Site icon Search Engine People Blog

How to Move Your Site to SSL

ssl

Having an SSL certificate on your website doesn't just benefit you from security standpoint, but also from search engine ranking. Google has started using HTTPS as a ranking signal last year, which means websites that utilize it will benefit a bit from it through organic search engine ranking.

In this article, we'll go over how to move your website to SSL smoothly, while redirecting the old pages so that they pass PageRank to the new ones.

How To Get An SSL Certificate

The first step of getting your website to run as https is to simply buy an SSL certificate. There are many websites that sell SSL certificates so it's just a matter of your convenience. Since I use NameCheap as a domain registrar, I usually buy their SSL certificates.

The cheapest one starts at around $9 a year, so it's about as affordable as domain registration itself. There are three types of SSL certificates:

Although you have three choices of certificates to choose from, you can also select between single domain, wildcard (multiple subdomains), and multi-domain certificates based on your needs.

To purchase an SSL certificate, you will need general information about your website or business as well as a Certificate Signing Request (CSR). To get this, you can either ask your web host about it or login to cPanel if you have access to it.

When you login to cPanel, go to SSL/TLS Manager, and Generate a new request. Once it is generated, copy/paste it into a Notepad file so you have it when you are purchasing the actual certificate.

How To Activate A Certificate

Activating an SSL certificate can be done in a similar way as getting the CSR. The SSL certificate provider will send you a file (.crt) as well as a long string key which is the actual certificate. You can either send it to your web host and ask them to install it for you, but you can also do it yourself in cPanel.

Simply login to cPanel, then go to SSL/TLS Manager, and click on Generate, view, upload or delete SSL certificates link. There you can either upload the .crt file or paste the certificate key in the text box. Then when you click the Generate button, your certificate should be good to go provided you do not get any error messages.

To test it, simply go to your website URL using HTTPS protocol. If it loads fine without any SSL warnings, then you are good to go.

How To Setup WordPress For SSL

Changing WordPress to use the HTTPS protocol is a pretty simple process. First you should login to WordPress admin section and go to Settings -> General. Then in the WordPress Address and Site Address, change the URL of your website to include the HTTPS protocol, then save that page.

The next step is to redirect all http requests to https. There are a few WordPress plugins that do this, but I prefer doing it manually in an .htaccess file (see next section). It's easier to maintain and doesn't add any overhead to WordPress.

301 Redirecting HTTP To HTTPS

To consolidate all your ranking information and to prevent duplication of content on your site, redirect all HTTP requests to HTTPS. This setup is simpler than serving up only some pages as HTTPS.

On Apache servers this is easily accomplished by doing a site-wide redirect via the .htaccess file.

The .htaccess file lives in the root of your WordPress or website installation, so simply get to it either by logging into your FTP account or accessing File Manager in cPanel. If you do not see an .htaccess file, simply create one yourself.

Then edit the .htaccess file by pasting the following code before any other code in that file.

# Redirect HTTP to HTTPS

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

[R=301,L]

Once you save that file, you should try accessing your website with standard http protocol and ensure that it gets redirected to https correctly.

Other Helpful Tips

The first issue you might encounter with your newly installed SSL certificate is that when you access your website with HTTPS protocol, you may get browser warnings about trying to load unsecure resources. The reason that happens is because your website is trying to load something from http and it's usually as simple as images, stylesheets, or javascript files.

As a general references, when adding resources to your website, you should use a URL without protocol. Examples are shown below.

Wrong:

<link rel="stylesheet" type="text/css" href="https://www.somewebsite.com/styles.css">

<script src="https://www. somewebsite.com/script.js"></script>

Better:

<link rel="stylesheet" type="text/css" href="//www. somewebsite.com/styles.css">

<script src="//www. somewebsite.com/script.js"></script>

If you're using WordPress and want to speed up your website, you can sign up for CloudFlare and use their WordPress plugin which automatically rewrites all URLs to use non-protocol specific URLs.

* Leader image adapted from Rickydavid