How to Switch from HTTP to HTTPS

matt@onblastblog.com by Matt Banner | 2 COMMENTS Add yours here | Last Updated on

Over the last few years, Google has made it abundantly clear that they want the web to be a safer place. The best way they can do that is to encourage website and business owners to secure their websites by switching from HTTP to HTTPS.

Use this handy checklist to help guide you along migrating your website from HTTP to HTTPS. I’ll take you through step by step to ensure you’ve got your bases covered before, during and after you make the switch.

Here’s what we’re covering:

  • How to Switch from HTTP to HTTPS [Infographic]
  • Ultimate Security with HTTPS: Why You Should Migrate Your Site
  • How to Safeguard Your WordPress Site [Infographic]
  • The Current State of WordPress Security
  • 17 Steps You can Take Today to Improve Your WordPress Security

how to migrate from http to https

Copy the snippet below & paste right into your text editor to share the love ❤
<a href="https://www.onblastblog.com/http-to-https/"><img src="https://www.onblastblog.com/wp-content/uploads/2017/03/http-to-https-infographic.jpg" alt="how to switch from http to https" width="1000px" border="0" /></a>
Credit: <a href="https://www.onblastblog.com/http-to-https/" target="_blank">On Blast Blog</a>

 

Ultimate Security With HTTPS: Why You Should Migrate

The goal of today’s online businesses is to provide an experience where customers feel safe and secure when making a transaction online.

It’s our innate responsibility as web developers to make sure that’s the case. While web browsers are pretty secure, data that moves between them and servers is still vulnerable to injections where it can be compromised.

Big name companies like Google and Mozilla are pushing the initiative to make the web a safer place. One way to do that is to shift unsecured websites from HTTP to HTTPS.

So, what’s the difference between HTTP vs. HTTPS?

  • HTTP is HyperText Transfer Protocol which is used for sending and receiving text messages
  • HTTPS is HyperText Transfer Protocol Secure – same purpose, but in this case the text is encrypted

 

According to data provided by BuiltWith, the number of websites using an SSL connection is on a sharp rise as of late.

HTTPS Usage

Here are four big reasons to make the switch to HTTPS:

  1. Enhanced Security

The main draw to HTTPS and SSL certificates for websites is the bonus security you enjoy. For eCommerce sites, this combination is a must because they are handling customer’s financial information.

For others, it’s the security knowing that your username and password can’t be intercepted by hackers.

  1. More Detailed Referral Data

When you’re using Google Analytics, referral data is blocked. That means that if another site starts sending you boatloads of traffic, it could get grouped into “direct traffic” and you’ll never be able to find out what make the spike occur.

Instead, having an HTTPS site will allow that referral data to get passed into your analytics. This will help you better understand the sources and nature of your traffic.

The reason behind this is the fact that sending data from an encrypted source to a non-encrypted one breaks the security of the source. Therefore, the referral data is stripped if your site isn’t secured.

This data contains valuable keywords that you would be remiss to leave on the table. It’s worth making the switch to HTTPS for this reason alone as a search marketer.

  1. SSL & HTTPS Builds Trust

When you visit a secured site in Google Chrome, you’ll see an iconic green lock symbol up in the URL bar. It’s become second nature for me to check for this when I’m visiting a site, especially one where I’ll be shopping.

People don’t like visiting risky sites. If they get the message from Google that a site may not be secure, they run the other way. Not to mention, a breach of customer information does horrific damage to a brand.

With these things in place, you can build trust and credibility in your customer’s eyes.

  1. SEO Boost (Maybe)

People in the industry go back-and-forth about whether HTTPS really lends an SEO boost. That being said, reputable sources like Brian Dean have found that it does correlate to higher rankings.

My input?

Google like HTTPS, and anything Google likes, SEO likes. Even if it doesn’t make a huge difference now, it will. You can quote me on that.

Breaking The Myths About Migrating to HTTPS

There’s no denying that moving to HTTPS is an intense and time-consuming endeavor, but the benefits are all there. Before we get into the details of the process, let’s kill a few myths that may be swirling around, shall we?

Myth #1 – My Site’s Not Important Enough to Warrant HTTPS

First off, that’s no way to talk about your site. Confidence friends, confidence! While you may not handle sensitive information, javascript-based ad injections can easily kill a positive user experience.

Furthermore, HTTP stops you from using key APIs like geolocation, web push notification, others. The list grows every day.

Myth #2 – HTTPS Slows Down My Site

While some people have seen drops in performance, these are a result of optimization errors, and not directly related to the migration. They’re just using the HTTPS as a scapegoat. When Google moved Gmail to HTTPS in 2010, they observed no noticeable impact to performance.

