Call us! (ID:64475)
HomeBlog5 steps how to migrate from http to https for WordPress [video]

5 steps how to migrate from http to https for WordPress [video]

How to migrate from http to https

After you have got your SSL-certificate, you need to go through these five steps to fully migrate your WordPress website from http to https.

Since we are installing our clients SSL-certificates automatically, I'm going to assume that you have got your certificate installed on your domain already.

But having the certificate installed on your domain is only the first step. Now you need to transfer your website to the new address beginning with https. Follow me in this guide on how to do it for a WordPress site.

What you will learn in this blog post (and video)

1 Change the WordPress Address (URL) and Site Address (URL)

We will use the relocate method to change the address of your WordPress installation. Go to section ⤵

2 Change all internal references to the old http address

The database still contains lots of references to your http address. If you don't change those to https, your pages will show a warning that the page is not secure, even though the page itself loads from https. A simple tool will do this for us. Go to section ⤵

3 Redirect all incoming traffic and link juice to your https urls

We will add a 301 redirect to your .htaccess file that will effectively redirect all your incoming traffic and links to the new https urls. Go to section ⤵

4 Update all connecting apps with your new address

Most importantly, you need to tell Google Search Console of your new website address. But also other apps that communication with your website, such as payment gateways and social media apps. Go to section ⤵

5 Tell your visitors that they are on a safe website

For all websites, establishing trust is a key to success. And on an e-commerce site it is critical for conversions. So tell your clients about your SSL-certificate in strategic places. Go to section ⤵

1 Change the WordPress Address (URL) and Site Address (URL)

[This part in video] The first step is to change the base website url for WordPress. The easiest way to do this, is to use the relocate method.

  1. Add the below line to your wp-config.php file, using the hosting File Manager or your FTP client. Add it just before the line that says That's all, stop editing!
    Save the file, but keep it open as we will edit it soon.
  2. Now, open your browser and go or, if you want it with www,
    and log in on that address. This will automatically change the WordPress Address (URL)
  3. Go to Settings → General and confirm that your WordPress Address (URL) is changed.
  4. Now, copy that field and paste it into Site Address (URL) and save.
  5. Go back to the file wp-config.php and change define('RELOCATE',true); to define('RELOCATE',false);. Save and close the file.

That's it. Now you have told WordPress to load from your new https-address!

2 Change all internal references to the old http address

[This part in video] You will notice that you still have lots of references in your content to the old http address, such as internal links and src attributes to media files. If you have such references on a page, the browser will display a warning that the page is not secure, even though it loads from a https address.

So we basically have to find all instances of http://yourdomain... in the database and replace them with https://yourdomain...

Sounds hard?

It isn't. Because we will use a simple plugin that will do the job for us.

However, you should always make a backup of your database before doing these changes. If you are hosted with us, it only takes one click to make a database backup. If you are hosted somewhere else, follow their instructions on how to make a database backup.

If you are using an CDN, I suggest you inactivate your CDN plugin before continuing.

  1. Go to Plugins → Add new and search for Velvet blues Update URLs, install it and activate it.
  2. Go to Tools → Update URLs
  3. Fill in Old URL and New URL
  4. Check all the checkboxes except the last one:
    Velvet Blues Update URLs
    and hit the button Update URLs NOW

Done! If you have a caching plugin, empty your cache completely.

Now I suggest you uninstall the Velvet Blues plugin, since you won't need it anymore.

Check your site

Use JitBit's SSL Check to scan your site for any references to non-secure content. Your WordPress theme may have some image src attributes with http, or you may have some hardcoded links in widgets that start with http. The SSL Check will find them for you so you can fix them.

Another great tool is Why No Padlock, which is a little bit more precise than JitBit, but Why No Padlock checks only one page at a time, while JitBit crawls up to 200 pages on your website.

Troubleshooting site errors

If your site does not load properly or if you get warnings of unsecure content, here are some suggestions that might help you:

The design is messed up (CSS errors)

With some themes, if you have added custom CSS in Customize mode, you need to re-save those to force the system to re-generate your CSS files based on your new site url address. Go to Appearance → Customize → CSS. Make some small change (add/remove and empty line) and click the button Save & Publish. Clear site cache and test again.

