wordpress移动_如何将WordPress从HTTP正确地移动到HTTPS（初学者指南）

wordpress移动

Are you looking to move WordPress from HTTP to HTTPS and install an SSL certificate on your website? We have been getting a lot of requests on this topic because Google announced that Chrome browser will start marking all websites without SSL as insecure starting July 2018. In this article, we will show you how to properly move WordPress from HTTP to HTTPs by adding a SSL certificate.

您是否想将WordPress从HTTP迁移到HTTPS并在您的网站上安装SSL证书？ 由于Google宣布Chrome浏览器将从2018年7月开始将所有没有SSL的网站标记为不安全，因此我们收到了很多关于此主题的请求。在本文中，我们将向您展示如何通过添加SSL证书。

Don’t worry, if you have no idea what SSL or HTTPS is. We’re going to explain that as well.

如果您不知道什么是SSL或HTTPS，请不要担心。 我们还将对此进行解释。

什么是HTTPS？ (What is HTTPS?)

HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.

HTTPS或安全HTTP是一种加密方法，可保护用户浏览器和服务器之间的连接。 这使黑客更难于窃听连接。

Every day we share our personal information with different websites whether it’s making a purchase or simply logging in.

每天我们都会在不同的网站上共享我们的个人信息，无论是购买商品还是直接登录。

In order to protect the data transfer, a secure connection needs to be created.

为了保护数据传输，需要创建安全连接。

That’s when SSL and HTTPS come in.

那就是SSL和HTTPS出现的时候。

Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and its certificate doesn’t match, then most modern browsers will warn the user from connecting to the website.

每个站点都会获得一个唯一的SSL证书以用于识别。 如果服务器假装使用HTTPS，并且其证书不匹配，则大多数现代浏览器都会警告用户不要连接到网站。

Now you are probably wondering, why do I need to move my WordPress site from HTTP to HTTPS specially if it’s a simple blog or small business website that doesn’t collect any payments.

现在您可能想知道，为什么我的WordPress网站从HTTP迁移到HTTPS，特别是如果它是一个简单的博客或小型企业网站 ，并且不收取任何付款，为什么我需要将它特别从HTTP转移到HTTPS。

为什么需要HTTPS和SSL？ (Why do you need HTTPS and SSL?)

Last year Google announced a plan to improve overall web security by encouraging website owners to make the switch from HTTP to HTTPS. As part of this plan, their popular Chrome web browser would mark all websites without a SSL certificate as “Not Secure” starting July 2018.

去年Google宣布了一项计划，鼓励网站所有者从HTTP切换到HTTPS，从而提高整体网络安全性。 作为该计划的一部分，他们流行的Chrome网络浏览器将从2018年7月开始将所有没有SSL证书的网站标记为“不安全”。

As part of the announcement, Google also said that websites with SSL will also see SEO benefits and higher rankings. Since last year, a large number of websites have switched from HTTP to HTTPS.

作为公告的一部分，谷歌还表示，使用SSL的网站也将看到SEO的好处和更高的排名。 自去年以来，大量网站已从HTTP切换为HTTPS。

Google has been slowly rolling out the “Not Secure” warning in Chrome. For example, if someone visits a HTTP website using the incognito window, it will be marked as Not Secure. If someone visits a HTTP website on regular mode and tries to fill out a contact form or another form, then the website will be marked as insecure.

Google一直在缓慢推出Chrome中的“不安全”警告。 例如，如果某人使用隐身窗口访问HTTP网站，它将被标记为“不安全”。 如果有人以常规方式访问HTTP网站并尝试填写联系表格或其他表格，则该网站将被标记为不安全。

When your readers and customers see this notice, it gives them a bad impression for your business.

当您的读者和客户看到此通知时，它们给您的业务留下了不好的印象。

This is why all websites need to move form HTTP to HTTPS and install SSL immediately.

