Moving WordPress website to HTTPS – securing your site for visitors while improving SEO

Technical:

• Buy and install a SSL certificate
• Backup database and files
• Try to change all absolute references to relative, or change all hard-coded “http://www.yoursite.com…”  into “https://www.yoursite.com…”
  (tip – if you wish to leave both “http” and “https” options but use absolute links just drop the protocol and link with “//www.yoursite.com”. This will adjust the protocol to the one used.)
  The best combination for doing this change is by using an editor to search and replace all the site’s files and using a search & replace plugin doing the same in the database.
  * Pay attention not to replace just “http://” with “https://” since this will affect your outgoing links as well
  * If you’re migrating only part of your website use the entire path in the replace string
• Login to your WordPress dashboard and navigate to Settings > General.
  Ensure that the WordPress Address (URL) and Site Address (URL) are both https. If not, add S after http to make https and save it.
• Browse your site and check for warnings about insecure content. Fix references accordingly. There are online tools (Missing Padlock, HTTPS Checker, Why No Padlock?) that crawl your site for such warnings.
• If needed, configure a server referrer policy.
• Consider declaring a Content Security Policy

SEO:

• Set up a 301 permanent redirect to inform Google of the URL change by adding the code below at the top of WordPress’ .htaccess file:
  
  Apache

  # force https RewriteEngine on RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule (.*) https://www.yoursite.com%{REQUEST_URI} [R=301,L]

  1 2 3 4 5

  # force https RewriteEngine on RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule (.*) https://www.yoursite.com%{REQUEST_URI} [R=301,L]

  
  *Change www.yoursite.com above to your WordPress URL.
• Change the view settings in Google analytics from “http://” to “https://”.
• Add an annotation in Google analytics indicating the move to “https”. This will help you to compare traffic before and after.
• Ensure your HTTPS site version is added in Google Search Console and Bing
  Webmaster Tools. In Google Search Console, add both the www and non-www
  versions. Set your preferred domain under the HTTPS versions.
• Ensure canonical tags point to the HTTPS URL.
• Ensure your XML Sitemap includes the HTTPS URL.
• Main external links to your site (from social network etc.) should point to HTTPS.