Web & Software Developer

MySQL Queries To Change WordPress From HTTP to HTTPS In The Database

There is some bad advice going around regarding updating URLs in the WordPress database when migrating your WordPress site from HTTP to HTTPS. There are tons of examples of MySQL queries that do a “find and replace” of the URLs in your WordPress database, and they’ll change the URLs from HTTP to HTTPS. The bad advice that I’m referring to is when people suggest that you update the GUID URLs.

The URLs in the GUID column of the wp_posts table should NOT be changed when moving your site from HTTP to HTTPS (see this from WordPress.org).

Yet, many articles out there are offering a list of queries to update the URLs in your WordPress database, and they have this bad line:

(DO NOT RUN THIS LINE:)

UPDATE wp_posts SET guid = replace(guid, 'http://www.yoursite.com','https://www.yoursite.com'); 

Also, never run a “find and replace” MySQL query that affects the entire wp_posts table of the WordPress database because that would update the GUID URLs.

Here is my list of MySQL queries to safely change the URLs in your WordPress database from HTTP to HTTPS.

Prerequisite: Change all instances of www.yoursite.com to your own. If you didn’t have the www as part of your WordPress Address (URL) in the WordPress Settings, then leave out the www here. For example, some people just use http://yoursite.com, without the www. Also, if you have a custom table prefix in the WordPress database, something other than the default wp_, then you must change all the instances of wp_ to your own table prefix.

My list of MySQL queries is organized into eight steps:

  1. Update any embedded attachments/images that use http.

    This one updates the src attributes that use double quotes:

    UPDATE `wp_posts` SET post_content = REPLACE(post_content, 'src="http://www.yoursite.com', 'src="https://www.yoursite.com')
    WHERE post_content LIKE '%src="http://www.yoursite.com%'; 

    This one takes care of any src attributes that use single quotes:

    UPDATE `wp_posts` SET post_content = REPLACE(post_content, 'src='http://www.yoursite.com', 'src='https://www.yoursite.com')
    WHERE post_content LIKE '%src='http://www.yoursite.com%'; 
  2. Update any hard-coded URLs for links. This one updates the URL for href attributes that use double quotes:

    UPDATE `wp_posts` SET post_content = REPLACE(post_content, 'href="http://www.yoursite.com', 'href="https://www.yoursite.com')
    WHERE post_content LIKE '%href="http://www.yoursite.com%'; 

    This one updates the URL for href attributes that use single quotes:

    UPDATE `wp_posts` SET post_content = REPLACE(post_content, 'href='http://www.yoursite.com', 'href='https://www.yoursite.com')
    WHERE post_content LIKE '%href='http://www.yoursite.com%'; 
  3. Update any “pinged” links:

    UPDATE `wp_posts` SET pinged = REPLACE(pinged, 'http://www.yoursite.com', 'https://www.yoursite.com')
    WHERE pinged LIKE '%http://www.yoursite.com%'; 
  4. This step is just a confirmation step to make sure that there are no remaining http URLs for your site in the wp_posts table, except the GUID URLs.

    You must replace WP_DB_NAME, near the beginning of the query, with the name of your database.

    This will confirm that nowhere in the wp_posts table is there a remaining http URL, outside of the GUID column. This ignores URLs in the GUID column.

    This query only searches; it does not replace anything, nor make any changes. So, this is safe to run. It’s a safe and quick way to check the wp_posts table while ignoring the guid column.

    This SQL query should return an empty set. That would mean that it found no http URLs for your site. (This is all just 1 query. It’s 1 very, very long line.)

    Remember to replace WP_DB_NAME, near the beginning of the query, with the name of your database.

