This is a checklist of tasks to do AFTER your SSL certificate has been installed, and BEFORE you start your site’s conversion from HTTP to HTTPS. When done correctly, the move to HTTPS will be time-consuming. But you can reduce your headaches if you gather some information before you start.
To Use a Plugin or Not to Use a Plugin
I do not recommend using a WordPress plugin to implement HTTPS, as this approach adds an unnecessary of layer of redirects, inefficiency, and bad SEO juju. And if the plugin ever stops working, or is no longer supported, all the links within your database are still HTTP, so you’ve not really converted anything. OTOH, using a plugin can be a quick fix. I don’t have any particular plugin to recommend, as I don’t use them.A checklist of tasks to do before converting #WordPress site from HTTP to #HTTPS.Click To Tweet
1) Make sure your SSL is installed properly. Right click on any image on your site, and open it in a new tab. Change “http:” to “https:” in the browser address bar, and make sure you see the green lock with no SSL certificate errors.
By the way, I am a big fan of asking your host to actually install your SSL certificate. There are so many small variations in the way that certificates are installed, I prefer not to get involved. And, I’ve never heard of a (decent) host that refused to help by installing a SSL certificate for you.
2) Make sure you have a backup plugin installed, because you should always have a backup before making any database changes. I use and recommend BackupBuddy.
3) Do you have access to your .htaccess file in the root folder of your site? If not, ask your host about it. After you’ve completed your conversion from HTTP to HTTPS, you will need to edit your .htaccess in order to add 301 redirects from your old HTTP site to your new HTTPS site.
4) Do you have access to phpMyAdmin to modify your WordPress database? Ask your host if you do not know. Sometimes I use phpMYAdmin to do a search and replace on HTTP URLs. Other times, I simply use the free WordPress plugin: Better Search Replace.
5) Do you use a CDN for caching? If so, do they have a HTTPS url you can use? What is the URL? If not, you will not be able to use them when you switch to HTTPS. I use and recommend MaxCDN; they provide free HTTPS for your cached images.
6) Do you embed videos from YouTube, or content from other websites? Amazon? Vimeo? Badges? Awards? Affiliate images? Do they have a HTTPS URL you can use? Make a list of all the websites you embed from, and their HTTPS URL. Is it simply the same URL with HTTPS instead of HTTP? Or is the HTTPS URL slightly different?
7) Are you loading scripts from other servers? Ad scripts? Widget scripts? Fonts? Infographics? Do they all support HTTPS? You will not be able to use any non-HTTPS scripts after your switch to HTTPS.
8) Do you use a plugin for social sharing? Do they combine your old shares counts with your new HTTPS share counts? If this is important to you, you might need to switch to a new social sharing plugin. I use and recommend Social Warfare Pro.