I’ve been thinking for some time about converting freewheelings to https using an SSL certificate. However, the major problem that has kept me from doing it (until now) is that all of your share counts will be reset. There is something to be said for social proof. You see, in the eyes Google Plus, Twitter, Facebook and all of your favorite share buttons https://www.freewheelings.com and https://www.freewheelings.com are two different URLs, which is true. But this means that when you force your site to use your new SSL certificate at the HTTPS version of your address – poof – there go your share counts.
Let’s look at this in two parts. First, we’ll go through the ins and outs of upgrading WordPress to HTTPS.
Why Should I Upgrade to HTTPS (SSL)?
Obviously, if you are running and ecommerce site or any other site that exchanges sensitive user information you should have already done this. HTTPS (SSL) encrypts traffic between the client’s browser and your server leaving it inaccessible to the peeping toms of the Internet. Freewheelings doesn’t have a store or a member area. So, why would I upgrade freewheelings to HTTPS?
- Geek Cred – I make my living as a technology consultant. People come here to read and learn about technology almost as much as they do for my awesome travel adventures. Having an HTTPS site, in the eyes of the technical, provides credibility. I want that to be the impression this site leaves with people and, especially, prospective clients.
- Security – Perhaps It’s only me and a handful of others that log into the WordPress admin panel, but every login is a chance for the bad guys to compromise this site. Since converting this site to HTTPS logging into the admin panel is just as secure as logging into your online banking. I bet that’ll keep you up at night.
- Google, Google, Google – We know very little about Google’s algorithm, but one thing we know for sure is that SSL counts as of sometime in 2014. You can read about it right here, direct from the horse’s mouth. Although it may be a factor that is currently of little weight, that may change.
- SSL and Rankings – This is all opinion, but I personally believe we will see the weight of SSL as a ranking factor increase over the years to come. I currently have no validation for that opinion. Call it a hunch.
- Analytics and Referrer Data– You know when you look at your referrals in Google Analytics and simply see “direct.” as a traffic source? This is because the traffic originated from a HTTPS site and was then sent to your HTTP site. In that scenario, the referrer data gets striped away. However, referrer data is preserved when you upgrade to HTTPS regardless of the origin. Sweet, eh?
Installing Your SSL Certificate
This topic is going to remain uncovered as it falls outside the scope of this article. The answer is going to be different for everyone. In the case of freewheelings I self host WordPress within the Amazon Web Services Cloud and did everything manually. If you use a managed hosting provider you can likely purchase and install your SSL certificate through cPanel. Though you’re being had on the cost. Either way, the rest of this article is based on you having successfully installed your SSL Certificate. If you’re stuck and require help please feel free to check out the consulting section of this site. We’re always happy to help.
Converting WordPress to HTTPS
If you have successfully installed your SSL certificate you should be able to access the HTTPS version of your site. Check it out and make sure it works. It should look like this:
Even if you don’t have the green lock that’s okay. We’ll get to that in a minute. Just make sure you can access the site using https.
!!!Warning!!! Do not continue with this tutorial if you are not able to access your site via HTTPS!
HTTPS Redirection
The first thing that we need to do is tell WordPress and Apache to redirect all of the http URLs to their HTTPS counterpart. There are multiple ways to go about this, but let’s look at the two most straight forward.
The Easiest way is to use a plugin called Easy HTTPS (SSL) Redirection. All this plugin does is create the necessary entries in your .htaccess file. I’ve got my site setup to redirect the entire domain:
All this plugin is doing is adding the following lines to the .htaccess file located in the root directory of your WordPress installation:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
Editing the .htaccess file directly will yield the same result and save you a plugin. I found this plugin particularly handy as I staged my HTTPS migration and this plugin let me easily add a few pages or directories at a time.
After we are finished, you should leave these rules in place so that all that hard earned link juice will flow to your new HTTPS URLs. Ultimately Google will update all of your indexed URLs to their new HTTPS location. This is not true of all the websites that link to you. Of course, we also want people to find the pages they’re looking for and we can’t expect every website that links to you to update their links. We solve this problem by leaving the 301 redirect in place.
Tell WordPress to Use HTTPS
This is easy. Navigate over to WordPress Settings > General and change the WordPress Address and Site Address to the HTTPS version.
Fixing Mixed Content Warnings
I’ve converted 3 WordPress sites to HTTPS this week and one of them was just fine at this point. This site and another, the most robust of the three needed a little more massaging. If your site has any depth of content you’re probably getting mixed content warnings in your browser bar. They look like this:
The easiest remedy for this is another plugin called SSL Insecure Content Fixer. Once installed, I recommend starting with the lowest setting and working your way up until you find the setting that fixes all of your insecure content. In my case that was this one:
You should now have the green lock that we were looking for, but that’s only half the solution. You should really look at SSL Insecure Content Fixer as a band aid. It gets us through the migration, but it slows down the site to the tune of an additional 1 second worth of load time on the homepage. What we really need to do is go back through the site and fix all of the non HTTPS references that are causing the mixed content problems in the first place. We’ll save that for another day.
Another Day (Update)
Now that we’ve had the site working properly and a little time to breathe thanks to SSL Secure Content Fixer let’s look at finishing the job. First, we’ll need to permanently update all internal links to point to their new HTTPS counterpart. You guessed it, there’s a plugin that can do that. It called Velvet Blues Update URLs. Go ahead, give it an install, and meander on over to Tools > Update URLs.
