How to Move a Drupal Site from HTTP to HTTPS

Drupal is one of the most powerful content management systems available today.

Used by millions of websites, both large and small, this open-source platform is highly scalable and lightning fast. If your website runs on Drupal, you’re in very good company. The White House, Australian Government, The Weather Channel, and NBC, are just a few high-profile sites that use Drupal to manage and deliver online content. In today’s online environment, we highly recommend you learn how to move a Drupal site from HTTP to HTTPS. And here’s why.

As flexible as Drupal is, it can’t cover all your website’s needs. Whether you have a blog, an e-commerce shop, or a membership site, it’s important to protect users’ personal data that travels between their browsers and your server.

To accomplish this in the most professional and safest way, you need to add an SSL Certificate to your website. While it’s not this article’s goal to dive deep into the specifics of SSL, we can’t leave novice users in the dark. If you’re new to SSL certificates, the following links are a quick way to get familiar with all things SSL.

A technical overview of how SSL certificates work
How to choose the best SSL certificate for your website?
Why is an SSL Certificate important for your online store?

Now let’s focus on the main purpose of this article.

How to move a Drupal Site from HTTP to HTTPS

The first thing to do after you install and configure your SSL Certificate is to check if it works properly. Here are the ultimate tools for buying and testing an SSL Certificate. If no errors are found, you can now safely add HTTPS to your website.

You may want to activate HTTPS only in certain places such as the login page, or shopping cart. But switching between HTTP and HTTPS may compromise your secured session. Browsers flag mixed HTTP and HTTPS content as not secured. If you don’t encrypt your entire website, visitors won’t be able to access it.

You can force HTTPS on your entire website in two ways. The quickest one is to update your .httaccess file in the root. Simply add the following code below “RewriteEngine on”

RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} offRewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The second way is to use Drupal modules and force HTTPS from your front-end dashboard. Here you can search for Drupal project modules.

Now that all your traffic is redirected to HTTPS, it’s time to add the final touches to our transition. Inspect your templates for any remaining HTTP resources such as media files, CSS, js, etc. and add an S to the HTTP. If you used absolute paths on local images, you may have quite a lot of replacing to do. Writing an SQL statement to find and replace your hyperlinks will save you a lot of time.

Finally, let Google know that all your content is being served now over HTTPS. Updated your XML sitemap with the latest HTTPS links and send it to Google webmaster tools. Use Robots.txt file to control which pages will be crawled and indexed.

And that should be it. Learning how to move a Drupal site from HTTP to HTTPS is not a difficult process. If you still face problems after following the steps we have outlined above, contact your hosting provider, or ask the Drupal community for help on the official Drupal forum.