Migrating your WordPress site to SSL

There are two steps to migrating your WordPress site over to SSL (https instead of http) after you have set up your certificate and web server configuration.

The first is relatively easy: update your Settings > General and change the WordPress Address (URL) and Site Address (URL) from http to https.

The second, part is a bit trickier.

Basically for SSL to work correctly you want to avoid mix-mode content. This is where content is being served both via http (non-SSL) and https (SSL). When this happens your browser won’t show the site as being 100% SSL, and instead display different messages depending on your browser. Its enough to deter users from using the site if they are expecting the “green” secure padlock.

To fix this, you need to find and replace references to non-SSL content (hardcoded with http://) in two places — your code and your database.

For your code, the first place to check is your theme code and settings. Look for and replace any instances of http:// with https://

You can use your browser’s debugging/inspector to check for files that are not loading via https://. Note too these might be external resources and scripts (e.g. external Javascript libraries, Google fonts etc). This can also be an issue in plugins, particularly when authors start hardcoding the absolute URL with http://.

For your database, use a tool like Better Search & Replace to search your WordPress site for references to http://<yoursite>.com and replace it with https://<yoursite>.com.