Configure the plugin as shown above and give ‘er a run. WAIT! Did you backup your database like it said? You might ought to do that. Notice two things here:
- I left off the trailing slash/
- The only thing different is the ‘s’ in HTTPS
This is going to fix the lot of it, but I’m sure you’ll have other things that you need to find and fix. In my case I had to:
- Fix some hard-coded URLs in my widgets
- Update some old YouTube content from before they used HTTPS. I Used Velvet Blues for this
- Update some old FeedBurner content from before they used HTTPS. I Used Velvet Blues for this as well
I have now disabled SSL Insecure Content Fixer and am running on my HTTPS updated content. I’ve gained back the additional second of site speed I lost during the migration and am happy to report that by all tests, my SSL enabled site runs just as fast as the non-SSL site did. Go team!
Preserving Social Share Button Counts
So, you’ve made it through the SSL migration. You open up your favorite article and – poof – your share counts are gone. I looked for days for a solution to this problem and I almost didn’t upgrade the site on account of it. Enter Social Warfare.
This is one of the hottest Social Sharing plugins in the WordPress hemisphere. Now I’m not one that will usually fork over my hard-earned cash for a plugin unless they do something extraordinary. So let’s cruise through and check out some of the features that make Social Warfare shine.
- Speed – Say it with me. Speed. Your standard sharing buttons make a call to the API of the service provider (Facebook, Google Plus, Reddit, etc.) every single time the buttons are displayed and they take for-ev-er. They’re usually the last thing to load on your page. Social Warfare takes a different approach. They call the API for the share counts of your posts and pages on a predetermined schedule and cache the results in the database. When a page is served it is served with those cached results. Outcome? Your sharing buttons are now one of the fastest things on your page rather than the slowest.
- Sweet Buttons – I think we’re starting to glaze over the traditional sharing buttons. Perhaps it’s because they don’t load until after we’re done with the page. Either way, these new buttons really pop. You can customize them in over 75 colors. They are super mobile responsive and have a sexy floating share bar that is not obnoxious. Feel free to check it out below – and use it. Wink.
- Support – If you’ve read this far through the article you probably realize that I’m one of those people that contact support only when I have a legitimate issue. Most of the time I wind up beating my head against the wall as it becomes painfully obvious that I know way more about the product that I’m calling for support on than the person supporting it. This not the case at Social Warfare. These guys are on it! Nicholas literally had a bug fixed for me in one day and emailed over a BETA for me to use until the patch was publicly released (the next day). ‘nuff said.
- Share Count Recovery – This is the meat and potatoes of this plugin and what led me here in the first place. Whether your moving to HTTPS or changing your permalink structure you can easily tell Social Warfare about the pervious URL structure of your site. Remember how we talked about caching share counts earlier? What this plugin does is checks both URLs. In this case the HTTP and the HTTPS version and adds the share counts of both together and stores them as a regularly updated share count in your WordPress database. Viola!
Simply turn share count recovery on and set the “Previous Connection Protocol” to HTTP and let Social Warfare handle the rest!
There’s Gotta be a Catch, Right?
Sorta, kinda, not really. Social Warfare is the only plugin (I know of) that provides this functionality. If there is a catch it is this: Your share counts from the two separate URLs have not been combined anywhere but on your site. Which is fine, because it is the only place you are displaying them. Since there are no other Social plugins that have this functionality you’ll have to keep an active subscription to this plugin to maintain your share counts. But it’s not like that’s all get. I’ve seen a marked increase in social engagement just in the last two days. It’s hard to put a value on that.
What I hope will be the eventual solution is that the content monsters, realizing the trend of people moving to HTTPS, provide the functionality in their APIs to combine share counts for HTTP and HTTPS URLs at the source. Time will tell.
For now, this is the best solution and Social Warfare provides so much awesomeness outside of count retention that it’s worth it anyway.
Welcome to the world of WordPress and HTTPS!
Nicholas Z. Cardot says
Brandon,
Thanks for all the great things that you’ve said here. I’m thrilled that we were able to get you taken care of. This really, really makes my day!
You said, “What I hope will be the eventual solution is that the content monsters, realizing the trend of people moving to HTTPS, provide the functionality in their APIs to combine share counts for HTTP and HTTPS URLs at the source. Time will tell.”
This actually does take place on a couple of the social networks, but not most. As such, when we check both URL’s, if the numbers that come back are identical then we don’t add them together.
Thomas Barbera says
FYI: Social Warfare count recovery does not work anymore for Facebook after an FB update.
hak5860 says
Where is that option to recover the counts? I Installed the plugin but none of that?
Thanks for the anwer.
AK
Brandon Edward says
It’s under advanced:
hak5860 says
In a paid version I think? I have no option like that ;-(
Brandon Edward says
Yes, they have recently switched the structure. It used to be pay only, but now they have a free version. I haven’t used the free version myself, but it sounds like it’s safe to assume from your comments that the free version does not include Share Count Recovery. I certainly understand it’s hard to cough up cash for a WordPress plugin. Social Warfare is THE ONLY plugin I pay for.
Lindsay says
Thanks for the helpful info. I just switched to SSL and could not get my sharing plugin to work at all. Switched to Social Warfare today and everything works, including my count recoveries. Yay! Appreciate the help!
Brandon Edward says
My pleasure! Glad things worked out for you.
Qadar says
Hi Brandon,
A great post. No one explained it in such a detailed and perfect way as you did it. I bought an SSL certificate and my host installed it for me. I thought that was it.
Little I knew about all the redirection and the other stuff. You have saved my site. Thanks again.
Brandon Edward says
Glad to help.
Julie says
Great post , it’s very interesting and informative post , thank you for sharing the blog.
Hamish says
Hi Brandon cannot in my Nginx site. SO I use the plugin: https://wordpress.org/plugins/force-https-littlebizzy/
And, did you try before, thanks for reply
Brandon Edward says
Thanks for the tip Hamish.
Naman Modi says
Hi guys, I just migrated frrom http to https and have lost all my share counts with Sumo Me. Will this plugin help me add back those share counts? Thanks.
Brandon Edward says
Yep