As long as there is search, there will be SEO.
Ye Olde Blog of SEO
Aug 03

Enabling SSL on WordPress

Ever since cPanel / WHM added Auto-SSL, I’ve been SSL’ing the crap out of things. I’ve got this method called “close your eyes and click” and it seems to work just fine.

SSL is also a Google ranking signal. It is one of the few ranking signals Google has been fully transparent about, so I’m gonna go ahead and say its important. Some also theorize that Google (amongst other big boys on the web) are going to eventually require / demand all sites be SSL/HTTPS. So why not.

In most cases, you can have your site HTTPS / SSL ready in about 5 minutes, depending on what kind of site you have and how big it is.

So here is what I did to make this site SSL without errors. I suppose the prerequisite if you are following this guide would be:

  • having knowledge of servers / Linux
  • being able to edit code
  • WordPress
  • WHM / cPanel
  • AutoSSL enabled in WHM

With that said, here we go:

Step 1: Log into WHM, navigate to “Manage AutoSSL” then go to “manage users” and enable for the user / account you want to enable SSL on. Once this is done, it’ll run a cron job and you are now officially SSL / HTTPS ready.

Step 2: Next log into the backend of your WordPress website and change the WordPress address URL and site address URL to https:// you might get logged out at this point, just log back in. Some things might look funny at this point,and you’ll prob have a few SSL errors, so don’t freak out…yet.

Step 3: for Apache users, force SSL via .htaccess. I grabbed this code from somewhere on the web, there are a few different ways to do this.

You can also try this:

# Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Step 4: you are going to want to do a find and replace of your database to replace any instance of http:// (your site, not all sites) with https version. I’m a big fan of interconnect’s tool but you can use a plugin, the command line, or phpMyadmin. Depending on your theme, WordPress version, plugins, and a few other factors doing a DB find and replace may or may not find all instances of http:// in your database. In my case it didn’t, so I had to do a little manual editing.

Step 5: Start viewing your source code within your web browser and look for things you missed. Do a Ctrl +F “” (or www version don’t forget). Start going through and manually replacing http:// with https://. If you’ve got a ton of these it might be worth it to transfer your code to the text editor of your choice (I like Notepad++) and do a find and replace.

In my case there were only two things that I missed. The first one was the custom JSON-LD schema I had added in the header, which I added via the SEO ultimate plugin:

The other thing I missed was a custom menu item I had added which was still as http.


I am going to keep an eye on the SERP’s to see how they fluctuate, as of Wednesday August 2, 2017 around 6pm EST I added the site to Google Search Console, so let’s see how long it takes to switch out in the SERP’s. Special thanks to Jeremy Rivera for his advice on this, his site recently made the switch to SSL and he’s one of the best SEO’s I know.

August 3rd 3pm (18 hours later) Google is already indexing the https version of the website! Horrray!

August 13th – looks like 140 pages indexed overnight, which is pretty much the whole site. There are still a few random pages still http:// but it should be full re-indexed within a few days…I hope.

If you have any questions, advice, or see anything I missed, let me know!

About The Author

Patrick is an SEO blogger and the founder of Elite Strategies, an SEO and internet marketing agency located in Delray Beach, FL.