- Why Change from HTTP to HTTPS?
- How To Migrate WordPress Blog on SiteGround from HTTP to HTTPS
- How to enable HTTPS on your WordPress blog through CloudFlare
- Enable HTTPS on your WordPress blog with SG Optimizer
- Optimize CloudFlare with Page Rules
- After Migrating from HTTP to HTTPS
Why Change from HTTP to HTTPS?
Recently in the blogging community, many bloggers/website owners are going into a frenzy in regards to Google’s new recommendation for the end of January 2017:
From the end of January with Chrome 56, Chrome will mark HTTP sites that collect passwords or credit cards as non-secure. Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data.”
Meaning: If your website collects sensitive visitor information such as emails, passwords, personal data or credit card information, Google will begin marking sites without HTTPS as non-secure. For me and many other bloggers, this poses a dilemma. If a website collects sensitive information on any of its pages, such as the collection of name and email for subscription, the entire website will be marked as non-secure. However, to give incentive to bloggers and website owner to make the change, Google will also give a slight ranking boost to sites with HTTPS.
Personally, my biggest source of traffic is through Facebook and Google, so if this is the path I need to take to improve my current SEO ranking, and my future ranking, I decided to take the leap. For more information about HTTPS and why HTTPS matters, read this.
Searching for The Best WordPress Hosting
Although I don’t seem to have that much content yet, my domain is quite old, more than 4 years old actually. Throughout the 4 years, I have been a customer to 3 hosting companies: Bluehost, Hostgator, and now, SiteGround.
Why so many changes? How tough can it be to find the right hosting company? Well, for me, it has been a tough journey. I had a limited amount of money I placed aside for my blogging endeavours, and I didn’t want to try and test my hard earned money on web hosting companies that had bad reviews. And so I searched around and decided on Bluehost. They had good reviews and was one of the hosting recommended by wordpress.org. I signed up for a year and was glad I didn’t sign up for longer. Although they had great customer service, their server was down too many times for my liking.
So the search continued and I decided to try HostGator, they were cheap and had good reviews. I actually stayed with HostGator for a while. I signed up for 3 years and was quite happy. I never really needed much customer service and their cPanel was pretty intuitive. And best of all, my site had never gone down once.
Fast forward to September 2017 ⇒ I needed SSL installed on my website, and I have another 7 months to go on HostGator before my renewal.
Installing SSL Certificate at HostGator
I searched around and got an SSL certificate from GoDaddy for $5.99 (70% off). I was ecstatic to get it for that price and decided to install it immediately. The problem was, HostGator had NO 1 click SSL install: you had to fill out a form, and wait for them to install it for you.
They responded the next day, and I sent them the information immediately:
Five days later (after messaging them through the ticket once a day to see if they need anything more to speed up the process only to receive no response from their end), I received this message:
In the end, I wasted 5 days communicating with them and giving them information to only be told many days later that they do not offer SSL for their hatchling plan since that plan does not support SSL. That I would need to upgrade, and spend at the very least $200 on a different shared hosting package. At that point, I was just not willing to spend that amount to stay with a company that had such AN AMAZING F*KIN CUSTOMER SERVICE.
The only great thing this experience has taught me is that GoDaddy continues to have excellent customer service. I got my SSL Certificate refund in under 10 minutes. I know it’s only $5.99, but I can spend that on icecream!
Moving hosting to SiteGround
Unless you’ve just woken up from a coma, you may have noticed that SiteGround is everywhere. Through other bloggers, I had heard many great things about SiteGround. Looking at their partnership with CloudFlare, and the technology they are offering for their shared hosting servers to speed up your WordPress hosted site, I was inspired to try out their service. One of their technology that has brought on a great deal of discussion is Supercacher. This caching mechanism adds three layers of caching (Static, Memcached, and Dynamic Cache) so your blog will load incredibly fast. No other shared hosting offers this technology at the moment and without any fee. Yes, a free caching service! How can I possibly say no to that, especially one that works compatibly with CloudFlare?
Of course, my other reason is the free SSL certificate. CloudFlare offers two types of SSL certificate for free when you buy their hosting plan: Wildcard SSL Certificate (first year free) and LetsEncrypt SSL (always free). This feature alone makes SiteGround stands out among its competitors.
Another reason (I only learned this later when I switched over to SiteGround), is that SiteGround offers the latest version of PHP (7.1). WordPress uses MySQL and PHP to run your blog. HostGator and many other web-hosting companies are still only offering PHP 5.6. When you install [SiteGround] SG Optimizer, a free plugin to speed up your site among other things, you can quickly and easily upgrade from PHP 5.6 to PHP 7.0 with a click of a button. Seriously, I don’t need to know how it does what it does, but with PHP 7.0 alone, my WordPress website performance is almost doubled in comparison to 5.6.
Unlike other hosting companies that charge you $49-$149 for website migration, Siteground offers it free of charge. This was a great incentive for me. I’ve had to personally backup and migrated from Bluehost to HostGator before, and after going through that whole process, this free migration offer is a godsend. It is an offer I would gladly accept. When I first log in to SiteGround’s dashboard, the first thing I saw was ‘SiteGround Account SetUp Wizard’ which offers you the option of starting a new website, transfer an existing website or Thanks, but I don’t need help. When you choose ‘transfer an existing website‘, they will ask you for some information. And 6 hours later, you will be notified that the transfer was done and all you have to do to complete the process is to change the domain name-server.
