successfully without issues on 4.0.

    But it’s not necessary if entire website is https.

    Lastly, keep in mind, with https change all your social media sharing counts will pretty much reset since it’s a new URL technically. Some will update in few weeks, but it won’t be the same as http.

    Thread Starter ksmales23

    (@ksmales23)

    It seems to have already taken care of redirecting https://domain.com to https://www.domain.com. Although I am not sure how any of the redirects are working as there are no .htaccess entries and I haven’t altered server config.

    I would really like to understand the mechanics of how these redirects work from just changing the General setting in WordPress, as every page in my site now automatically redirects to the https version with no manual 301s necessary!

    The problem with using the search and replace script and telling it to change all references of HTTP to HTTPS is that it will also change all links to external sites in pages/posts, which I don’t want. There seems to be no way to get it differentiate between embedded images and external hyperlinks.

    Thread Starter ksmales23

    (@ksmales23)

    In fact… if I put manual 301s into the .htaccess may website becomes in accessible with a redirect loop.

    When you run a search and replace script, you need to run it for your entire domain… not just http.

    Search: https://domain.com
    Replace: https://domain.com

    But it must be serialized, otherwise plugin/theme options will disappear on you.

    You can read more on http/https redirects on Yoast’s blog.

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    I would really like to understand the mechanics of how these redirects work from just changing the General setting in WordPress, as every page in my site now automatically redirects to the https version with no manual 301s necessary!

    WordPress has built in “Canonical Redirect” functionality. It knows what the URLs are supposed to be. When it builds the page, it compares the URL that it has with the URL that you’re using, and if they don’t match, then it redirects you to the correct URL. With the https being in the site urls, then those are considered to be the correct URLs, and so it will redirect to that.

    Thread Starter ksmales23

    (@ksmales23)

    Thank you Sam and Victor for your help. I think I now have the definitive way to convert an entire site to SSL without using plugins… I found that with some hosts just changing the urls in general settings causes a re-direct loop making the site inaccessible. The following process seems to work on all hosts I have tested:-

    1. Change URL’s in WordPress general settings to https instead of http (this may cause a re-direct loop, if it does move quickly to the next step)

    2. Put this at the beginning of your .htaccess file in the wordpress root directory:-

    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

    …And this at the top of wp-config.php file under the opening <php tag :-

    if($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’)
    { $_SERVER[‘HTTPS’] = ‘on’;
    $_SERVER[‘SERVER_PORT’] = 443; }

    3. You now need to change the urls of any media files that you have embedded in pages and posts from http to https. This can be done manually in WordPress admin or via the search and replace script that Viktor kindly pointed out earlier in this post.

    I believe that this is all that is necessary and has worked with all my sites and hosts.

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    Ah, the reverse proxy situation.

    Yes, if your site is behind a reverse proxy providing the https, then you will need that second step. This is briefly mentioned here:

    https://codex.www.ads-software.com/Administration_Over_SSL

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Definitive Answer for SSL Migration??’ is closed to new replies.

Tags