I've taken over a site where it's using HTTPS but when I looked in the WP Settings, it still showed HTTP.
Surely this should be throwing up all kinds of errors?
I know this should be changed to HTTPS, but is there anywhere that I can see the implications of not doing this? Just trying to understand how it looks like it's actually alright and I need to point out why it wasn't a good idea to leave it.
Also, when changing it here, is there anything I need to bear in mind or check?
Thanks.
I've taken over a site where it's using HTTPS but when I looked in the WP Settings, it still showed HTTP.
Surely this should be throwing up all kinds of errors?
I know this should be changed to HTTPS, but is there anywhere that I can see the implications of not doing this? Just trying to understand how it looks like it's actually alright and I need to point out why it wasn't a good idea to leave it.
Also, when changing it here, is there anything I need to bear in mind or check?
Thanks.
Share Improve this question asked Mar 13, 2019 at 12:00 DanDan 272 bronze badges 1- 1 Not a full answer, but just a note that when I change sites from http to https, I generally do a database search and replace (with serialization support, not just a straight s&r). The reason is because many other references to http: assets may exist and will throw mixed content warnings. The db s&r will also effect the change in the settings tab you are referring to. – tmdesigned Commented Mar 13, 2019 at 12:12
1 Answer
Reset to default 0First off, just because the url in site settings is http does not mean that's the site url that's being used. You can set the url in wp-config.php via WP_SITEURL and WP_HOME. You may have known this already, but I wanted to point it out first.
The constants in wp-config.php can also be set up to be dynamic for different protocols and domains, depending on the request.
In addition, different CDN setups can actually serve a site via https without origin requiring strict adherence to that protocol, for example Cloudflare gives you the option to set an origin SSL certificate.
The implications from my perspective would be if the site serves both http and https traffic, that may lead to a subpar experience and possible mixed requests. Ideally, all traffic would be forced to go through one domain and one protocol. The biggest deterrent for this behavior is from search engines who may see each permutation as a separate site to keep track of and this may result in duplicate content counting against you.
I would check to make sure navigating the site doesn't result in redirects from http to https, server configuration (and wp-config.php) to see if anything fun is going on there, and the database to ensure all urls point to the same domain and protocol.
Good luck!