What is HTTPS or an SSL certificate?
Put simply, there’s two types of connection to a website, HTTP and HTTPS:
HTTP has long been the standard way people access websites.
HTTPS is a secure connection, which means all the data transferred between the web server and your computer is encrypted. When shopping online, you’ll most likely have noticed a green padlock symbol in your browser’s address bar, which confirms your personal details (e.g. passwords, credit card numbers, etc) will be sent securely across the internet.
To enable HTTPS on your website, a special security certificate has to be setup, called an SSL certificate). An SSL certificate is issued by a licensing authority and it’s periodically renewed.
Why your website needs HTTPS:
Security – obviously! If you have HTTP pages, it means any data within that page, including password forms and contact forms, are sent over the internet in plain text. It’s possible the data could be intercepted and read by an attacker.
Your obligations under data protection legislation: If you’re running a membership or e-commerce site, or store users’ data in your website, you should take precautions to ensure data is handled securely. This is particularly the case with sensitive data, such as credit card details, personal information, etc.
Improve your SEO: Moving your website to HTTPS could improve your search engine optimisation. Google announced in 2014 that HTTPS websites will receive a ranking benefit, compared to websites that are running on HTTP.
Adds credibility to your business: Having a “secure” label instantly creates more trust with your website.
A faster loading website: A new technology, called HTTP/2, is now supported by all the major web browsers and it’s designed to make webpages load quicker. But to take advantage of this, your website has be running via HTTPS.
Also, from January 2017, web browsers are now labelling HTTP webpages as “not secure“.
What work is involved in converting a WordPress website from HTTP to HTTPS?
To do HTTPS properly, it involves a number of technical steps:
- If you’re using our Primary Image WordPress hosting, we’ll install an SSL certificate for your domain name for free. If you’re managing your own hosting, make sure an SSL certificate is included in your package or has been purchased from your hosting company.
- We’ll backup your website, before carrying out any changes.
- We’ll update your website configuration to ensure it uses a HTTPS address by default, rather than a HTTP address.
- For SEO purposes, it’s bad practice to have both HTTP and HTTPS websites running, because search engines will see these as two separate websites. So we’ll completely close your HTTP addresses and redirect all visitors seamlessly to the HTTPS version (using a search engine friendly method).
- We’ll change all your internal URLs, such as page addresses and image links, to all use HTTPS addresses. This involves scanning every single page and changing each link.
- Sometimes old WordPress plugins or WordPress themes will still link to HTTP addresses within their system files, so we’ll manually correct the programming. If your website page uses a HTTPS address, but loads HTTP content within the page, it’ll cause an error called a “mixed content” warning, meaning it’s not loading everything via HTTPS.
- If you have a Google Search Console account, we can also help you update your Google settings too.
Looking for a WordPress expert?
We’re highly experienced with WordPress… find out more!
So leave it to the experts and choose our HTTP to HTTPS conversion service!
One of the many training sessions and presentations we’ve given on WordPress security.
What does it cost to convert my WordPress website from HTTP to HTTPS?
- Primary Image customersFor websites hosted by Primary Image
- One-time fixed-fee for the setup work.
- SSL certificate included for free (no on-going fees).
- External customersFor websites hosted on your own servers
- One-time fixed-fee for the setup work.
- You may need to purchase an SSL certificate from your hosting company.