How to Add HTTPS and SSL in Your WordPress Website

Today we are here to demonstrate and show you steps to add HTTPS and SSL to your WordPress site. If you are planning to change your site from HTTP to HTTPS and secure it with SSL then yes you are at the right place.

If you don’t have any idea about the topic then don’t worry, we are going to give a brief introduction to them as well.

What is HTTPS and SSL?

Every day while are surfing the internet we share our personal information with a number of websites that may be either by simply signing in or making an online financial transaction.

In order to protect this important information, we need to have a secure connection. And here SSL and HTTPS come into action.

HTTPS is the adaptation of Hypertext Transport Protocol (HTTP), ‘S’ stands for secure therefore HTTPS is an encryption method that secures the connection between client and server.

And, SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in online communication.

Every site bears a unique SSL certificate for its identification in the network. And now if the site is pretending to be on HTTPS and if its certificate doesn’t match then most of the browsers will warn the user about it and ask if they want to continue.

Now, at this point, you might be confused is it really necessary for your site. Why would you ever need to move from HTTP to HTTPS and install an SSL certificate?

HTTPS and SSL, but  WHY?

HTTPS and SSL are necessary for you because:

  • If you are running an eCommerce site then you must have an SSL certificate to collect payments because most of the payment gateways will require you to have a secure connection through SSL.
  • It is going to improve your site’s SEO as Google has recently announced that they will be using HTTPS and SSL as a ranking signal in their search results.

Now there might be a question about these security features making your site slow, but don’t worry it is not making your site slow. Yes, there is the difference but it’s negligible, a fraction of seconds.

Preparing yourself for HTTPS and SSL.

You don’t need a huge setup to have your site secured with HTTPS and SSL. There are few WordPress hosting that provides free SSL with some plans. If your hosting is not providing it for free then they even offer you a third-party SSL certificate.

Or you can buy SSL from other providers and ask your web host to install it on your server.

How to Add HTTPS and SSL in your WordPress site?

If you want to add HTTPS to your site then first you have to update your site’s URL.

For this, you can go to Settings>>General Setting. Here all you have to do is add HTTPS in your site’s URL.

Yes, it’s done.  Now, let’s add SSL certification to your site. For this you need to set up WordPress SSL redirect from HTTP to HTTPS.

Just add the following code in your .htaccess file:


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.examplesite.com/$1 [R,L]
</IfModule>

You must have to replace www.examplesite.com with your site’s URL.

Users with nginx servers should add the following to redirect from HTTP to HTTPS:


server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}

By following these steps, you will avoid the WordPress HTTPS  error because all your site URL and content will be on SSL.

If you want to add SSL and HTTPS on your WordPress multi-site admin area or login pages, then you need to configure SSL in the wp-config.php file.

Simply add the following code above the “That’s all, stop editing!” line in your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

This wp-config.php SSL trick works for single sites as well as multi-sites.

How to add SSL and WordPress HTTPS on specific Pages.

Yes, you can do this. For, some reason if you want to add SSL and HTTPS on a particular page only then it can be done. For this purpose, you’ll need a WordPress HTTPS (SSL) plugin.

First, acquire install and activate the WordPress HTTPS (SSL) plugin.

Upon activation, the plugin will add a new menu item labeled HTTPS in your WordPress admin. You can click it to visit the plugin’s Settings page.

The first option of the settings page asks you to enter your SSL host. In most case, it is your domain name. However, if you are configuring the site on a subdomain and the SSL certificate you got is your main domain name, then you will enter the root domain. If you are using a shared SSL certificate provided by your web host, then you will need to enter the host information they provided instead of your domain name.

In some cases, if you are using a non-traditional SSL host and need to use a different port, then you can add it in the port field.

Force SSL Administration setting forces WordPress to use HTTPs on all admin area pages. You need to check this box to make sure that all traffic to your WordPress admin area is secure.

The next option is to use Force SSL Exclusively. Checking this box will only use SSL on pages where you have checked the Force SSL option. All other traffic will go to the normal HTTP URL.

This works if you only want to use SSL on specific pages like the shopping cart, checkout, user account pages, etc.

Click on the save changes button to store your plugin settings.

If you want to use HTTPS just for specific pages, then you need to edit those pages and check the Force SSL checkbox.

Once done, visit your page to ensure that you have all the green lights in Chrome and other browsers.

That’s it. You have completed all the processes required for setting up SSL and HTTPS on your WordPress site.