For the longest time I resisted the idea of switching my main website to HTTPS secure protocol. It’s not that I resist security, but it’s all the risks it seemingly involved that scared me. I am not talking about webmasterdiary.org or one of other smaller websites I own. I am talking about my best project to date that I pretty much depend on to live.
I worried about so many things:
- traffic drops (even temporary drop scares me),
- Adsense income drop (a few years back there were reports that Adsense income drops with SSL switch because most advertisers at the time didn’t use secure connection)
- my tens of thousands of Facebook likes and other shares.
Now that the newest version of Chrome browser explicitly states “Not Secure” and Firefox flashes a red broken lock, I began to feel a sense of emergency and decided to jump in.
It was surprisingly easy. In fact, I couldn’t believe how easy it was, especially after reading so many complicated tutorials. It could be that it’s my unique setup allows for an easier experience or it could be because a lot of time passed and SSL isn’t only something a small percentage of websites does, so web hosts adjusted and began to provide better tools. In addition, it was free.
Here is how I did it (keep in mind, we are talking about a WordPress website. Please note this isn’t meant to be a checklist or a tutorial. It could be that I am still missing something. It’s just me rambling about something that is in my mind right now, but of course you could get an idea or two if you are considering to switch):
1. Went to my cPanel and downloaded my database backup.
2. Added this code for my AddThis button to display an accumulated share count for both http and https versions of my pages. I used the one for floating buttons. I then flushed the cache to make sure the code is there when I make the switch.
3. I host with SiteGround right now, so I installed their SG Optimized plugin. It can force HTTPS and it also does its own cache.
4. Went to my cPanel at SiteGround. Under security, found Let’s Encrypt icon. Turned on HTTPS Enforce and External Link rewrite button.
SiteGround says that the certificate will renew automatically, so I won’t need to worry about renewal dates. Nice!
5. Went back to my WordPress dashboard and turned on HTTPS enforce using SG Optimizer too.
6. Went to my PHPmyAdmin (using my cPanel) and entered this code to rewrite all instances of my http://site.com to https://site.com.
update wp_posts set post_content =
replace(post_content,'Text to find','text to replace with');
You could do this with a plugin, but I don’t use plugins when I don’t need to. Also trust me, using the code in your database is both easier and quicker than figuring out how some third party plugin works.
Over 2000 instances were fixed in under 3 seconds.
7. Went and manually corrected custom links in my menus and widgets via WordPress dashboard. You can’t have too many of those.
Basically, that’s it.
I had a cup of hot coffee when I began, it was still hot when I was done 🙂
Now of course I went on and added a new property in Search Console and submitted my new sitemap. That is another 30 seconds.
It was three days ago and so far I am fine. In fact, the traffic is slightly higher. My Facebook likes are still in thousands. My Adsense income didn’t drop. About 7 hours after the conversion I decided to check if Google has picked up on something by entering site:mysite.com in search. There were a few https URL already. In fact, one of the most important pages that ranks number 2 for its keyword AND has a nice featured snippet above all search results was in its usual place and it already had https in front of it in Google search results less than 7 hours after the switch!
Of course I did some checking too, like making sure my server redirects are 301. Although totally unnecessary, I still went ahead and manually checked every page for any http:// URLs — there was none. I also checked redirection by entering http:// www. and non www in different browsers and on my cellphone. But everything was fine. Oh yes, and I got an “A” when testing my SSL with this tool.
Today upon entering in Google search site:site.com I see about double the number of my pages. A lot of pages are listed in two versions http:// and https://, but I guess Google will eventually drop all http:// URLs. When performing regular keyword searches that I know I rank for, more and more of them are replaced with https:// version although the http:// version is still in index. I hope this isn’t a sign of a problem at this stage.
So far everything appears to be perfect, but of course I read some reports of traffic dropping after several days. It has been 3 days for me so far. Hopefully, things will only get better from here.