As you might have seen I’ve switched this site to https only. The steps involved in switching WordPress to https only are pretty simple.
Set Site URL
First, make sure to set the proper https site URLs. You find these options under Settings » General:
Redirect non-https traffic
Second, make sure to redirect all non-https requests to https-only in your .htaccess file. In the example below I’ve included an automatic redirect to the www subdomain for the SSL certificate. You can safely ignore this step in case you have a different setup:
RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} !^www. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
Update media URLs
Afterwards, you (probably) need to update the URLs of your referenced media files in your blog posts/pages. Do so by issuing the following command (of course replace with your proper domain):
UPDATE wp_posts SET post_content = replace(post_content, 'http://www.YOUR-DOMAIN.com', 'https://www.YOUR-DOMAIN.com');
Update template and plugins
Finally, you need to make sure that your theme and respective plugins do not statically reference any http-only files, e.g. fonts.google, etc. For instance, for the tiga-theme that this site’s is derived from you need to overload the Google fonts URL set by enqueue.php (replace http:// with // only):
wp_enqueue_style( 'tiga-font', '//fonts.googleapis.com/css?family=Francois+One|Open+Sans:400italic,400,700', null, TIGA_VERSION, 'all' );
That’s it 😉