It's nearly October of 2017 and if your WordPress website does not have an SSL certificate along with the accompanying secure content, updated URL on your website and edited .htaccess file to be in compliance, you don't have much time. Google has announced that in October, 2017, they will start showing people a big, fat 'insecure' warning when people are using their Chrome browser and trying to fill out a contact form.

1. HTTP TO HTTPS
LYNN DYE
OKC WORDPRESS MEETUP
SEPTEMBER 28, 2017
LYNN@EXTREMEVIRTUALSUPPORT.COM @LYNNTOTHERESCUE MY WEBSITE: HTTPS://LYNNDYE.COM

2. ARE YOU READY?
• Notifications from Google for years now to secure websites with an SSL cert
• Non SSL sites will
• Be affected negatively in search
• Affect rankings in a negative way
• Starting in October, 2017, Google Chrome will slap a scary ‘non-secure’ warning when
people start to input one of your website forms. This is any type of form, i.e. contact
form

3. WHAT EXACTLY WILL HTTPS DO FOR ME?
• HTTPS takes the well-known and understood HTTP protocol, and simply layers a
SSL/TLS (hereafter referred to simply as “SSL”) encryption layer on top of it. Servers
and clients still speak exactly the same HTTP to each other, but over a secure SSL
connection that encrypts and decrypts their requests and responses. The SSL layer has
2 main purposes:
• Verifying that you are talking directly to the server that you think you are talking to
• Ensuring that only the server can read what you send it and only you can read what it
sends back
• It doesn’t keep your site ‘secure’, it keeps secure what people type in the boxes on
your site, i.e., credit card data, your name and email.
• https://robertheaton.com/2014/03/27/how-does-https-actually-work/

4. LET’S GO OVER THE STEPS TO CONVERT YOUR SITE
TO HTTPS
Part 1 – Set-up
Part 2 – Content
Updates
Part 3 – Follow
Through

5. PART 1 - LET’S TALK SSL CERTIFICATES
• Has your host already installed one of the free SSL certs on your site?
• Let’s Encrypt is very popular among WP websites and hosts
• WordPress will only recommend hosts that offer free SSL certs
https://wpdevshed.com/wordpress-hosts-offer-free-ssl-certificates/
• On the list: A2, SiteGround, DreamHost, BlueHost, WP Engine, InMotion, Pressable
• NOT on the list – HostGator
• You can get Let’s Encrypt on your own and bring it to a host
https://letsencrypt.org/getting-started/ but you will need to be somewhat techy to get
it on your site. Your host will probably help you with it but may charge you

6. PART 1 – THE SET UP
• Get your SSL certificate and
install it on your website
• Most web hosts have pretty easy
instructions
• After it’s installed, check the
certificate installation at SSL
Labs. It will verify your certificate
is installed and functioning
correctly.

7. PART 2 – CONTENT UPDATES
All your internal URLs need to be
converted from http to https
• Internal links, media (photos, video,
audio), embeds
All/any hard-coded URLs in your
custom theme and plugins
(applies to code written
specifically for your site)
• Theme templates and custom plugins –
replace the http with the https

8. PART 2 – CONTENT
UPDATES
• How to you find and replace all your URLs?
• You could use a manual process, but
it’s very tedious and it’s easy to miss
URLs
• BackupBuddy
• BackupBuddy has an area in the
database where you can do a
mass find and replace! (do a
backup before doing this!
• Click on BackupBuddy>Server
Tools>database tools and scroll
down to >Advanced: Database
Mass Text Replacement

9. PART 2 – CONTENT
UPDATES
• Velvet Blues plugin – free to use
and does the same thing as
BackupBuddy.
• Go to Tools>Update URLs
• Remember to uninstall when
you’re through with it

10. PART 2 – CONTENT UPDATES
• Now it’s time to change your WordPress settings in the dashboard
• Go to Settings>General
• Update your WordPress Address and Site Address URL to https

11. PART 2 – CONTENT UPDATES
• As soon as you update your WP dashboard URL to https, you’ll be immediately
logged out
• This is because now your website has the NEW URL (https)
• Log back in – your login info is still the same!

