Apache CSR Certificate Signing Request

Migrate WordPress from HTTP to HTTPS

Getting your WordPress site over to HTTPS is essential these days. Not just for security and public awareness, but also SEO ranking appears to be gravitating towards HTTPS as a requirement.

To switch WordPress over from HTTP to HTTPS literally should take under 5 minutes! Of course, that is assuming you are using aMiSTACX, and any developer that has ever touched your WordPress site used relative paths and did not hardcode any of the URLs.

Let us start with the basics.

Step 1. Migrate to aMiSTACX

Using aMiSTACX has a lot of benefits over other hosting companies. Our stacks are very fast! They are also very simple to use. And since we are on Amazon AWS you can scale up or down, or even horizontal at any time. Thus as your company grows, you will not outgrow your provider. Additionally, you have 100% control over your stacks. So no more waiting to request a feature, or having to endure silly server constraints.

AWS also offers Free hosting for the first year. So think of a migration as Free hosting for one year, and aMiSTACX bundled server support at a rate that is still an affordable premium service.

A perfect example of all of this in action is this site [amistacx.com]. It runs on a t2-micro, and makes use of our WordPress F1 stack. The total cost for opperating this site [Including AWS Free] is about $23 per month. And the site is fast, with typical load times < 1 second. [Even while using a heavy homepage.]

Step 2. Make a FULL backup

AWS makes this a breeze. In a few minutes you have a full image of your server, and should something go wrong, a full restore is possible in just minutes. That’s just one more reason why AWS hosting is a win.

Step 3. Aquire and Install a TLS Certificate

There are actually several ways to do this, but I’ll cover the easiest and fastest. First acquire a TLS certificate. You can do this through a Free certificate service like Let’s Encrypt, or should you be running e-commerce on WordPress, then we recommend purchasing a certificate and installing it.  aMiSTACX is pre-configured to use Let’s Encrypt on ALL of our Linux Ubuntu stacks.

A simple sudo certbot-auto –{apache, nginx} -d yourdomain.com and answering a few Let’s Encrypt questions will get you your Free certificate.

Step 4. HTTP to HTTPS Redirection

Once you have your certificate, the next step is to make sure HTTP to HTTPS redirection is in place. If you installed your certificate via Let’s Encrypt and selected Option 2, the redirection should already be in place. You can also have Cloudflare handle redirection.

For NGINX, please see our admin stack guide for vhost redirection. For Apache, you can simply add this re-write snippet to the vhost for port 80 at the bottom of the file, and then restart Apache:

RewriteEngine on
RewriteCond %{SERVER_NAME} =yourdomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Apache vhost port 80 HTTP to HTTPS snippet

Note: For step-by-step, please consult the admin stack guide that comes with the aMiSTACX server.

Step 5. WordPress URL Change-over to HTTPS

Assuming all steps for 1-4 have been completed successfully, then switching your WordPress site over to HTTPS now will only take a few seconds.

From the WordPress admin panel go to Settings > General

WordPress Base URLs

Edit your system URLS from HTTP to HTTPS. Make sure you are using a hostname, and NOT an IP address. Then a simple save and you are technically finished.


Troubleshooting: Mixed Content Issues

Well, it happens. It’s because someone really didn’t know what they were doing and hardcoded URLs. The easiest way to fix these is to go through your site and look for any hard-coded paths. Most of the time these will be related to CSS, and if you are using a child theme [you should be], then simply opening the WP Editor [Appearance >> Editor] from the main menu will allow you to correct these paths.

Additionally, we have seen plugins that in the settings sections hard-code URLs. So check these places too!

WordPress allows this format //example.com/{path-to-file} and should be used whenever possible when a request to a path is made outside of the CMS by a third-party plugin or theme. [It all depends how a theme of module was written. High quality will not have this type of issue.]


Hopefully we made this HTTP to HTTPS transition painless for you, and if you are now migrating to aMiSTACX, then the road will only get faster and clearer from here on out.

Better – Stronger – Faster!

Comments are closed.