Find me on:


HTTP to HTTPS Migration Guide for Wordpress on WPEngine

Last updated: 2017-02-26

I have migrated over a dozen websites to HTTPS in the last months. As expected, no one traffic skyrocketed. On the other end, no one had a noticeable drop in traffic.

I still do recommend the HTTPS move for most sites. So I thought I’d document my process into a guide if it can help the ones who want to switch to HTTPS themselves.

Disclaimer: These steps cover what most WPEngine (and similar hosts) users need to do to move their Wordpress site to HTTPS safely, but every site is unique and may require steps not included here. If you have questions regarding your site, feel free to leave a comment.

Looking to get your Wordpress site moved to HTTPS by an expert? Please see my HTTPS migration services or contact me directly.

So here we go…

1. Install SSL Certificates

Open the WPEngine install and go to “SSL” on the left hand side menu. Select both subdomains (www and non-www) under Let’s Encrypt SSL Certificates and click “Request SSL Certificate”.

WPEngine Let's Encypt SSL Certificates

2. Crawl and Save HTTP URLs

Fire up Screaming Frog and crawl your entire site. Save file as HTTP-crawl.seospider.

seospider file

Then export all URLs from your crawl:

seospider file

Then save a copy of your XML sitemap(s).

You should now have 3 files:

Crawl files

Keep these close, you’ll need them later.

3. Create a Backup

Before going forward, create a backup in WPEngine admin under “Backup Points”.

WPEngine Backup points

Open phpMyAdmin via the WPEngine install menu:

phpmyadmin link

Select your database and export:

Export mysql database

Then open the database with TextWrangler (or your favorite text editor) and mass replace (cmd+F) your domain name to the https version. If you use www it should like this:

Mass find and replace

Replace and to (or, whichever one you use).

Save it, rename the file to new-mysql.sql and upload it to your /wp-content/ folder via FTP.

5. Configure SSL / HTTPS

Under SSL in WPEngine admin, set the following configurations:

SSL Configurations

6. Import new MySQL Database

Go to WPEngine chat support and ask them to import the updated Mysql database. Once they confirm it's done, keep the chat open.

Go in WPEngine General Settings in WP and “Purge All Caches”.

Purge All Caches

Then clear your browser cache and check if the site is working properly.

If it’s not ask WPEngine support to revert back or restore yourself using your previous backup via the admin panel.

If it crashed the site (which can happen for unknown reasons) you can skip the above and do the following instead.

6.1 You can just ask WPEngine support to mass replace and to (or, whichever one you use).

Or last resort…

6.2 Go to Wordpress admin under Settings > General and update both URLs to HTTPS and “Save Changes”.

Wordpress default URL addresses

Then you can update your internal links to HTTPS with the help of this plugin.

7. Test 301 Redirects

To test redirects, open HTTP-internal-html.csv and copy all URLs under the "Address" row. Paste in TextWrangler and mass replace (cmd+F) the URLs without www (or invert) to test redirects with and without “www”.

Wordpress default URL addresses

Open Screaming Frog, change the Mode to “List” and paste all www and non-www HTTP URLs.

Test 301 redirects in Screaming Frog

Make sure they all 301 to the HTTPS version.

8. Crawl HTTPS URLs & Fix Insecure URLs

Start a fresh crawl in Screaming Frog. Once done, make sure your canonical URLs are updated.

Canonical report

Export the Insecure Content Report:

Insecure Content Report

In the report, you’ll find the pages containing insecure URLs under “Source” and the related insecure URLs under “Destination”.

You’ll want to fix all these to render the whole page in HTTPS.

The quickest way to do this is to download the wp-content directory via FTP and use Sublime Text (cmd+shift+F) to search insecure links in all files in wp-content directory. Go through all insecure links, save file and then reupload the files or entire directory.

You can also use Google Inspect and the "Fetch As Google" tool (in Webmaster Tools) to help spot and fix insecure links.

Then clear your browser cache, purge all caches in Wordpress admin (see #6) and flush DNS cache.

Finally, run a new crawl to make sure insecure links are all cleared up.

9. Add HTTPS Properties to Webmaster Tools

Add and verify and

Add a Property button

If you don’t already have and in GWT properties, add them too.

10. Submit HTTPS XML Sitemap

Make sure your XML sitemap URLs are now HTTPS (you might have to regenerate it). Then Save a copy and crawl with Screaming Frog to make sure all URLs return a 200 status code.

In your Webmaster Tools main HTTPS property, submit your sitemap under Crawl > Sitemaps:

Webmaster Tools Add XML Sitemap

11. Update Google Analytics to HTTPS

In Google Analytics, go to Admin > Property Settings and set the default URL to HTTPS.

Google Analytics Property Settings

Then go to Admin > View Settings and do the same thing.

On the same page you can also “Adjust Search Console” to your new Webmaster Tools property.

Update your robots.txt sitemap link to HTTPS.

Robots.txt sitemap link

Update your social profiles links to HTTPS (Twitter, LinkedIn, Facebook, etc.) and websites you have control over. It's also recommended to get a few external backlinks updated if possible.

14. Upload HTTP Sitemap

Via FTP, create a /http-xml/ folder in your root directory and upload your HTTP sitemap you saved earlier. In Webmaster Tools go in your main HTTP property under Crawl > Sitemap and delete the existing XML sitemap.

Then Submit the new one /http-xml/sitemap.xml. This will help accelerate reindexing.

15. Reupload Disavow File

If you had a disavow file submited under your HTTP properties. Reupload to both www and non-www HTTPS properties.

16. Monitor Reindexing and traffic

In the following days and weeks you’ll want to make sure the reindexation goes well by monitoring indexation and organic traffic.

Data should also start appearing in your Webmaster Tools HTTPS property within a few days.

Commands I use to monitor indexation in Google:

  • inurl:https
  • -inurl:https

That's it, hope this helps! If you have any question or comment, leave it below.

Category: Technical SEO

comments powered by Disqus

About Me

I'm Charles, an independent SEO Consultant. I blog here about SEO and life experiences. Read more