Switching WordPress to HTTPS

Finally, after much deliberation, I decided to move my blog to https. For the past few months I had encountered articles pointing that google gives a higher ranking for sites served over https. I had decided against https as I was afraid it may slow down by blog. However, the following message from google forced me to take the issue seriously and finally move to https.

To owner of http://www.codediesel.com,

Starting October 2017, Chrome (version 62) will show a ‘NOT SECURE’ warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. …

The new warning is part of a long term plan to mark all pages served over HTTP as ‘not secure’.

Luckily during the same time Godaddy was offering SSL certificates at a discounted price. So taking this as a sign I bought the SSL certificate and moved my blog to HTTPS. Surprisingly installing SSL on Godaddy was a breeze. There was no configuration involved and the SSL certificate was applied within a few minutes.

After SSL installation

Now that the certificate is installed, I needed to force all http traffic to use https instead. This was accomplished with a few lines in my sites .htaccess file. The redirect used was a 301 redirect, which indicates to search engines that the redirect is permanent instead of temporary and will cause search engines to index the https version of your site instead of the http.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

After changing the .htaccess file I changed the ‘WordPress Address (URL)’ and ‘Site Address (URL)’ in WordPress admin settings page to https.

However I found that the browser was not showing the ‘green-lock’ icon for a secure page.

This was caused because some of the images on the pages were hard-coded to use http, due to which the browser was giving a ‘mixed content’ warning. Mixed content is when you visit a secure web page (HTTPS) and if the HTTPS page also includes content retrieved through a normal HTTP connection the connection is than only partially encrypted. This is called a ‘mixed content’ page. Luckily for me I only had a few images manually hard-coded with a http scheme. So changing that to https was enough to make the browser display a ‘green lock’ icon.

Site speed

My fears of https slowing down the site were ill-founded and I did not see much speed decrease after the https switch. Of course https adds another layer of security so the speed is bound to get slow but not by a factor I thought.

So in conclusion, the switch to https was a smooth process and took around a few hours.

7 thoughts to “Switching WordPress to HTTPS”

  1. The updates might actually bring some castling:) I have switched to https in January and also haven’t noticed any speed decreases since. Cheers!

Leave a Reply

Your email address will not be published.