Checklist while migrating a WordPress site from HTTP to HTTPS

Hello fellow developers!

Here is the checklist that I look upon whenever a WordPress site is migrated from plain old HTTP to HTTPS. At the end of the checklist, there are links to some useful websites where you can verify if everything has gone through correctly.

Step 0: Backup and local testing:

Nothing is more important than taking a backup before making any (important) changes on a site. So, take a backup and make sure it works on your local environment. Do not skip this step. If you do skip this step, you are putting yourself and your client in a world of uncertainty.

Try all the following steps in your local environment before proceeding to the staging and then to live environment. Again, if you don’t use a staging environment, no matter how small your client’s site is, you are doing_it_wrong.

Step 1: Get SSL Certificate

As mentioned earlier, even if you test locally, get a local certificate using any of your preferred method. I personally use mkcert by Filippo Valsorda. Earlier, I’d used my own tool that is a lot complicated than mkcert.

Step 2: Configure Webserver

Where you use Apache, Nginx or something else, please configure your web server to let the WordPress site to be accessible via both HTTP and HTTPS. The basic idea is to test the site in HTTPS and when everything is okay in HTTPS, we have to update web server to do a 301 redirect from HTTP to HTTPS. You’d still need to let certain parts of the site to be accessible via HTTP. Can you guess what it is? No? See the above step.

Still clueless? It’s for SSL certificate, particularly for Let’sEncrypt. If you don’t use Let’sEncrypt or if you use Let’sEncrypt with DNS verification, then you may, of course, do a 301 redirect for all the resources. If you still don’t get it, please post it in the comments.

Step 3: Fixing mixed-content errors and warning

There are plenty of articles available on the internet on how to fix mixed-content error. As a first step, I configure wp-config.php file to set WP_HOME and WP_SITEURL dynamically. I use the following code to do the same…

$wplt_protocol = 'http://';
$wplt_domain = $_SERVER['HTTP_HOST'];

if (isset($_SERVER['HTTPS']) &&
    ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) ||
    isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
    $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
  $wplt_protocol = 'https://';
}

define('WP_HOME', $wplt_protocol . $wplt_domain);
define('WP_SITEURL', $wplt_protocol . $wplt_domain);

I’d keep an eye on the following areas to fix the mixed-content errors quickly….

  • Menu items (especially custom links)
  • Hard-coded links in the theme files (especially in functions.php file)
  • Visual builders: If you use any visual builders, I can’t think of any safe way to update the links than doing it manually. An automated way to update links in visual builder blocks can break the site functionality.
  • Uploaded content (including images). All links to uploaded content can be migrated to SSL using a plugin such as Velvet Blues Update URLs plugin . If you indeed use it, on the old URL field, enter http://example.com/wp-content/uploads/ and then in the new URL field, enter https://example.com/wp-content/uploads/.
  • If you still get some warnings, then it could be due to some plugins that fetch “WordPress Address” and “Site Address” from the database that still points to non-ssl version of your site. Even if you don’t get any warning, it’s time to go live with HTTPS. So, go ahead and update both values using your preferred method. Don’t worry about the HTTP version of the site. It will continue to be served as it is, as long as the web server hasn’t been updated with 301 redirection.

Once you’ve fixed the mixed-content errors and warnings, it is time to switch the entire site into HTTPS by implementing a 301 redirect in the web server.

Step 4: Post-migration

This is equally an important part of the migration. So, don’t go away, yet! There are a few things to do post-migration.

  • Internal links: First post-install step is to update the internal links to HTTPS. We could’ve done this earlier too. However, remember that we were using both HTTP and HTTPS until the completion of the last step (step 3: fixing mixed-content errors and warnings). So, if your site has thousands of posts, it may take a while to update them all. We don’t want to keep serving the visitors (and search engines) with both HTTP and HTTPS for long. It may lead to duplicate content, depending on how fast a search engine crawls your site.
  • Sitemaps: If your favorite sitemap generator may have already generated a static sitemap that may have links to posts in HTTP. So, it is time to update them to point to HTTPS. Simply refreshing the sitemap generator would do the trick.
  • Robots.txt file: If you generate your robots.txt file manually and if you have an entry for sitemap in it, please be sure to update it.

Tools (to validate migration)

Here’s the list of links that I often go and check how things are…

Do you have any other tips to include in the above list?

Looking Back and Looking Forward

Looking back at 2018

With respect to work…

I switched the workplace from Srivilliputhur to Madurai, from BSNL broadband to Airtel broadband, from ADSL to VDSL. I have had a lot of downtimes with BSNL last year. Fortunately, I had JioFi, as a backup, at that time (I was one of the early adapters of Jio 4g in general). However, as more users joined Jio 4g network, the overall speed reduced after each passing month. I used Airtel around 10 years ago (when Airtel had only ADSL), when I was in Madurai. Never had any issue with Airtel.

