Last updated: 2017-02-26
I have migrated over a dozen websites to HTTPS in the last months. As expected, no one traffic skyrocketed. On the other end, no one had a noticeable drop in traffic.
I still do recommend the HTTPS move for most sites. So I thought I’d document my process into a guide if it can help the ones who want to switch to HTTPS themselves.
Disclaimer: These steps cover what most WPEngine (and similar hosts) users need to do to move their WordPress site to HTTPS safely, but every site is unique and may require steps not included here. If you have questions regarding your site, feel free to leave a comment.
So here we go…
1. Install SSL Certificates
Open the WPEngine install and go to “SSL” on the left hand side menu. Select both subdomains (www and non-www) under Let’s Encrypt SSL Certificates and click “Request SSL Certificate”.
2. Crawl and Save HTTP URLs
Fire up Screaming Frog and crawl your entire site. Save file as HTTP-crawl.seospider.
Then export all URLs from your crawl:
Then save a copy of your XML sitemap(s).
You should now have 3 files:
Keep these close, you’ll need them later.
3. Create a Backup
Before going forward, create a backup in WPEngine admin under “Backup Points”.
4. Update MySQL Database Links
Open phpMyAdmin via the WPEngine install menu:
Select your database and export:
Then open the database with TextWrangler (or your favorite text editor) and mass replace (cmd+F) your domain name to the https version. If you use www it should like this:
Replace http://yourdomain.com and http://www.yourdomain.com to https://www.yourdomain.com (or https://yourdomain.com, whichever one you use).
Save it, rename the file to new-mysql.sql and upload it to your /wp-content/ folder via FTP.
5. Configure SSL / HTTPS
Under SSL in WPEngine admin, set the following configurations:
6. Import new MySQL Database
Go to WPEngine chat support and ask them to import the updated Mysql database. Once they confirm it's done, keep the chat open.
Go in WPEngine General Settings in WP and “Purge All Caches”.
Then clear your browser cache and check if the site is working properly.
If it’s not ask WPEngine support to revert back or restore yourself using your previous backup via the admin panel.
If it crashed the site (which can happen for unknown reasons) you can skip the above and do the following instead.
6.1 You can just ask WPEngine support to mass replace http://yourdomain.com and http://www.yourdomain.com to https://www.yourdomain.com (or https://yourdomain.com, whichever one you use).
Or last resort…
6.2 Go to WordPress admin under Settings > General and update both URLs to HTTPS and “Save Changes”.
Then you can update your internal links to HTTPS with the help of this plugin.
7. Test 301 Redirects
To test redirects, open HTTP-internal-html.csv and copy all URLs under the "Address" row. Paste in TextWrangler and mass replace (cmd+F) the URLs without www (or invert) to test redirects with and without “www”.
Open Screaming Frog, change the Mode to “List” and paste all www and non-www HTTP URLs.
Make sure they all 301 to the HTTPS version.
8. Crawl HTTPS URLs & Fix Insecure URLs
Start a fresh crawl in Screaming Frog. Once done, make sure your canonical URLs are updated.
Export the Insecure Content Report:
In the report, you’ll find the pages containing insecure URLs under “Source” and the related insecure URLs under “Destination”.
You’ll want to fix all these to render the whole page in HTTPS.
The quickest way to do this is to download the wp-content directory via FTP and use Sublime Text (cmd+shift+F) to search insecure links in all files in wp-content directory. Go through all insecure links, save file and then reupload the files or entire directory.
You can also use Google Inspect and the "Fetch As Google" tool (in Webmaster Tools) to help spot and fix insecure links.
Then clear your browser cache, purge all caches in WordPress admin (see #6) and flush DNS cache.
Finally, run a new crawl to make sure insecure links are all cleared up.
9. Add HTTPS Properties to Webmaster Tools
10. Submit HTTPS XML Sitemap
Make sure your XML sitemap URLs are now HTTPS (you might have to regenerate it). Then Save a copy and crawl with Screaming Frog to make sure all URLs return a 200 status code.
In your Webmaster Tools main HTTPS property, submit your sitemap under Crawl > Sitemaps:
11. Update Google Analytics to HTTPS
In Google Analytics, go to Admin > Property Settings and set the default URL to HTTPS.
Then go to Admin > View Settings and do the same thing.
On the same page you can also “Adjust Search Console” to your new Webmaster Tools property.
12. Update robots.txt Sitemap Link
Update your robots.txt sitemap link to HTTPS.
13. Update External Links
Update your social profiles links to HTTPS (Twitter, LinkedIn, Facebook, etc.) and websites you have control over. It's also recommended to get a few external backlinks updated if possible.
14. Upload HTTP Sitemap
Via FTP, create a /http-xml/ folder in your root directory and upload your HTTP sitemap you saved earlier. In Webmaster Tools go in your main HTTP property under Crawl > Sitemap and delete the existing XML sitemap.
Then Submit the new one /http-xml/sitemap.xml. This will help accelerate reindexing.
15. Reupload Disavow File
If you had a disavow file submited under your HTTP properties. Reupload to both www and non-www HTTPS properties.
16. Monitor Reindexing and traffic
In the following days and weeks you’ll want to make sure the reindexation goes well by monitoring indexation and organic traffic.
Data should also start appearing in your Webmaster Tools HTTPS property within a few days.
Commands I use to monitor indexation in Google:
- site:yourdomain.com inurl:https
- site:yourdomain.com -inurl:https
That's it, hope this helps! If you have any question or comment, leave it below.