Logo image loads from an insecure url

Go to Appearance → Theme Options (in some themes Appearance → Customize) and find where your logo image settings are made. Change so the logo image loads from https and save. Clear the cache and test again.

A link in a Widget starts with http

Go to Appearance → Widgets, find the widgets with the link and change it so it starts with https. Save, clear the cache and test again.

A link in the footer starts with http

Go to Appearance and find your footer settings. You will find them in any of these three places:

  • Theme Options (or Customize): Footer
  • In a Widget
  • Hardcoded in the footer.php file. Go to Appearance → Editor and find the file footer.php

Save, clear the cache and test again.

3 Redirect all incoming traffic and link juice to your https urls

[This part in video] Now you want all incoming traffic to your website to be redirected to the new address starting with https.

If someone is typing directly into the browser address bar, you want them to be redirected to https...

But much more importantly, if other websites link to your website, you need to properly redirect the incoming link juice to the new https addresses. Only the 301 redirect (that signals "Permanently moved" to the search engines) transfers the link juice from incoming links to the moved pages.

The best way is to add a 301 redirect in your .htaccess file. There are plugins that can do this, but I strongly suggest that you keep the number of plugins to a minimum, for better performance and less update management.

In your domain root folder, find the file named .htaccess. Edit it with your File Manager or with an FTP client.

Copy the below code and paste it at the beginning of the file.

# SSL Redirect by
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# END SSL Redirect by

Save and close the file.

Check that your redirect works, by going to a sub page (not the homepage) of your website, and remove the s in the beginning https. Make sure that you get redirected to the same https address.

4 Update all connecting apps with your new URL

[This part in video] Now you have done all that is needed on your website. But don't forget all the important connections you have with the world around your website.

The most important one is Google Search Console. You will have to add your https adress as a new site.

  1. Go to and log in.
  2. Click "Add a Property"
  3. Enter the URL and click continue. Follow the instructions to verify your site.
  4. Click on Sitemaps and find the button Add/Test Sitemap on the right.
  5. Submit the address to your XML sitemap (if you use Yoast SEO, your sitemap address is sitemap_index.xml)

Use this checklist to change all other applications that may have a connection or a link to your website:

  • Facebook Apps
  • Facebook Page link to your website
  • Twitter Apps
  • Twitter profile link to your website
  • Pinterest profile link to your website
  • Any other Social Media account that links to your site
  • Any other websites you own that links to your site
  • Google Analytics Profile URL
  • If you have submitted any disavow requests in Google Search Console, go there and change them

5 Tell your visitors that they are on a safe website

[This part in video] Making your visitors feel safe can increase your conversion rate dramatically. So be sure to communicate in strategic places that they are on a secure website. Most providers of SSL-certificates offer a seal in form of an image that you can place on your website.

On this website, we have an SSL-certificate from Comodo. Their trust seal, called "TrustLogo", looks like this:

If you hover over it, you will see some more specifics and proof of security. In the case of Comodo, you can also link to a verification page on their domain, conveying even more trust to your visitors. Click here to see that verification page for our certificate.

Spell out to your visitors how strong the encryption is and what level of warranty that comes with the certificate.


As you can see, migrating from http to https takes some planning and some efforts, but is is not too difficult, even for the non-techie. I would say that it takes no more than an hour for a normal website, and hey, it is worth it! Https will instill trust with your visitors, and higher rankings on Google, so what are you waiting for? Get your SSL-certificate for only $19 here.

How does it work for you? Are you missing something in our guide? We'd love to hear your thoughts in a comment.


  1. Posted July 16, 2017 at 7:59 am | Permalink

    as per the guideline when i apply 1st step for wp-config.php with given code then unable to even access my admin for your next step… any suggestions…

  2. sruthi
    Posted September 7, 2018 at 7:12 am | Permalink

    i have changed wp-config as you mentioned in 1st step but ‘privacy error’ showing while login with https url

Post a Comment

You must be logged in to post a comment.