Make the transition of an existing UBB.threads forum from http to https.

Summary
1) Obtain a valid security certificate from your webhost or a reputable third-party seller. I've purchased many "PositiveSSL" certs from SSLs.com.
2) Install it using SHA-2 and make sure it is configured properly.
3) Update ALL your URLs in the Control Panel or manually in your config.ini file. This includes the Homepage URLs, Contact pages, Referer Check, any forum headers/footers, etc.
4) Run a SQL query on your posts, private messages, user avatars, profile comments tables to replace "http://www.YOURDOMAIN.COM" with "https://www.YOURDOMAIN.COM"
5) Set up HTTP to HTTPS 301 redirects in your .htaccess file to forward from http:// to https://
6) Update all external plugins to ensure they are HTTPS compliant (sharaholic, twitter, facebook, youtube, ubb custom-tags, and, if your website contains non-UBB.threads content, all those internal site links - trust me you won't find them all in a single pass)
7) Test your website.
BONUS: Update your URLs in google/bing webmaster tools. Update any ads placed on your website, such as Google Adsense. Update any website analytics code.


** MAKE A BACKUP BEFORE YOU BEGIN **


The SQL
** BE VERY CAREFUL OF "POST_DEFAULT_BODY" and "POST_BODY" USAGE - DO NOT INTERCHANGE THEM
• POST_DEFAULT_BODY - [BBcode] This is the original post. CONTENT REBUILDER > REBUILD POSTS takes this and converts it to POST_BODY [HTML]
• POST_BODY - [HTML] This is shown to the user. it is generated from POST_DEFAULT_BODY

To update your POSTS:
* ubbt_POSTS - POST_DEFAULT_BODY
Code
UPDATE ubbt_POSTS
SET POST_DEFAULT_BODY = replace(POST_DEFAULT_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');

* ubbt_POSTS - POST_BODY
Code
UPDATE ubbt_POSTS
SET POST_BODY = replace(POST_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');


To update your PRIVATE MESSAGES:
* ubbt_PRIVATE_MESSAGE_POSTS - POST_DEFAULT_BODY
Code
UPDATE ubbt_PRIVATE_MESSAGE_POSTS
SET POST_DEFAULT_BODY = replace(POST_DEFAULT_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');

* ubbt_PRIVATE_MESSAGE_POSTS - POST_BODY
Code
UPDATE ubbt_PRIVATE_MESSAGE_POSTS
SET POST_BODY = replace(POST_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');


To update your USER AVATARS and PROFILE COMMENTS:
* ubbt_USER_PROFILE - USER_AVATAR
Code
UPDATE ubbt_USER_PROFILE
SET USER_AVATAR = replace(USER_AVATAR, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');

* ubbt_PROFILE_COMMENTS - COMMENT_BODY
Code
UPDATE ubbt_PROFILE_COMMENTS
SET COMMENT_BODY = replace(COMMENT_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');


To update your USER SIGNATURES:
* ubbt_USER_PROFILE - USER_DEFAULT_SIGNATURE
Code
UPDATE ubbt_USER_PROFILE
SET USER_DEFAULT_SIGNATURE = replace(USER_DEFAULT_SIGNATURE, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');

* ubbt_USER_PROFILE - USER_SIGNATURE
Code
UPDATE ubbt_USER_PROFILE
SET USER_SIGNATURE= replace(USER_SIGNATURE, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');



HTTP to HTTPS 301 Redirects For Your .htaccess File
Code
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]




Notes and Further Reading
Full URLs (http:// and https://) vs relative URLs (//):
If you want to correctly FULLY go SSL, use the full protocol name of "http://www.YOURDOMAIN.COM" instead of just "//www.YOURDOMAIN.COM"
The reason to use just double slashes instead of the HTTPS protocol declaration, is if you intend to have your secure urls (https) distribute different content than your open urls (http), since both are seen as separate urls on search engines.

If you are switching to HTTPS, it is advised to fully replace all your http protocol references with https, and forward all calls from http to https. Do not allow the browser/end-user to choose http by leaving your protocol blank with an open "//" url.

If the asset you need is available on SSL, then always use the https:// asset:
http://stackoverflow.com/questions/4831741/can-i-change-all-my-http-links-to-just/27999789#27999789

Why omitting the protocol scheme might not be a good idea:
http://stackoverflow.com/questions/4831741/can-i-change-all-my-http-links-to-just/37654145#37654145

Sometimes IE7 and IE8 do not correctly handle "//" assets. They look at this as being a file transfer, and will attempt to download the page through a download window. Even though the "//" asset is a spec from 1996/1998
https://www.paulirish.com/2010/the-protocol-relative-url/

Google deprecates protocol relative URLs in place of full protocol URLs for the html5 spec:
https://github.com/h5bp/html5-boilerplate/pull/1694/commits/045a1676c4c8cf4bdd23374b5b049507101f5043

Additional discussions:
http://stackoverflow.com/questions/...h-in-a-script-src-http/37609402#37609402


Google SEO HTTPS Migration Checklist (for the ad and SEO focused)
Source: Search Engine Roundtable
• Update all your ad code to support HTTPS
• Ensure your analytics will work on the new HTTPS URLs
• Update your site search (if not using the inbuilt UBB.threads search methods) to support HTTPS and discover new URLs sooner
• Create and submit your new HTTPS XML sitemaps
• Review the Google site move article
• Verify the new HTTPS site with Google Webmaster Tools and track indexation, crawling, search queries, etc.


Final Steps
• Test your site using the Qualys Lab tool
• Followup by searching for, and reading additional articles on "http to https site moves," to know what to expect

and...

[Linked Image]

Attached Files HTTPS SEO Checklist.jpg
Last edited by isaac; 02/11/18 04:30 AM. Reason: added sql for user signatures

isaac @ id242.com // forum @ CelicaHobby.com
a current developer of UBB.threads php forum software // 7.6.2 Changelog