I still go home (to Srivilliputhur), mainly on weekends, primarily for trekking on Saturdays. Srivilliputhur has one of the best places for trekking and it allows us to be closer with the nature, that in turn helps me to sharpen my saw at work. Trekking is allowed only on weekends. So, I still use BSNL broadband at home, along with JioFi as a backup. At work, I solely rely on Airtel broadband for now. However, I might opt for ACT Fibernet at any time in the near future. The main caveat with ACT Fibernet is that they only offer shared public IP and they use double-NAT. Their network isn’t reliable in general, either. The packets are lost at random. Their customer support isn’t as good as Airtel’s, to solve any technical issues. So, I might use it only for heavy downloading and uploading, not for series work.

Apart from the change in workplace, I bought the following items to improve my workflow…

Mikrotik router/s: I bought two hAP ac2, one for work and another for home. In general, Mikrotik products are hidden gems. They offer enterprise grade hardware (and software) at a nominal rate. I already use the work router as a VPN server to connect to it whenever I am away from work. I plan to use both routers as load balancers with automatic failover. If you’d like to know more details on how to achieve this, look forward to more detailed info at my tiny web page blog.

Jabra Elite 65t: To speak with more clarity when on call with clients. It has 4 mics, btw.

BenQ GW2480 monitor: Initially, I bought it to have it for the dual-monitor setup. But, it ended-up on its own desk and computer at home.

Raspberry Pi: I bought Raspberry Pi 3 Model B+ (with NoIP camera), mainly to remove ads from my network using home based pi-hole.net server. I already use pi-hole for BSNL. With BSNL, it is easy to filter the IP range. With Airtel, the range was widespread. So, I quickly turned to Raspberry Pi for help. It works well as a simple pi-hole.net server.

Looking forward to 2019

My wishlist or goals for 2019 are…

  • Writing regular blog posts, at least once per month.
  • Sharing more of my thoughts and tips through social media.

Nothing more for now. I’d like to keep it simple so that they could be accountable when I look back at my goals at the end of the year.

I am hiring!

I’ve been a freelancer since 2008. So, it’s been a decade. I am currently looking for a freelance system admin with keen interests in hosting WordPress and PHP sites. Even though, the hosting market, especially the WordPress hosting market, has some big names in it, there are still plenty of problems to solve.

If you have interests in open source technologies and if you have contributed to open source, that’d be awesome. But, it isn’t mandatory. If you know your stuff, or if you can learn stuff, that’s more than enough. At the same time, communication is a big part of our job.

Continue reading “I am hiring!”

Please don’t hire me!

Please do not hire me because the cost of living in the country where I live is way cheaper than where you live. Just because the cost of living is lower doesn’t mean you can hire my services at a fraction of rate charged by the tech people from your own country!

Of course, the cost of food and real estate are much cheaper here. The cost of food is rapidly increasing here due to globalization of food industry. However, as my life resolves around IT and products related to IT, the cost of tech products are always higher than whichever country you live in!

To illustrate with an example, iPhone X (64GB model) costs USD 999 in US. Here, the same model costs INR 87400 or approximately USD 1378 upon currency conversion. All hardware products are priced higher due to reasons only known to the retailers. Software products aren’t cheap here either, just because the cost of living is way cheaper!

Continue reading “Please don’t hire me!”

Aptitude or apt-get?

It’s 2017. I started using linux in 1999. Yes, I am getting older and older. I have always used apt-get on Debian based servers or distributions. However, in recent times, I am getting more frustrated to use apt-get. To be precise, I may want to install a package. So, I start to type apt-get. Then I may be unsure, if the package by the exact name exists. So, I tend to search the package/s, instead of installing it. Now, I have to use apt-cache to search packages. Sigh!

Note: Now we have apt to solve the above frustration!

Continue reading “Aptitude or apt-get?”

Crooky Cron

What Is Cron?

In simple terms, cron is a job scheduler in unix-like operating systems. It is also called as system cron or OS cron especially if the discussion is also about WP Cron. The job can be anything that needs to be done at a particular time. The job could be an one-time job (such as launching a rocket at a scheduled time) or repetitive (such as turning the lights on upon sunset and turning them off upon sunrise, every day!). Basically, the system cron is a program that runs all the time just to trigger a particular action at a particular time. You can throw hundreds of tasks on it to do at various intervals. System cron is like robot who is always available at your service!

Continue reading “Crooky Cron”

2013 Year in Review

We are already in 2014. However, it is probably the right time to take a look back at what happened last year.

Among so many things happened in 2013, the following come on top of my head. These events and products are related to performance, WordPress, security and other misc stuff. Please feel free to comment, if I missed anything.

Google Compute Engine became generally available in December 12, 2013. Continue reading “2013 Year in Review”