    SELECT *  FROM `WP_DB_NAME`.`wp_posts` WHERE (CONVERT(`ID` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_author` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_date` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_date_gmt` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_content` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_title` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_excerpt` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_status` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`comment_status` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`ping_status` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_password` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_name` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`to_ping` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`pinged` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_modified` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_modified_gmt` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_content_filtered` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_parent` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`menu_order` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_type` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`post_mime_type` USING utf8) LIKE '%%http://www.yoursite.com%%' OR CONVERT(`comment_count` USING utf8) LIKE '%%http://www.yoursite.com%%'); 
  5. Now, we move to the wp_comments table. This changes any comment author URLs that point to the http version of your site. This is in case you’ve ever replied to a comment while your URL was pointing to http.

    UPDATE `wp_comments` SET comment_author_url = REPLACE(comment_author_url, 'http://www.yoursite.com', 'https://www.yoursite.com')
    WHERE comment_author_url LIKE '%http://www.yoursite.com%'; 
  6. This updates the content of the comments on your site. If there are any links in the comments that are linking to an http URL on your site, they will be updated to https.

    UPDATE `wp_comments` SET comment_content = REPLACE(comment_content, 'http://www.yoursite.com', 'https://www.yoursite.com')
    WHERE comment_content LIKE '%http://www.yoursite.com%'; 
  7. Now we move to the wp_postmeta table. This takes care of any custom post meta that points to the http version of your site.

    UPDATE `wp_postmeta` SET `meta_value` = REPLACE(meta_value, 'http://www.yoursite.com', 'https://www.yoursite.com')
    WHERE meta_value LIKE '%http://www.yoursite.com%'; 
  8. Now we move to the wp_options table. Update the “WordPress Address (URL)” and “Site Address (URL).” You can simply change these in the WordPress dashboard –> Settings page, rather than with these queries. You can just go to the Settings page and change both of these fields so that they start with https.

    But, here are the queries if you prefer to do it this way.

    For the WordPress Address URL, you may have to modify www.yoursite.com. If you have WordPress installed in some other directory, then modify this according to your own WordPress URL. For example, some people have WordPress installed in a subdirectory named “blog” and so their WordPress Address would be https://www.yoursite.com/blog.

    UPDATE `wp_options` SET `option_value` = "https://www.yoursite.com" WHERE `wp_options`.`option_name` = 'siteurl'; 

    This one will update the Site Address URL (this is the home page of your site):

    UPDATE `wp_options` SET `option_value` = "https://www.yoursite.com" WHERE `wp_options`.`option_name` = 'home'; 

By

We've 11 Responses

  1. April 20th, 2017 at 5:42 am

    Great post Isabel and thanks for the advice on the GUID field.

    One other table I updated was the wp_term_taxonomy -> description column. This can contain category descriptions and html can be used so they can also contain hardcoded urls. I’ve added some sample code.

    UPDATE `wp_term_taxonomy` SET `description` = REPLACE(description, 'http://www.yoursite.com', 'https://www.yoursite.com') WHERE meta_value LIKE '%http://www.yoursite.com%';
    
    avatar
  2. February 13th, 2018 at 11:34 am

    Thank you, this was a real life saver. I wish WordPress wouldn’t hard code all the URL’s in the database, makes it a right pain to switch from http to https but your article came to the rescue 🙂

    avatar
    • March 12th, 2018 at 4:31 pm

      Hi,

      there’s currently a plugin for doing that:

      https://wordpress.org/plugins/wp-migrate-db/

      You can untick “Replace GUIDs” under “Advanced options” and that’s it.

      Anyway as far as I understand GUIDs doesn’t have to be changed to avoid feedreaders to display the same content to user’s reader again as it is fresh content. So it is not a big deal with small sites or sites that has never been live. Am I right?

      Cheers,

      avatar
  3. May 10th, 2018 at 11:41 am

    This was exactly what I was looking for! I tried it on my website and it worked perfect. No SQL errors 🙂
    Thank you Isabel!!!

    avatar

Questions and Comments are Welcome

Your email address will not be published. All comments will be moderated.

Please wrap code in "code" bracket tags like this:

[code]

YOUR CODE HERE 

[/code]