Myth #3 – SSL Certificates are Too Expensive

Extra expenses are hard for startups, but how does free sound? That’s right, using services like Let’s Encrypt, you can get an SSL certificate setup for your site without paying a dime.

How to Secure Your WordPress Site [Infographic]

WordPress security and safety is not something to joke about. If your blog site gets hacked, you will have to spend countless hours trying to fix things that you might not even understand.

Similarly, a hack could potentially make everything start performing in a weird way on your WP account, website, and blog.

At the end of the day, any sort of attack will give you a difficult time. However, you can guard against such attacks. This is why we I want to touch on a few ways you can learn how to prevent your WordPress website from getting hacked.

Wordpress Security

Copy the snippet below & paste right into your text editor to share the love ❤

 

<a href="https://www.onblastblog.com/wordpress-security/"><img src="https://www.onblastblog.com/wp-content/uploads/2016/06/Wordpress-Security.jpg" alt="Wordpress Security" width="1000px" border="0" /></a>
Credit: <a href="https://www.onblastblog.com/wordpress-security/" target="_blank">On Blast Blog</a>

 

The Current State of WordPress Security in 2017

Essentially, WordPress hacking and insecurity has been on the rise. The number of reported hacks is in the hundreds of thousands.

What about those that go unreported? Of course, you might be wondering why anyone would even want to hack your website. However, you should remember that most attacks are automated.

These days, hackers have created various bots before releasing them into the web to look for vulnerable websites, just like yours.

When hackers have thousands of sites in their control, they are able to use them for database scraping, mass email sending, and black hat SEO. To them, that’s pure gold.

So, before you start a blog it’s important to know that WordPress security is not automatic. Although WordPress is one of the most awesome platforms around, it does have its fair share of problems. As a user, you should take care of the most basic security and safety measures.

Proper Security Measures

  1. Beginner’s Level

So, how do you go about doing this? Here are some tips:

  • Secure administrator account
  • Use your editor account purely for content work
  • Strengthen your WordPress password
  • Limit your login attempts
  • Secure your PC
  • Automatically update your WordPress
  • Update your plugins on a regular basis
  • Backup your website/blog
  • Only use legit web hosts
  • Download themes and plugins from well-known sources

 

  1. Advanced Level

On the advanced level, you can do a number of things to further bolster WordPress security and safety. These include the following:

  • Deleting plugins you do not use
  • Reducing the total number of plugins you use
  • Installing well known security plugin
  • Protecting your website from brute force attacks
  • Using CloudFlare
  • Monitoring for Malware
  • Performing theme checks
  • Blocking trackbacks and pingbacks

 

  1. Pro Level

Pros do more than just the above to ensure that their WordPress accounts, websites and blogs are safe and secure. They will, in most cases, do any or all of the following:

  • Generating new security keys
  • Changing the database prefix
  • Using .HTACCESS protection
  • Disabling XML-RPC
  • Disabling all PHP error reports
  • Tracking the WordPress dashboard
  • Watching their Google Console
  • Reading Sucuri
  • Checking out all un-secure plugins
  • Using SSL

 

So, how would you like to go about ensuring your WordPress security and safety? We are going to discuss the above points slowly but surely.

17 Steps You Can Take Today For Better WordPress Security

a) Secure Your Admin Account

Never use obvious usernames and login credentials for your main Admin account. Instead, go with something that is more fun and difficult to crack and hack.

b) Use the Editor

It is risky to use your main Admin account to edit and publish new works, or whenever you are working with your content. This is especially so whenever you are using public Wi-Fi access.

Instead, consider creating a unique Editor account and start using that login for all the content work you are looking to do. Of course, you should ensure that the login is not obvious and will not be easily cracked and hacked.

c) Secure Passwords

Never ever use passwords that other people can easily guess. It goes without saying that you should force anyone who has access to your website to do the same.

Password Generator

Include capital letters, special symbols like exclamation points, and numbers to make it more complex.

d) Limit Logins

Password guessing is a major issue as well. People and bots can make multiple attempts to guess your password/login combinations until they manage to get it right.

Therefore, you should consider using the login lockdown plugin to limit the number of times anyone can try to login into your account. Should they fail to do so after a couple of pre-specified tries, they will be blocked from having access.

e) Secure Your Machine

Apart from ensuring that your website is secure in and by itself, you might also want to take good care of all the computers and other gadgets that you usually use to access the WordPress website.

Key loggers typically use your keystrokes to recreate your password and login details. Similarly, direct FTP – based bots will get open FTP connections before uploading hacked files into your server.

To solve this situation and potential threat to your WordPress account, website, and blog, you should take better care of your computer. A good place to start would be by using the best antivirus software your money can buy.

There are also plenty of free options if your budget is tight. Make sure you avoid suspicious sites, and never open emails from someone you don’t know.

f) Update Regularly

Of course, it goes without saying that you opened your WordPress account simply because you were looking to accomplish something with it.

Update WordPress

A highly detailed change log corresponds with every new WordPress release. In such change logs, all fixed bugs will be listed.

The solution to this problem, however, is quite simple. You just need to enable auto updates for your website. Alternatively, you can also perform manual updates whenever you get notifications requiring that you update your account.

g) Plugins

However, there’s more to updating the account than just that. You also need to ensure that your WordPress plugins are also kept up to date.

h) Backup

Although backups will not save your website from getting hurt, they are mandatory, especially if you are afraid that things might start going wild.

With a recent backup, you can easily restore your WordPress website back to how it was prior to the attack.

BackupBuddy

You can perform a WordPress backup using free plugins, including WP backup to Dropbox. Similarly, you should be able to create a backup through Backup Buddy. This plugin is a feature rich solution that will make your life much easier.

i) Get hosted

There are many other things you can continue doing to further bolster your WordPress security and safety. For instance, find the best web host your money can afford for you. Keep in mind that the cheapest hosting service may not have the best security.

The best hosting service will provide you with the WordPress security and safety you are looking for.

j) Download the Right Themes and Plugins

Accidental vulnerabilities are not your only enemies. There are also a number of intentional vulnerabilities that you can easily avoid.

For instance, if you choose to download plugins from shady sources, they might feature source codes that are designed to specifically hack your WordPress website.

In such cases, you will have hacked your own website, albeit indirectly. This is also the same for themes.

Therefore, consider checking the official plugin and theme directories at WordPress.org. The downloads on these directories do not feature dangerous code.

For premium plugins and themes, on the other hand, you need to check the seller’s reputation online.

CodeCanyon and ThemeForest are generally safe on account of the thorough and lengthy review processes that every new plugin and theme is taken through.

k) Delete Unused Plugins

Some plugins might contain surprises which could hack your WordPress site. Sometimes, you will come across a couple of basic security vulnerabilities.

To ensure that your site is safe and secure, you simply need to remove every plugin that you do not use on a regular basis. Instead of just deactivating such plugins, delete them entirely.

l) Reduce Your Plugins

You should also consider reducing the total number of plugins you installed for your own WordPress security and safety.

You can also try using plugins to replace others with the same functionality. The best examples are jetpack plugins that can give you:

  • Contact forms
  • Image carousels and galleries
  • Links to related posts
  • Mobile themes
  • Social media buttons
  • Website states

m) Install WordPress Security Plugins

Most of the security plugins you will come across on WordPress are designed to ensure that your blog and website stay safe. This is effected through file permission control, firewall protection, and database scans.

The most popular security plugins on WordPress include:

  • Acunetix WP Security
  • AntiVirus
  • BulletProof Security
  • Sucuri Security
  • Wordfence Security

One of the great things about these plugins is that they often work on autopilot. Once they’re installed, they do their job without the need for any input.

n) Guard against Attacks

Your WordPress account, website, and blog may be vulnerable to brute force attacks. When people are looking to mess up your website, they can either launch:

  • Surgical Attacks: Where they will look for vulnerabilities then explore them to laser precision
  • Brute Force Attacks: Where they attempt to guess your WP password until they are successful

To ensure that your site is protected from the latter, consider downloading and installing the BruteProtect plugin.

This plugin will ensure that anyone who tries to login into your account severally from an unidentified or strange location, or device, will be blocked effectively immediately.

o) Use 2-Factor Authentication

While it is an extra step, adding 2-factor authentication is a powerful way to keep hackers at bay. You can implement it by using the WP Google Authenticator plugin for WordPress. It will allow you to have a password, followed by a backup test like a secret question, a randomly generated code, or another means of security.

This extra step will make sure that, even if hackers get your password, they still won’t be able to get into the site.

p) Use Your Email as a Username

The default “admin” username is something you should do away with immediately. You can replace it with something more difficult to predict, which is why an email is a valid option. When you create a WordPress account, you get a unique email anyway, so it’s an easy transition to use it as your username for logging into the site.

The WP Email Login plugin will work for this right out of the box.

q) Use SSL to Encrypt Your Data

We’ll dive into more detail about this in a moment, but one great way to keep your data (and your customer’s data if you have a business) secure is to utilize a Secure Socket Layer or SSL certificate. This protects data as it’s transferred between browsers and servers.

You can purchase them from companies or have them included as part of your hosting plan. For online businesses, they are a must to build trust with your customers and make them feel safe when they’re shopping with you.

Final Thoughts

There are many other ways to protect your WordPress account. However, you can be sure that the above tips and tricks should keep you learning how to accentuate and strengthen your WordPress security and safety.

How do you keep your WordPress site safe from hacking? Let us know in the comments!