这就是为什么所有网站都需要从HTTP迁移到HTTPS并立即安装SSL。

Not to mention, if you want to accept payments online on your eCommerce website, then you need SSL.

更不用说，如果您想在电子商务网站上接受在线支付，则需要SSL。

Most payment companies like Stripe, PayPal Pro, Authorize.net, etc will require you to have a secure connection before accepting payments.

像Stripe ，PayPal Pro，Authorize.net等大多数付款公司都要求您在接受付款之前建立安全连接。

We use SSL for our websites including WPBeginner, OptinMonster, WPForms, and MonsterInsights.

我们使用SSL为我们的网站，包括WPBeginner， OptinMonster ， WPForms和MonsterInsights 。

在WordPress网站上使用HTTPS / SSL的要求 (Requirements for using HTTPS/SSL on a WordPress Site)

The requirements for using SSL in WordPress is not very high. All you need to do is purchase an SSL certificate, and you might already have it for free.

在WordPress中使用SSL的要求不是很高。 您需要做的就是购买SSL证书，并且您可能已经免费拥有它。

The best WordPress hosting companies are offering free SSL certificates for all their users:

最好的WordPress托管公司正在为其所有用户提供免费的SSL证书：

• Bluehost蓝主机
• SiteGroundSiteGround
• WPEngineWPEngine
• Liquid Web液体网
• Dreamhost梦幻主机
• InMotion HostingInMotion托管
• GreenGeeks绿极客

For more details, see our guide on how to get a free SSL certificate for your WordPress website.

有关更多详细信息，请参阅有关如何为您的WordPress网站获取免费SSL证书的指南。

If your hosting company does not offer a free SSL certificate, then you’ll need to purchase an SSL certificate.

如果您的托管公司不提供免费的SSL证书，则您需要购买SSL证书。

We recommend using Domain.com because they offer the best SSL deal for both regular and wildcard SSL certificates.

我们建议使用Domain.com，因为它们为常规证书和通配符SSL证书都提供了最好的SSL协议。

By purchasing a SSL certificate from them, you also get a TrustLogo site seal for your website, and each SSL certificate comes with a minimum of $10,000 security warranty.

通过从他们那里购买SSL证书，您还可以获得网站的TrustLogo网站印章，每个SSL证书都至少具有10,000美元的安全保证。

Once you have purchased an SSL certificate, you will need to ask your hosting provider to install it for you.

购买SSL证书后，您将需要请主机提供商为您安装它。

设置WordPress以使用SSL和HTTP (Setting up WordPress to Use SSL and HTTPs)

After you have enabled SSL certificate on your domain name, you will need to set up WordPress to use SSL and HTTPs protocols on your website.

在域名上启用SSL证书后，您将需要设置WordPress以在您的网站上使用SSL和HTTPs协议。

We will show you two methods to do that, and you can choose one that best fits your need.

我们将向您展示两种方法，您可以选择一种最适合您的需求。

方法1：使用插件在WordPress中设置SSL / HTTPS (Method 1: Setup SSL/HTTPS in WordPress Using a Plugin)

This method is easier and is recommended for beginners.

此方法更简单，建议初学者使用。

First, you need to install and activate the Really Simple SSL plugin. For more details, see our step by step guide on how to install a WordPress plugin.

首先，您需要安装并激活Really Simple SSL插件。 有关更多详细信息，请参阅有关如何安装WordPress插件的分步指南。

Upon activation, you need to visit Settings » SSL page. The plugin will automatically detect your SSL certificate, and it will set up your WordPress site to use HTTPs.

