• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

PenguinWP

Digital Marketing & WordPress Guides, Tips & Tutorials

  • WORDPRESS
    • Plugins
    • Themes
    • Hosts
  • MARKETING
    • Affiliate Marketing
    • Digest
    • Domains
    • Email Marketing
    • Google AMP
    • Google Analytics
    • Google Tag Manager
    • How To
    • SEO
    • Social Media
    • Tools
  • TOOLS
    • WP Author Bio – Free WordPress Plugin
    • WPSNIFFER – Free Chrome Extension
  • CONTACT
You are here: Home / WordPress / Moving WordPress to HTTPS with Let’s Encrypt

Moving WordPress to HTTPS with Let’s Encrypt

November 20, 2016 By Andy Forsberg 11 Comments

Moving WordPress to HTTPS with Let’s Encrypt
Tweet
Share
Share
Reddit
Buffer

Why move to HTTPS?

  • Google has plans to show the following “Not secure” alert in Chrome’s URL bar for all HTTP pages in the not too distant future. When it does happen you don’t want your visitors to see this on your website:
    Chrome HTTP Future Not Secure Warning Alert
  • Google uses HTTPS as a ranking signal, which means you get SEO benefits from moving to HTTPS
  • SSL (Secure Sockets Layer) connections encrypt data passed between your visitors and your web server. This prevents potentially malicious third parties from doing any harm with your visitors information, because they can’t read the information when it is encrypted.
  • Having that sweet, sweet green lock in the URL bar for your site is pretty sweet.
  • Let’s Encrypt allows you to do it easily and for free, so there’s no more excuse not to.

1. Install SSL with Let’s Encrypt

Let's Encrypt - Free SSL/TLS Certificates

What is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit by the Internet Security Research Group (ISRG). It makes it possible to obtain browser-trusted certificates for your domains at no cost that renew automatically.

To install an SSL with Let’s Encrypt simply login to your cPanel and find the following icon in the security section and click on it:

Let's Encrypt cPanel Icon

Now just select the domain you want to install an SSL certificate on, enter your email address and click “Install”.

One Click SSL Installation for Free in cPanel

As long as you don’t get an error message that’s it, it was that easy! Congrats you’ve installed an SSL certificate! You can thank Let’s Encrypt for being awesome now and if you’re really feeling generous feel free to give them a donation.

Now just verify that your HTTPS is working by visiting your home page using HTTPS in the URL instead of HTTP in Chrome. If your URL remains as HTTPS (without redirecting) and you don’t see the following “Your connection is not private” error your SSL appears to be working properly:

No SSL Chrome Error Message

2. Force SSL

Now that you have verified that HTTPS is working on your domain name you want to force WordPress to always use HTTPS. The easiest way to do this is to simply install and activate the WP Force SSL WordPress plugin.

WP Force SSL WordPress Plugin

Make sure to clear your WordPress and browser cache as needed until every URL to your WordPress site using HTTP redirects to HTTPS. If you run into any redirect issues httpstatus.io is an incredibly useful tool for debugging them and uncovering unwanted redirect chains.

3. Update Links

Search Regex makes it a breeze to adjust all your links simultaneously so they work with HTTPS. Simply install and activate the free Search Regex plugin, then in your WordPress admin control panel go to Tools > Search Regex and enter the following:

Make Links Relative with Search Regex

First click on “Replace” to see what the replacements are going to be made, then if it looks good hit “Replace & Save” to implement the changes.

4. Avoid Mixed Content Errors

Mixed content errors occur when pages on your site contain non-secure images, scripts and/or CSS files. When this happens a warning message occurs in your browser. Since you went through the trouble of moving to HTTPS you’ll want to make sure to remove these so you can get that sweet, sweet green icon in Chrome’s URL bar!

The icon in Chrome’s URL bar changes from a green padlock to a grey information icon like in the following screenshot:

Mixed Content Warning Chrome URL Icon Changes

If you click on the information icon it yields the following report:

Google Chrome Mixed Content Error Message

Scan your site for mixed content errors with JitBit’s free SSL-check tool and remove them all.

5. Move Your CDN to HTTPS

If you use a CDN (Cloudflare, MaxCDN, etc.) you will need to enable HTTPS on your CDN as well so when you include files from it you won’t get mixed content errors. Each CDN offers a different way to accomplish this so I won’t be going into detail on how to accomplish this here.

6. Verify HTTPS in Google Search Console

Since you are changing all of your sites URLs you will want Google to update their index of your website as fast as possible. So make sure your XML sitemap is updated with the new HTTPS URLs. Then verify ownership of your website with HTTPS in Google Search Console. First submit your updated XML sitemap index in Crawl > Sitemaps and then go to Crawl > Fetch as Google and “FETCH AND RENDER” your sites homepage. Wait a little bit for it to complete and click the “Request indexing” button once its available, then select “Crawl this URL and its direct links” and click “Go” to help speed up Google’s indexing of your new HTTPS website URLs.

