How to redirect from http to https in WordPress

wordpress

Thanks to Let's Encrypt and WordPress projects today is very easy to migrate your site from http to https (secure version of the HTTP protocol).

The following procedure also works for those sites that are behind a reverse proxy like NGINX and the connection between the proxy and the site is done via http, even if you cannot modify the web server configuration, lets see some concepts and definitions:

Concepts and definitions

WordPress is a Content Management System developed in PHP and MySql with an architecture based on plugins and themes. WordPress is developed and maintained by hundreds of developers around the world.

Let’s Encrypt is a free, automated, and open Certificate Authority (launched on April 12, 2016) that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

SSL / TLS (Secure Socket Layer / Transport Layer Security): are cryptographic protocols that allow to establish a secure communication channel on the Internet: web, mail, fax and instant messaging.

CA (Certificate Authoritative): trusted entity that issues digital certificates for third party.

Note: Before executing the following procedure in a production environment do a backup of your BD and run it on a test enviroment, LibreByte is not responsible for any damage or loss of data that could derived from the following procedure, do it at your own risk.

Step 1. Edit wp-config

wp-config is the WordPress configuration file and the second file to load after index.php so we will put the following code before any PHP code.

Fork me on Github
<?php
// Check if a redirect is needed
$redirect = !isset($_SERVER['HTTPS']) || ('on' != $_SERVER['HTTPS']);
$redirect = $redirect || !isset($_SERVER['HTTP_X_FORWARDED_PROTO']) || ('https' != $_SERVER['HTTP_X_FORWARDED_PROTO']);

// Permanent redirect to https version
if ($redirect) {
    header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], true, 301);
    exit();
}

The $_SERVER['HTTPS'] variable has a non empty value if the request is HTTPS, the $_SERVER['HTTP_X_FORWARDED_PROTO'] = https when your site is behind a reverse proxy. It is advisable to check what values take these variable then put the following code:

var_dump($_SERVER);

in a test file accessible from your HTTPS connection.

Step 2. Update prefix_posts table

Connect to the WordPress database and locate the posts table this table must have a prefix defined in the variable $table_prefix, found it in the file wp-config.php, once you've connected to the WordPress database run the following query 

Fork me on Github
UPDATE tableprefix_posts
SET 
post_content = REPLACE(post_content, 'http://www.midominio.com', 'https://www.midominio.com'),
post_excerpt = REPLACE(post_content, 'http://www.midominio.com', 'https://www.midominio.com')
WHERE post_content LIKE '%http://www.midominio.com%' OR post_excerpt LIKE '%http://www.midominio.com%'

the previous query will update all http url to https version.

The tutorials here on LibreByte are provided under a free software licence. if you like my work you should consider:
Buy a Hosting/VPS or Dedicated Server at MCKHost

2 comments

  1. Or install the WordPress plugin "Really Simple SSL"

    1. The drawback about using “Really Simple SSL” is that this plugin do the replacement on the fly so every time a page is loaded you get a performance hit.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.