After Installing SSL on your server or host, next step of setting 301 Permanent WordPress Redirect to HTTPS is very crucial. If you miss the config changes and database changes, you are in danger of SSL not working and also duplicate content. Remember, Google treats HTTP and HTTPS versions as two separate sites.

WordPress and other CMS which are database driven, handles HTTPS little differently. You have to change links in  database, in Widget and other internal links along with redirect code in .htaccess and config to move WordPress to HTTPS completely. However, it is easy with this guide!

Setting WordPress Redirect to HTTPS

1. Add 301 Redirect Moved Permanently code to your WordPress

a. Open your FTP or File Manager from CPanel or any other Control Panel and navigate to root of your website. You need to find .htaccess file and open it to edit. Mostly, it will look like below,

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

b. Add below code to your .htaccess, just above the BEGIN WordPress code and save the file.

RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://YOURDOMAIN.com/$1 [R=301,L]

You don’t need any extra piece of code or WordPress force SSL commands. These 3 lines will handle everything.

2. Set Your WordPress to HTTPS only.

a. Login to your WordPress admin panel and navigate to ‘Settings’ and then to ‘General’.

b. Change ‘WordPress Address (URL)‘ and ‘Site Address (URL)‘ you to HTTPS as shown below.

c. Save! You might need to login again and there is chance of some errors as the hard-coded links in database are still there.

3. Change all WordPress Database links to HTTPS.

a. Go to Plugin installation wizard and install “Velvet Blues Update URLs“. After activating it, navigate to ‘Update‘ -> ‘Tools‘ -> ‘Update URLs‘.

b. Enter current full URL and then Target URL with HTTPS.

c. Select all options except the last one. DON’T SELECT GUID OPTION ON PRODUCTION LIVE SITE.

d. Run it. It will take sometime. Don’t navigate anywhere until it is finished.

e. After it is done, check your Widget section if you have any hard-coded adverts, images etc. Change them all to HTTPS.

4. Clear Cache and Test Redirect and SSL certificate.

Clearing your cache and browser can save you from headache of ‘Why it’s not working’.

Testing redirect is something which everyone needs to do but people often don’t care or rely on host config. Remember, we have an aim of achieving SEO friendly – “Moved Permanently” and many host set this to “Moved Temporarily” which is not good in long run. Also, SSL might be visibly working but it needs to be deep tested and validated.

You can run diagnostics on free SSL checkers and 301 Redirect checking tools to get insight of issues and working of your site.

5. Tell Google about your Secured site version.

As said, Google sees HTTP and HTTPS of same site as two different sites. So, go to your Webmaster / Search Console and Analytics and add new property with full secured domain name. Don’t delete the previous one. Let it be there for some 1-3 months.

6. Update your Monetization partner accounts and Playstore Apps

Reducing HTTP to HTTPS redirect is a good idea even when you have already set up a redirect. This speeds up loads time. Time to visit Adsense, Clickbank, ShareASale, Infolinks and Google Play Publisher account and change all links to HTTPS.

I hope you managed to get that sweet Green Secured sign in address bar of your blog. If not, let me know the issues and I will help you for sure.