I have only been with SiteGround for a month, and all of this might sound like a promotion, but that just goes to show you how much I love Siteground so far. The migration from Hostgator to Siteground was successful and easy. When I had questions and opened up a ticket, their response rate was never anything more than 30 minutes. Their technical support, in my opinion, is one of the best things Siteground has to offer. I am currently very satisfied and urge you to check them out if you ever plan on changing hosts.
GET SITEGROUND HOSTING (Get it now for 60% off)
How To Migrate WordPress Blog on SiteGround
from HTTP to HTTPS
How to Install LetsEncrypt SSL Certificate on SiteGround
- Login to your SiteGround user portal: https://ua.siteground.com
- Click on the ‘Extra Service‘ tab and click the ‘Manage‘ button to the right of ‘Let’s Encrypt SSL‘. See Image Below.
It will take you to this screen (below). Lets Encrypt should already be automatically installed for you, but if it isn’t, just click on the drop-down menu and pick the website you want to install the SSL certificate on, and click Install. The process takes about 30 seconds to complete. See image below.
To check whether the SSL Certificate is installed, go to your cPanel, scroll down to Security and click on Let’s Encrypt. It will take you to a screen that shows you what certificate has been installed and on which domain.
How to Install Wildcard SSL Certificate on SiteGround
- Login to your SiteGround user portal: https://ua.siteground.com
- Click on ‘Go to cPanel‘
- Look for the ‘Security‘ section in the cPanel (near the bottom, second to last row), and click on ‘SSL/TLS Manager‘.
- Look for ‘Install and Manage SSL for your site‘ (at the bottom), and click on ‘Manage SSL sites‘.
- If a Wildcard SSL Certificate is already installed, you will see this (below), where you can choose to uninstall, update, or get certificate details among other things. If not, see step 6 on how to install.
- Scroll down to ‘Install an SSL Website’. Select a domain from the drop-down menu, and click on ‘Install Certificate‘. Everything will be filled in automatically, and when you go back to your User Portal section and looked under ‘Extra Services’, your Wildcard SSL Certificate status will be active.
How to enable HTTPS on your WordPress blog through CloudFlare
Now that your SSL Certificate is installed, your next step is to enable HTTPS on your WordPress blog. But BEFORE forcing HTTPS, open up a browser in incognito mode and check to see if the https version of your website is up and working. If it’s working properly, continue on. But if it isn’t and you get a white screen saying your website is not secure and to go back, and the HTTPS version of your website just won’t load, do not force HTTPS. Wait until your SSL certificate is authenticated (on CloudFlare) and then force HTTPS (shown how below).
To enable HTTPS on your website through CloudFlare, turn on these options under ‘Crypto‘.
What the above features do:
It will redirect all your traffic through HTTPS: your website will always load through a secure connection, thus avoiding duplicate content. It will also make all your internal links go through the secure protocol (HTTPS & HTTP/2) so your visitors will not see the mixed content warning in the browser.
Enable HTTPS on your WordPress blog with SG Optimizer
If you’ve installed SiteGround’s plugin SG Optimizer, there is also an option there to force HTTPS, however, you won’t need to use that feature if you are using CloudFlare to force HTTPS (above). I would recommend just turning on all the caching feature to speed up your website (see below).
Optimize CloudFlare with Page Rules
CloudFlare’s free plan allows you to create three Page Rules. Cloudflare Page Rules allows you to improve user experience of your domain with higher security and enhanced site performance while increasing your website reliability and minimizing bandwidth usage for your origin server (in my case, SiteGround). By minimizing your resource/bandwidth usage, you will be able to eliminate one of SiteGround’s only con; CPU limit of 20000 Seconds per 24 hours.
These are the page rules I’ve set up to make the best usage of my Cloudflare Page Rule (limited to 3 for their free plan). Keep in mind that not all rules will be right for everyone, but if you’re running WordPress and your website is basically the same as mine, it should work for you.
1. Protecting the WP-LOGIN and WP-ADMIN Pages
Certain sections of your website, like your WordPress wp-login and wp-admin pages, have diverse security and different performance needs than your public exposed pages. Therefore, it would be a good idea to create page rules for these sorts of WordPress pages to enhance their security. Here is my setting:
2. Minimizing the Bandwidth Usage for Your Server
Cloudflare Page rules can also decrease the amount of bandwidth/resource usages for your origin server. In my second rule, I am targeting a folder that holds a majority of my image files (which of course doesn’t get changed very often). For WordPress, this is the target folder: *yoursite .com/wp-content/uploads*
3. An Aggressive Rule to Cache Everything on my Web Page
The order I’ve set the rules in:
To learn more about CloudFlare rules, and get a clearer understanding of why I’ve set my rules these ways, please watch this very helpful video on must use page rules for everyone.
After Migrating from HTTP to HTTPS
Once you have migrated your WordPress blog from HTTP to HTTPS, here are the next steps you need to take:
Add your WordPress blog to Google Search console.
Add your new sitemap with HTTPS URL, Fetch and Crawl.
Edit your Google Analytics profile to change the site URL from HTTP to HTTPS.
Update your site URL from HTTP to HTTPS on your all major social media profiles.