Now if you're going to be migrating your WordPress site to HTTPS, you'll need to pay close attention to how you handle this migration. After securing your SSL certificate there's still more work to be done. You'll need to make sure that all of your redirects are in place so HTTP automatically redirects to HTTPS, and you'll need to make sure that all of the code libraries and file hosting services you're using are also secure. A really easy way to manage this setup is to use a lightweight plugin called Really Simple SSL.
Installing Really Simple SSL Plugin
I'm here on my WordPress Dashboard. I'll select Plugins from the left-hand side and choose Add New. We'll do a search for “Really Simple SSL“, and I'll choose to install now.
And then I'll select activate. Now I already have my SSL configured, so all we need to do is select Go ahead, activate SSL! And now our SSL is activated.
This plugin handles most of the issues that WordPress has with SSL. Say you're using a load balancer or there are no headers being passed, so WordPress can't detect your SSL. It also helps by automatically managing all of your incoming requests and redirecting them to HTTPS. It also changes your site URL and home URL to HTTPS, and it'll automatically solve all insecure content by forcing HTTP URLs to HTTPS.
To take a closer look let's go into the settings for this plugin. From the left-hand navigation, I'll hover over Settings and choose SSL.
From here we can see the detected setup.
So we have SSL enabled. Our mixed content filter was detected. We have an SSL certificate so we know that this is operating properly and our 301 redirects were enabled.
Difference between WordPress 301 redirect and 301 at the .htaccess level
Now the first thing that we want to do is take a look at the difference between the WordPress 301 redirect and the 301 at the .htaccess level. I highly recommend that you set your 301 redirects from HTTP to HTTPS at the .htaccess level as the WordPress 301 redirect is living within the software whereas the .htaccess is living directly within your server. We simply have to choose to enable.
After choose enable now we'll toggle this on.
Now it's really important that you know that this can cause problems depending on how your site is configured. So if you're unfamiliar I encourage that you read the article about how to regain access in the event that your site goes into a redirect loop.
From here, I'll choose Save. In this case, we received an error.
Our .htaccess file is not writeable, and this is because the way that this server is configured doesn't give this user privileges to modify the .htaccess file. So I'd have to manually copy and paste the information provided here.
Let's go back.
Now you'll also notice that there are some premium options about mixed content, secure cookies, and so on. These can be valuable, and they're not really necessary. Most often the out of the box setup is sufficient, but if you're interested to select the premium option to learn more about what that might do for your site.
Now once you've configured HTTPS you'll want to test to make sure that it's working, and you can do that by running another crawl and making sure that all of your URLs 301 redirect to HTTPS and you don't receive any 404 errors. Furthermore, you'll want to make sure that you update your site map if it doesn't automatically update, and you'll also want to make sure that you reconfigure any analytics, tracking, and say Google search console as all of those will likely have been configured as HTTP. So there's quite a bit that goes into this migration, but it's worth the effort. And I highly encourage you to move in that direction.