12. PART 2 – CONTENT UPDATES
• Time to test your website
• Go to all of your pages (or at least your main pages, if your website is very large with
blog articles), and check for the green padlock
• What if you don’t have the green padlock!!?? Check your site at
https://www.whynopadlock.com/ Put your URL in and it’ll come back with what
problems you may have
• You can also use the Chrome Dev Tool to inspect your pages. Click the 3 dots at the
upper right, scroll down to Tools>Developer Tools, then Right click>inspect>go to the
security tab
• Then refresh the page and find and update the insecure items

13. PART 2 – CONTENT
UPDATES
• This part can be the most
difficult and frustrating
• Places to check
• Your style.css file (do a
search for http to see if
you can find it that way)
• Another file that your
theme might use

14. CONTENT UPDATES
• To fix this error, I could see it was an insecure image in my css stylesheet
• I logged into my WP dashboard, opened the custom css stylesheet and did a
search for ‘callusphone’ and found it
• To fix something like this, put the ‘s’ after the http and that should fix it

15. CONTENT UPDATES
• Then I ran another test and
found everything clean and
green!

16. PART 3 – FOLLOW THROUGH
• You can add some code to your wp.config file to force SSL on all your pages
• This file is in your public_html folder on your host. Good idea to download your
current wp.config file before changing the code. If something goes wrong, you
can delete the one you changed and re-upload your original file.
• define('FORCE_SSL', true);
define('FORCE_SSL_ADMIN',true);
• Should you do this? Some say yes, some no

17. PART 3 – FOLLOW THROUGH
• Now it’s time to add the 301 redirect to your .htaccess file
• It contains information about caching, re-directions and other exciting technical
stuff that you normally wouldn’t have to worry about too much.
• This file is also in your public_html folder on your host. Backup as before
• This tells any website visitor who may have typed in http to redirect them to https

18. FOLLOW THROUGH
• I’ve seen more than one example of the 301 redirect code – the first one I got
from Yoast & was used in the webinar I was on and the one I’ve used on websites
I’ve converted
• RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
• Or
• RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301
]

19. FOLLOW THROUGH
• Now we need to let Google know about your website change—this is to keep
your SEO in good form. So log into your Google Webmaster Tools. Here you will
click add a property.

20. FOLLOW THROUGH
• Now add your ‘new’ property. For mine, I added https://lynndye.tech. Yes, you will
now have two properties in your Google Webmaster Tools – this is OK!

21. FOLLOW THROUGH
• Now we need to add your
sitemap. You can get this from
your Yoast SEO plugin in your
WP dashboard

22. FOLLOW THROUGH
• On my website, I had 3 sitemaps, so I copied and pasted each into my Google
Webmaster Tools console

23. FOLLOW THROUGH
• After you’ve submitted your
sitemap(s), go back to the
add/test button and this time
click on test after you’ve put your
URL in. You should get no errors

24. FOLLOW THROUGH
• Another thing you’ll want to do in Google Webmaster Tools is a ‘Fetch and Crawl’,
so Google will crawl your ‘new’ website.

25. FOLLOW THROUGH
• Here’s the Google console and the different
tabs/commands
• Test your robots.txt file. This file tells the search
engines where and where not to crawl
• You can read more here
https://yoast.com/ultimate-guide-robots-txt/

26. FOLLOW THROUGH
• Update any external, inbound links you control
• Email signatures, email newsletter, social profiles, ad networks, etc.
• If you’re on a CDN, there are steps to follow for this:
• Enable SSL support within the CDN
• Update the origin URL to your new https URL
• Enable HTTP/2 support (if available)
• Check with your CDN or webhost to see if they have a document to help walk you
through it

27. OTHER THINGS TO CONSIDER
• If you depend on a plugin to ‘fix’ all your insecure content, it might work well for
you, but something could happen with the plugin and then you’ll still have
problems
• Social share counts – they will need to be reset for the new domain
• Social tags – if you’re using a plugin to set special tags, then the links in your post
need to be converted
• Optin – links in these may need to be updated

28. RESOURCES

29. ARE YOU READY?
RESOURCES
• https://blogpioneer.com/http-to-https-
wordpress/
• https://yoast.com/moving-your-website-to-
https-ssl-tips-tricks/
• https://support.google.com/webmasters/to
pic/6029673
• http://searchengineland.com/http-https-
seos-guide-securing-website-246940
CONTACT ME
• If you are somewhat techy, you can
do your website conversion on our
own
• Contact me with questions or if you’d
like me to do your website
conversion
• lynn@extremevirtualsupport.com