After a week or two go incognito in Chrome and Google “site:yourdomain.com” and if you did everything correctly the majority if not all of the results you see for your domain should have HTTPS at the beginning of their URLs.

7. Keep It Fast

Enabling HTTPS has a very minor negative impact on load time. So if your website was already particularly slow, this will make it ever so slightly worse. If you have any concerns about this scan your website with GTmetrix (aim for a PageSpeed Grade of 90% or higher) and address all the reported issues you can to more than offset any negative impact on load time installing a SSL may have on your WordPress site.

Enjoy Encryption

Hopefully this guide was helpful to you. If I missed anything or if you need any further explanation please let me know about it in the comments!

Tweet
Share
Share
Reddit
Buffer

Related Content:

  • 27 Advanced Segment Templates for Google Analytics27 Advanced Segment Templates for Google Analytics
  • 7 Common Google Analytics UTM URL Tracking Mistakes To Avoid7 Common Google Analytics UTM URL Tracking Mistakes To Avoid
  • How To Force Two Factor Authentication in WordPress with JetpackHow To Force Two Factor Authentication in WordPress…
  • How To Manually Update WordPress Themes ElegantlyHow To Manually Update WordPress Themes Elegantly

About Andy Forsberg

Andy Forsberg works at FRSecure and SecurityStudio on Vendor Risk Management Software and other projects as the Digital Marketing Director. He is known for his Analytics, HubSpot, Salesforce, SEM, SEO & WordPress expertise. Andy created the WP Author Bio WordPress Plugin and WPSNIFFER Chrome extension.

Follow Andy on:
LinkedIn | Twitter | WordPress | ManageWP.org

Reader Interactions

Comments

  1. Antony Agnel says

    November 21, 2016 at 8:53 am

    A better, faster as well as a free option to encrypt would be to use Cloudflare’s universal SSL. Enabling HTTPS in WordPress using Cloudflare is a piece of cake whereas setting up and installing Let’s Encrypt is a PITA if you don’t have that option in your cPanel.

    Reply
    • Andy Forsberg says

      November 21, 2016 at 6:57 pm

      I agree Cloudflare is a spectacular option for many scenarios. It can be a hassle in some respects though. If you simply want to move to HTTPS and nothing else and you do have the option in your cPanel, using Let’s Encrypt is preferable. If you’re willing to update your nameservers to point to Cloudflare and you want or at least don’t mind having all of the add-on services Cloudflare comes bundled with it makes a lot of sense as an alternate option.

      Reply
  2. Susan Marshall VA says

    November 21, 2016 at 1:00 pm

    Thank you so much for this post. The information is very timely, useful and easy to understand. 🙂

    Reply
    • Andy Forsberg says

      November 21, 2016 at 7:07 pm

      You’re welcome, I’m glad to hear it!

      Reply
  3. James Stier says

    December 1, 2016 at 1:10 pm

    Hi Andy,

    Thanks for the sharing this precious information.

    Reply
  4. Andrej says

    December 19, 2016 at 10:49 am

    Thank you for this tutorial. I’ve bookmarked it, as I’m planning to move my blog to HTTPS. So if I finally decide to move on, I will just follow this your guide. 🙂

    Reply
  5. Ben says

    January 29, 2017 at 3:31 am

    First, thank you very much, I wanted do that but I was not sure. Your post helped me a lot 🙂

    About mixed content error, you say: “Scan your site for mixed content errors with JitBit’s free SSL-check tool and remove them all.”
    But how can I remove this error?
    For example, there is an error for the logo of my website: http://mywebsite.com/files/logo.png

    Best Regards

    Reply
    • Andy Forsberg says

      January 29, 2017 at 7:49 pm

      You’re welcome Ben, glad to hear it helped you out!

      To fix that you simply need to reference the logo via https instead of http, so it would be https://mywebsite.com/files/logo.png instead of http://mywebsite.com/files/logo.png and that would prevent the mixed content error from happening. A mixed content error is the result of loading insecure files on an otherwise secure page.

      Reply
  6. Kristov says

    October 25, 2017 at 10:28 pm

    Andy is right. Amazing so many webmasters don’t know that CloudFlare will not encrypt connection from origin server to CloudFlare edge location. So, it’s fake SSL and hackable if dont have SSL in your server. You can use new Force HTTPS plugin for with CloudFlare, and support image srcset and internal links too, try if you will: https://wordpress.org/plugins/force-https-littlebizzy/

    Reply
  7. Incipient Info says

    July 27, 2018 at 3:50 am

    Hello! Does it work properly for wp multisites too?

    Reply
    • Andy Forsberg says

      January 6, 2019 at 5:32 am

      I assume you mean Let’s Encrypt? If so, yes but you will have to set it up for each unique domain individually.

      Reply

Leave a Reply to Andy Forsberg Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar




GET OUR NEWSLETTER


200+ Digital Marketing Tools for Fueling Your Growth

  • Home
  • Contact
  • Advertising
  • Affiliate Disclaimer
  • Privacy Policy



© 2019 Penguin Initiatives.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.ACCEPT COOKIEPrivacy Policy