From HTTP to HTTPS, how?

To place your WordPress in HTTPS, as we have seen, you must necessarily obtain an SSL certificate for your domain name, install it on the server and finally change the permalinks of the HTTP website in HTTPS.

All links in WordPress (such as attached images, CSS themes, JavaScript files) are linked to the installation URL, also to change your WordPress from http to https, the installation URL must be changed: from http: //mywebsite.comin https://mywebsite.com

Log in to your WordPress dashboard and go to Settings >> General. Make sure the WordPress address (URL) and the website address (URL) are in https.

To easily enable (and enforce) administering WordPress over SSL, the FORCE_SSL_ADMIN constant must be set to “TRUE” in your wp-config.php file to force all connections and administrative sessions to occur on SSL .

define ( ‘FORCE_SSL_ADMIN’ , true);

If your WordPress uses a content delivery network (CDN) to serve its components (images, JavaScript, CSS style sheets), check that all the URLs are in HTTPS otherwise the certificate of your website will not be considered satisfactory by the Web browsers.

 

What to do next ?

Now that WordPress has been successfully moved to HTTPS, there are still a few things to do!

Do not forget to redirect! To set up a permanent 301 redirect, add the code below to your .htaccess file.

RewriteEngine on
RewriteCond% {HTTP_HOST} ^ yourwebsite.com [NC, OR]
RewriteCond% {HTTP_HOST} ^ www.yourwebsite.com [NC]
(*). RewriteRule ^ $ https: //www.yourwebsite.com/$1 [L, R = 301, NC]

Then look for all the URLs starting with http: // … in your contents. To do this, simply display the source code of your pages, sometimes we have real surprises …

Forcing the https for the canonical URLs of your website and it’s all the easier if you use the plugin SEO by Yoast (to adjust from SEO >> Permalinks)

There are WordPress plugins for HTTPS, personally I did not use it but it can still be useful:

• Really Simple SSL is the all-in-one extension, very easy to set up and configure
• WordPress Https forcing HTTP redirection to HTTPS
• Wp Force Https for images & items you forgot
• SSL Insecure Content Fixer for potential mixed content issues
• iFix from iThemes another alternative solution

Finally, do not forget to inform Google via Google Webmaster Tools of this change. Just validate your new domain in HTTPS and declare the transfer.

The checklist after the passage in HTTPS

To remember all this, make sure to:

• Redirect to HTTPS (301) via htaccess
• Change all URLs in your database in HTTPS
• Update your robots.txt
• Declare your site in HTTPS to Google Search et renvoyer un sitemaps
• Modify your Google Analytics code and verify it
• Test your site in HTTPS: www.ssllabs.com/ssltest/

Source : wpformation