激活后，您需要访问设置»SSL页面。 该插件将自动检测您的SSL证书，并将您的WordPress网站设置为使用HTTP。

The plugin will take care of everything including the mixed content errors. Here’s what the plugin does behind the scenes:

该插件将处理所有内容，包括混合内容错误。 这是该插件在后台执行的操作：

• Check SSL certificate
  检查SSL证书
• Set WordPress to use https in URLs
  将WordPress设置为在URL中使用https
• Set up redirects from HTTP to HTTPs
  设置从HTTP到HTTP的重定向
• Look for URLs in your content still loading from insecure HTTP sources and attempt to fix them.
  查找内容中仍从不安全的HTTP源加载的URL，然后尝试对其进行修复。

Note: The plugin attempts to fix mixed content errors by using output buffering technique. It can have a negative performance impact because it’s replacing content on the site as the page is being loaded. This impact is only seen on first-page load, and it should be minimal if you are using a caching plugin.

注意：插件尝试使用输出缓冲技术来修复混合内容错误。 它可能会对性能产生负面影响，因为它会在加载页面时替换网站上的内容。 这种影响仅在首页加载时可见，如果使用缓存插件，则影响应该很小。

While the plugin says you can keep SSL and safely deactivate the plugin, it’s not 100% true. You will have to leave the plugin active at all times because deactivating the plugin will bring back mixed content errors.

尽管该插件说您可以保留SSL并安全地停用该插件，但并非100％正确。 您必须始终保持插件处于活动状态，因为停用插件会带回混合内容错误。

方法2：在WordPress中手动设置SSL / HTTPS (Method 2: Setup SSL/HTTPS in WordPress Manually)

This method requires you to troubleshoot issues manually and edit WordPress files. However this is a permanent and more performance optimized solution. This is what we’re using on WPBeginner.

此方法需要您手动解决问题并编辑WordPress文件。 但是，这是一个永久的，性能更优化的解决方案。 这就是我们在WPBeginner上使用的。

If you find this method difficult, then you can hire a WordPress developer or use the first method instead.

如果您发现此方法比较困难，则可以聘请WordPress开发人员或使用第一种方法。

As part of this method, you may need to edit WordPress theme and code files. If you haven’t done this before, then see our guide on how to copy and paste code snippets in WordPress.

作为此方法的一部分，您可能需要编辑WordPress主题和代码文件。 如果您以前没有做过，请参阅我们的指南， 了解如何在WordPress中复制和粘贴代码段 。

First, you need to visit Settings » General page. From here you need to update your WordPress and site URL address fields by replacing http with https.

首先，您需要访问设置»常规页面。 在这里，您需要通过将HTTP替换为https来更新WordPress和站点URL地址字段。

Don’t forget to click on the ‘Save changes’ button to store your settings.

不要忘记点击“保存更改”按钮来保存您的设置。

Once the settings are saved, WordPress will log you out, and you will be asked to re-login.

设置保存后，WordPress将注销您，并要求您重新登录。

Next, you need to set up WordPress redirects from HTTP to HTTPS by adding the following code to your .htaccess file.

接下来，您需要通过将以下代码添加到.htaccess文件中来设置从HTTP到HTTPS的WordPress重定向。

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

If you are on nginx servers (most users are not), then you would need to add the following code to redirect from HTTP to HTTPS in your configuration file:

如果您使用的是nginx服务器(大多数用户不是)，则需要在配置文件中添加以下代码以从HTTP重定向到HTTPS：

server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}

Don’t forget to replace example.com with your own domain name.

不要忘记用您自己的域名替换example.com。

By following these steps, you will avoid the WordPress HTTPS not working error because WordPress will now load your entire website using https.

通过执行以下步骤，您将避免WordPress HTTPS无法正常工作的错误，因为WordPress现在将使用https加载整个网站。

If you want to force SSL and HTTPS on your WordPress admin area or login pages, then you need to configure SSL in the wp-config.php file.

如果要在WordPress管理区域或登录页面上强制使用SSL和HTTPS，则需要在wp-config.php文件中配置SSL。

Simply add the following code above the “That’s all, stop editing!” line in your wp-config.php file:

只需在“就这样，停止编辑！”上方添加以下代码。 wp-config.php文件中的一行：

define('FORCE_SSL_ADMIN', true);

This line allows WordPress to force SSL / HTTPs in WordPress admin area. It also works on WordPress multisite networks.

