How I Easily Switched My Self-Hosted WordPress Site To HTTPS

With Google pushing to make the web a more secure place, using HTTPS on your site is simply the right thing to do. Did you know that it will help you rank higher in Google searches? It’s actually been affecting rankings since 2014, so now’s a good a time as ever to make the switch if you have not done it yet. I just switched this site over to HTTPS and it was a lot easier than I expected so I figured I’d show you how I did mine in case it could help you too.

How I Easily Switched My Self-Hosted WordPress Site To HTTPS

Before I get into the details I just want to say that if you’re not tech-savvy and going into your cpanel scares you, it would be best to get a professional to do this for you. If all goes well you won’t need to go in you cpanel; this is more a “just in case things go wrong”.

Backup Your Site

Always, always, ALWAYS, backup your site before you do any major changes. I pay for a backup service through my hosting company so I don’t have to worry about this. But if you don’t already have a backup plan (whether automated or manual), make sure you backup your site first.

There are some plugins that can help you do this (for free) and you can do backups to your Dropbox or Google Drive (and many other locations). I know that UpdraftPlus is a very popular plugin for backups.

HostPapa Canada HostPapa International

Security Certificate

To make your site secure you need a security certificate. Many hosting companies offer a free security certificate called Let’s Encrypt. If you’re not sure if your hosting company offers it you can either check their hosting plan or you can look in your cpanel.

I host my site with HostPapa and they have Let’s Encrypt. I confirmed my certificate status in my cpanel.


The other option is to buy a security certificate, but I won’t get into that because I didn’t have to do it and wouldn’t know how to guide you through it.

Do The Switch

Let a plugin do the work for you, that’s what I did! I installed the plugin Real Simple SSL and it did all the work for me.

Once you activate the plugin you get this message:

plugin activated

I didn’t change anything. I figured I’d just do the switch and fix anything that needs to be fixed afterwards. So I clicked on Go ahead, activate SSL!

I use a caching plugin and because of that my SSL plugin settings initially looked like this:


Since I use the free version of the caching plugin I cannot delete my cache through the plugin. To do so I have to go in my cpanel and delete the cached files through the File Manager (I do this often to refresh the cache after a new post is published). Once the cache was deleted and I refreshed the plugin page I had all green check marks, yay! (Except for the two that require the Premium version.)

Enable 301 .htaccess Redirect

One last thing to do is to enable is the 301 .htaccess redirect, which you can do through the plugin.

This is the note from Realy Simple SSL regarding the 301 .htaccess redirect:
A .htaccess redirect is faster. Realy Simple SSL detects the redirect code that is most likely to work (99% of websites), but this is not 100%. Make sure you know how to regain access if anything goes wrong!

enable 301 redirect

In case anything goes wrong, you need to know how to modify your .htaccess file through your cpanel, and possibly disable the plugin as well (also through the cpanel). I’m comfortable with all of this and have done it all before so I was not scared to go ahead and enable the redirect. Everything went smoothly for me and I did not have to go fix anything in my cpanel.

Check Your Site

The last step to make sure all went well is to check your site. If your URL bar looks like this (in Chrome), then all is well and done! In Firefox you’ll only see a green lock, not the word Secure.


That’s all I had to do and it works great! If someone has your old (non-HTTPS) URL, no need to worry; your site will automatically switch to HTTPS. So if you have other blogs/sites linking back to you, you don’t have to contact them all to have your URLs updated; it’ll all be done automatically once users get to your site (that’s what the 301 .htaccess redirect does).

If at this point your site still doesn’t have the green lock, there are a few options you can try: (1) upgrade to the Premium version ($25 USD), or (2) try another plugin: SSL Insecure Content Fixer or Force HTTPS (SSL Redirect & Fix Insecure Content) are two suggestions.

UPDATE: If at this point you don’t have the green lock, check Laura’s comment below, it could help you.

Update Google Analytics and Google Search Console

You only need to do this if you use these services.

Once you’ve done the update through the plugin, it’ll tell you to update your Google Analytics and Google Search Console accounts, and it will provide you with this link: How to setup Google Analytics and Google Search Console/Webmaster Tools. Easy peasy!

Update Social Media

The last thing to do is to update the links to your site on your social media accounts and other possible services you use on your blog. Here are a few suggestions to check/update. I know there are more, but these are the ones I use.

  • Disqus
  • Facebook
  • Google+
  • Gravatar
  • Instagram
  • Media Kit
  • Twitter
  • Youtube

Once you’ve gone through all of this and you have the green lock on your site, you’re all done! I work in IT so all of this was actually quite exciting for me to do. 😀

Did you switch your site to HTTPS? Was it easy or did you encounter problems?

– Chantal 🙂

How I Easily Switched My Self-Hosted WordPress Site To HTTPS

Share this: