Changing from HTTP to HTTPS via SSL Certificates

Once an SSL Certificate is installed there are a few tricks that you can do to utilize it to the fullest. This requires a bit of work but it worth it to secure your website. In the end, you’ll also increase your rank in Google and other search engines.

  • Take the time to change all your internal links to use https rather than http for all images, links, etc.
  • Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.

Mixed Media Errors

If a page on your website contains both HTTP and HTTPS content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted partially secured. What are the risks of mixed content? An attacker can replace the HTTP content on the page you’re visiting in order to steal your credentials, take over your account, acquire sensitive data about you, or attempt to install malware on your computer.

How To Secure A Page With Mixed Content

The first thing you need to do is find the HTTP content. It’s easy, just right click on the page and view the source code. Then (in Firefox, Chrome, or Internet Explorer) click the Ctrl+F to open the a dialog box to search within the page. Just search for “http:” and you’ll find one or more tags to hyperlinks or images that need to be changed. Now open the program used to edit your page, find those items that need to be secured and change the links to begin with “https:”. Once all the links on the page have https: your site will be secured.

WordPress users

The first thing to do is change the website addresses for your site in the Dashboard > Settings. You will need to change the http to https in both the WordPress Address (URL) and the Site Address (URL)

If any of the links within a page or post use “http” you will need to change these to “https”. If you have wordpress, you can use the “Search and Replace” plugin form https://wordpress.org/plugins/search-and-replace/ to get the job done. Be careful, you only want to change the internal links to images and pages within your site. So, you might want to use your domain name in the search criteria. For example: http://use-your-domain.com and replace that with https://use-your-domain.com (where use-your-domain.com is your actual domain name).

Force HTTPS (Recommended)

In addition to the above, you can force all web traffic to use HTTPS from the start by inserting the following lines of code in the .htaccess file in your website’s root folder.

Important: If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website’s root folder:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

.