此行允许WordPress在WordPress管理区域中强制使用SSL / HTTPs。 它也可以在WordPress多站点网络上工作 。

Once you do this, your website is now fully setup to use SSL / HTTPS, but you will still encounter mixed content errors.

完成此操作后，您的网站现在已完全设置为使用SSL / HTTPS，但是您仍然会遇到混合内容错误。

These errors are caused by sources (images, scripts, or stylesheets) that are still loading using the insecure HTTP protocol in the URLs. If that is the case, then you will not be able to see a secure padlock icon in your website’s address bar.

这些错误是由仍使用URL中不安全的HTTP协议加载的源(图像，脚本或样式表)引起的。 如果是这种情况，那么您将无法在网站的地址栏中看到安全的挂锁图标。

Many modern browsers will automatically block unsafe scripts and resources. You may see a padlock icon but with a notification about it in your browser’s address bar.

许多现代浏览器会自动阻止不安全的脚本和资源。 您可能会在浏览器的地址栏中看到一个挂锁图标，但带有通知。

You can find out which content is served through insecure protocol by using the Inspect tool. The mixed content error will be displayed as a warning in the console with details for each mixed content item.

您可以使用“ 检查”工具找出通过不安全协议提供的内容。 混合内容错误将作为警告显示在控制台中，其中包含每个混合内容项目的详细信息。

You will notice that most URLs are images, iframes, and image galleries while some are scripts and stylesheets loaded by your WordPress plugins and themes.

您会注意到，大多数URL是图像，iframe和图像库，而另一些是WordPress插件和主题加载的脚本和样式表。

Fixing Mixed Content in WordPress Database

修复WordPress数据库中的混合内容

Majority of the incorrect URLs will be images, files, embeds, and other data stored in your WordPress database. Let’s fix them first.

大多数不正确的URL将是存储在WordPress数据库中的图像，文件，嵌入和其他数据。 让我们先修复它们。

All what you need to do is find all mentions of your old website URL in the database that started with http and replace it with your new website URL that starts with https.

您需要做的就是在数据库中找到所有以http开头的旧网站URL的提及，并将其替换为以https开头的新网站URL。

You can easily do this by installing and activating the Better Search Replace plugin. For more details, see our step by step guide on how to install a WordPress plugin.

您可以通过安装并激活Better Search Replace插件轻松地做到这一点。 有关更多详细信息，请参阅有关如何安装WordPress插件的分步指南。

Upon activation, you need to visit Tools » Better Search Replace page. Under the ‘Search’ field, you need to add your website URL with http. After that, add your website URL with https under the ‘Replace’ field.

激活后，您需要访问工具»更好的搜索替换页面。 在“搜索”字段下，您需要使用http添加网站URL。 之后，在“替换”字段下添加带有https的网站URL。

Below that, you will see all your WordPress database tables. You need to select all of them to run a thorough check.

在其下，您将看到所有WordPress数据库表。 您需要选择所有它们以进行彻底检查。

Lastly, you need to uncheck the box next to ‘Run as dry run?’ option, and then click on ‘Run Search/Replace’ button.

最后，您需要取消选中“以空运行方式运行？”旁边的框。 选项，然后单击“运行搜索/替换”按钮。

The plugin will now search your WordPress database for URLs starting with http and will replace them with secure https URLs. It may take a while depending on your WordPress database size.

该插件现在将在WordPress数据库中搜索以http开头的URL，并将其替换为安全的https URL。 可能需要一段时间，具体取决于您的WordPress数据库大小。

Fixing Mixed Content Errors in WordPress Theme

修复WordPress主题中的混合内容错误

Another common culprit causing mixed content error is your WordPress theme. Any decent WordPress theme following WordPress coding standards will not cause this issue.

