Switching a WordPress Site From HTTP to HTTPS

Using SSL for the entire website should be the norm these days. If you have a decent server it does not significantly reduce page speed and it allegedly even helps your Google ranking. I covered enabling SSL and configuring it so that you get an A ranking in the Qualys test in another post. This article shows how to convert an existing WordPress site from HTTP to HTTPS.

Qualys SSL test - helgeklein.com

Basic Steps

The following three steps are required in order to switch your entire WordPress site to HTTPS:

  1. Set up SSL in your webserver configuration. This article explains how to do that for Apache.
  2. Replace every occurence of http://yourdomain.com with https://yourdomain.com in the WordPress database
  3. Redirect to HTTPS

Let me explain steps two and three in detail, but please make sure you have a full database backup before you try this out!

Search and Replace in the WordPress Database

Wouldn’t it be cool if you could search and replace in the WordPress database without having to deal with SQL imports and exports? Thanks to WP-CLI, a command line interface to WordPress, you can! Many thanks to Nicholas Dille for making me aware of this nifty utility!

Install WP-CLI

Install WP-CLI as follows:

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp

Check if WP-CLI works correctly:

wp --info

Replace HTTP with HTTPS

Navigate to your WordPress directory (you need to use your own path, of course):

cd /var/www/helgeklein.com/public_html/
Dry Run

Test the replace command by appending the dry-run parameter. Notice how we skip the guid column.

wp search-replace 'http://helgeklein.com' 'https://helgeklein.com' --skip-columns=guid --dry-run
The Real Thing

This DOES modify your WordPress database!

wp search-replace 'http://helgeklein.com' 'https://helgeklein.com' --skip-columns=guid

Caching Plugins like W3 Total Cache

If you are using a caching plugin like W3 Total Cache delete the cache now. You should also configure it to not cache the (RSS/atom) feeds. Although that would be good for performance W3TC 0.9.4 inserted a head element before the rss tag which broke the feed.

Redirect to HTTPS

With these simple configuration changes, HTTPS is already fully configured. WordPress automatically redirects HTTP requests to HTTPS. For good measure and possible slightly improved performance redirect at the (Apache) server level. Put this in your virtual host configuration:

# HTTPS everywhere
RedirectPermanent / https://helgeklein.com/


If you have a multisite installation it may be necessary to update the subsites’ siteurl and home settings. You can do that through the WordPress UI by checking the corresponding checkbox:

WordPress subsite - update siteurl

, ,

2 Responses to Switching a WordPress Site From HTTP to HTTPS

  1. MaAnna December 17, 2016 at 23:23 #

    Thanks for the conversion guide Helge. You mention a couple of things that I don’t see talked about much, and that’s skipping the GUID and internal WP redirects.

    I see lots of other guides that either use db conversion scripts with something like
    UPDATE wp_posts SET guid = replace(guid, ‘http://www.oldurl.com’,’https://www.newurl.com’);

    or they use the Search and Replace script from Interconnect/IT.

    Doesn’t changing the GUID output all of your RSS feed anew?

    Do you get mixed media messages if you don’t convert the GUID?

    The other thing you mention is the internal redirects that WordPress already includes. You really don’t need a 301 regex to redirect to your new canonical, correct?

    My understanding is that it might be a hair faster if you include one in .htaccess, but that’s the only reason, correct?

  2. Mike May 25, 2017 at 22:23 #

    Your recommendations didn’t work for me. When I run “wp search-replace…” command I get an error “This does not seem to be a WordPress install” even though I am in the WordPress blog folder of my site.

Leave a Reply