Welcome to ManageWP.org

Register to share, discuss and vote for the best WordPress stories every day, find new ideas and inspiration for your business and network with other members of the WordPress community. Join the #1 WordPress news community!

×

Share Your Experience About Moving To HTTPS

Mar. 14, 2016

Please comment with your experience about the transition to HTTPS. This is experimental post here, read details inside.

With so much benefit of moving to HTTP/2, and because of free SSL by Let's Encrypt we are seeing massive rise to move into HTTPS. Though this is undoubtedly the future, as Google even started to prioritise website with SSL Certificate, but the move to HTTPS to a site which was in normal HTTP before is not too complex but it's not too straightforward either.

I personally did the transition for my blog and few other sites already. So, I have some idea, but here I am asking everybody who has done the transition to HTTPS, what was your experience, what issues you faced, what is your outcome from Search Engine (better if you have taken a look at data at least 2-4 weeks after the migration), which plugin or service had issue after the migration, what did you find out new from Google Search console (AKA old Webmaster Tools) after the move? What could have made your experience better?

Why Am I Asking This?
I am very much vocal and supporter of HTTP/2, and working on few new content. Looking ahead for more data, so I could compile all the issues WordPress admins are facing and way to resolve those.

Why Here?
This is kind of experimental post here. Though we mainly share news here, and AMA once in a week or so. But want to see how people use ManageWP.org community to give feedback as well.

Comment
10 votes   Flag
Donna Cavalier

I've transitioned a few sites, once my hosting company offered Let's Encrypt SSL with no hassle on my end. The only real problem was just finding a few rogue hard-coded http:// urls which turned out to be within some plugins. I jotted down the basic process during the first move, and then followed it for the rest. I then posted a quick guide at www.donnafontenot.com/wordpress-http-to-https-quick-start-guide/, and referenced the various other, more detailed guides I followed to make it happen.

Still, I haven't tackled any large or overly complex sites. That kind of site might make me sweat a little more. In general, though, it was easier than I expected.

Search traffic - barely a blip.

Definitely recommend testing on your smallest, least traffic'd sites before tackling one that matters. Get a little experience under your belt before going full force on a site that is extremely important to you. But I think everyone should try it on at least one site...if only to go through the process for education purposes.

Reply
M Asif Rahman Ⓦ

Thanks Donna! That's a solid piece of article. All your 11 tips are important. Thanks you again a ton.

As I host all of my sites by myself, so I used EasyEngine to deploy Let's Encrypt, which I wrote in details here - asif.im/1974/how-to-wordpress-ssl-nginx-lets-encrypt-https-hhvm/

I tested with few SSL plugin we have in WordPress.org, but find out I am better of without those. I could write all rules directly in nginx.conf, and do all redirection from there, that's the fastest method instead of running any filter or hooks from WordPress. Poorly made themes and hard coded plugins are the worst, but easiest to solve in most cases. If you have any stuff on subdomain, or use subdomain for CDN or multi site setup, then complexity increase a lot.

Reply
Omaar Osmaan

I'd registered to Let's Encrypt when they were in private beta- been a bit of hesitant whether to start moving my sites at first. When they've announced the public beta- I just went ahead and installed it. I manage everything to host the sites, and been using clouds for many many years- I've freshly installed all the latest tidbits (PHP7, Nginx 1.9.x, MariaDB 10x etc) in a new host, then moved my sites into that. Transition was so smooth- there wasn't a single issue.

For WordPress, so far it's really simple process. Don't use plugins to redirect- Apache/Nginx configuration is easier and best solution. There are now a many helpful articles, and a lots of hosts started making the process even simpler. There is no reason to not move to HTTPS and HTTP/2.

One concern I had about CDN services, but Amazon already allows to implement Let's Encrypt certificates- and more providers getting it done, too.

Regarding traffic, I found Google spiked traffic to even very old blog posts- though it's may not notifiable for certain types of sites- but overall impact is very positive.

Being a professional, I certainly recommend everyone to move to HTTPS as fast as you can.

Reply
M Asif Rahman Ⓦ

Thanks for sharing Omaar. I also feel there is definite noticeable gain from search traffic. And yes, we all must move to HTTPS, mainly because of the benefit we will get from HTTP/2.

Reply
Donna Cavalier

Just noticing today that I am having Facebook Open Graph problems (not showing images all the time). Trying to track down why, and so far, it seems to be leading towards an issue with https. I'm not completely sure though. Facebook debugger tool seems to randomly decide what it shows to me. If I run 50 times, it will show different results every few times. Some of those errors contain "Curl Error : SSL_CONNECT_ERROR Unknown SSL protocol error in connection to...". But that doesn't show up consistently. I've tried using both jetpack and Yoast SEO to generate the open graph tags (and they do show up appropriately, no matter which I use). Neither of them, however, shows og:image:secure_url instead of just og:image so, while that may be the problem, I don't know how to solve it. Basically, just saying that "maybe" there is an issue with Facebook open graph not showing images because I moved to https://. Not sure when this started on Facebook, so I can't be sure it's related. But...something to look into.

Reply
M Asif Rahman Ⓦ

Not sure if I am missing something, but when I looked at your site, it does not seems to have any og:image tag at all. Do you have Yoast SEO installed? And I created a plugin called "Facebook Secret Meta" to control how you want your Facebook share to appear. This plugin gives better control over Facebook Author byline.

Reply
Donna Cavalier

Different site. No I am not using Yoast SEO on the site you looked at. I am using it on the site in question, but at the moment, I have the FB social open graph section disabled. Why? Because I was testing to see if Jetpack would work instead. Neither of them solved the problem. Here is one of the posts that is getting no image in Facebook - happylifeweddings.com/beautiful-weddings-faces-places/ It does have og:image specified, but I'm thinking it may need the og:image:secure_url tag, not sure. I'll go check out your Facebook Secret Meta plugin now. Thanks.

(Facebook Secret Meta didn't help, so I've now uninstalled the plugin).

Reply
M Asif Rahman Ⓦ

Not sure if it's the reason, but the image that this page has as "og:image" "WeddingsCollagefb.png" - is kind of little large image, and taking a bit long to load. Just for a test you could try to upload a jpg version which is under 100kb maybe. And I see this same image has few different version, like - "Beautiful-Weddings.png", if you did this manually then maybe give it a try by adding a jpg version. If I run curl it takes little long to load this image. So maybe FB are just getting timeout.

Reply
Donna Cavalier

I spoke with my host. They did "something" to solve this. Neither they nor I seem to know what they did, or they aren't telling. But they looked into it, and then magically, the problem was solved. So, I'm guessing their implementation of Let's Encrypt was a little wonky, and they pushed the right button finally. LOL. Moral of the story: before throwing your computer out the window in frustration, ask your host if they see any problem. Even if they say no, they might accidentally fix it.

Reply
M Asif Rahman Ⓦ

Lol! It's good that you asked for their help before throwing your computer. I am glad it's working now. Though I still don't understand how that could a SSL certificate issue.

Reply
David McCan

Moved small sites to SSL and it went relatively smoothly. It is times like those where I wish WordPress used relative URLs in the database.

Reply
M Asif Rahman Ⓦ

For internal use, like terminology, category, permalink, its actually not even dependent on site url. It's all how you write your server rewrite rule. You will only need to search and replace site url, if you used http manually inside any article or inside theme or plugin code (hard coded). Both are bad practice.

Reply