导致混合内容错误的另一个常见原因是您的WordPress主题。 遵循WordPress编码标准的任何合适的WordPress主题都不会导致此问题。

First, you will need to use your browser’s Inspect tool to find the resources and where they are loading from.

首先，您将需要使用浏览器的Inspect工具来查找资源以及从中加载资源。

After that, you will need to find them in your WordPress theme and replace them with https. This will be a little difficult for most beginners, as you will not be able to see which theme files contain these URLs.

之后，您将需要在WordPress主题中找到它们并将其替换为https。 对于大多数初学者而言，这将有些困难，因为您将无法看到哪些主题文件包含这些URL。

Fixing Mixed Content Errors Caused by Plugins

修复由插件引起的混合内容错误

Some mixed content resources will be loaded by WordPress plugins. Any WordPress plugin following WordPress coding standards will not cause mixed content errors.

WordPress插件将加载一些混合内容资源。 遵循WordPress编码标准的任何WordPress插件都不会引起混合内容错误。

We don’t recommend editing WordPress plugin files. Instead, you need to reach out to the plugin author and let them know. If they do not respond or are unable to fix it, then you need to find a suitable alternate.

我们不建议编辑WordPress插件文件。 相反，您需要联系插件作者并告知他们。 如果他们没有响应或无法解决，则需要找到合适的替代方案。

Note: If for some reason, you’re still encountering mixed content error, then we recommend using the Really Simple SSL plugin temporarily, so your users are not impacted while you fix the issue on a staging website or hire a developer.

注意：如果由于某些原因您仍然遇到混合内容错误，那么我们建议您暂时使用Really Simple SSL插件，这样在临时网站上解决问题或雇用开发人员时，不会对用户造成影响。

将您的HTTPS网站提交到Google Search Console (Submit Your HTTPS Site to Google Search Console)

Search engines like Google consider https and http as two different websites. This means you will need to let Google know that your website has moved to avoid any SEO issues.

Google等搜索引擎将https和http视为两个不同的网站。 这意味着您需要让Google知道您的网站已经迁移，以避免任何SEO问题。

To do that, you just need to go to your Google Search Console account and click on ‘Add a Property’ button.

为此，您只需要转到您的Google Search Console帐户，然后单击“添加属性”按钮即可。

This will bring up a popup where you need to add your website’s new https address.

这将弹出一个弹出窗口，您需要在其中添加网站的新https地址。

After that, Google will ask you to verify ownership of your website. There are several ways to do that, select any method and you will instructions to verify your site.

之后，Google会要求您验证网站的所有权。 有几种方法可以执行此操作，选择任何一种方法，然后您将说明如何验证您的站点。

Once your site is verified, Google will start showing your search console reports here.

您的网站通过验证后，Google将开始在此处显示您的Search Console报告。

You also need to make sure that both the https and http versions are added in your Search Console.

您还需要确保在Search Console中同时添加了https和http版本。

This tells Google that you want the https version of your website to be treated as the primary version. Combined with the 301 redirects that you setup earlier, Google will transfer your search rankings to the https version of your website, and you will most likely see improvements in your search rankings.

这告诉Google您希望将网站的https版本视为主要版本。 结合您之前设置的301重定向，Google会将您的搜索排名转移到您网站的https版本，您很可能会看到搜索排名有所改善。

We know that we did when switched our websites from http to https.

我们知道，当我们将网站从http切换到https时，我们确实做了。

We hope this article helped you add HTTPS and SSL in WordPress. You may also want to see our ultimate WordPress security guide with step by step instructions to keep your WordPress site secure.

我们希望本文能帮助您在WordPress中添加HTTPS和SSL。 您可能还希望查看我们的最终WordPress安全指南，其中包含逐步说明，以确保WordPress网站的安全。

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

如果您喜欢这篇文章，请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。

翻译自: https://www.wpbeginner.com/wp-tutorials/how-to-add-ssl-and-https-in-wordpress/

wordpress移动