HTTPS is a transfer protocol that offers a secure connection between the user and the server. Whether you’re processing transactions online, simply wish to add an extra layer of security to your site; this article shows how to easily add HTTPS support to a WordPress website.
1. Attain a SSL certificate from your web host
The first thing to do is to get in touch with your hosting company and ask them to install a SSL certificate on your account. Some hosts will ask you to pay an annual fee for it, with prices generally ranging from $25 to $150 a year.
OnePoint offer free SSL certificates with all web hosting plans and can assist you with the whole process of going secure. Other web hosts such as SiteGround and WPEngine also offer free SSL certificates with web hosting.
2. Update WordPress URL
Once your host has added SSL on your web host account, your website should be accessed through the URL https://yourwebsite.com. If you can access your site through this address, it’s time for you to start setting up WordPress for HTTPS.
The first step involves you updating the WordPress Address and Site Address. Simply log into your WordPress dashboard and visit the Settings > General section.
3. Force SSL admin in wpconfig.php
Use your FTP client to edit the wp-config.php file, located at the root of your WordPress install. Add the following line of code and save the file:
define('FORCE_SSL_ADMIN', true);This rule enables and enforces WordPress administration over SSL, adding extra security to your WordPress dashboard.
4. Redirect HTTP to HTTPS
At this stage, HTTPS is already working on your website. But there are a few things left to do. The first one is to redirect the http traffic to https.
Over the years, many websites have linked to your site using http://, so there are gonna be a lot of people still accessing the http version of your site.
So what you have to do is to redirect all the traffic to the secure, https site. To do this, edit the .htaccess file, located at the root of your WordPress install. Open the file and add the following in between the <IfModule mod_rewrite.c> tag:
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Please note that .htaccess redirects can be a bit tricky, and sometimes will work perfectly on one host and not on another.
If the code above doesn’t function properly, simply revert the changes and get in touch with your hosting provider support. They’ll be happy to provide you the correct .htaccess redirect that works on their servers.
5. Update all URL records from HTTP to HTTPS
Since we now have HTTPS properly set up, and the HTTP traffic is automatically redirected to the HTTPS site, there’s one more thing to do before we finish. We need to replace all HTTP links on your site to their HTTPS equivalent. This is done in two distinct parts:
Update hard-coded links in theme files
Let’s start with your theme. If you’re using a WordPress theme that has hardcoded links in the the theme files, these links will need to be changed from http to https. Generally these links can be found in the header.php and footer.php files.
Update HTTP to HTTPS in the database
The final step is to run a few SQL queries in the database to update all URLs that associate with the post_content, post_meta and post_guid tables.
There are several ways to run SQL queries. Most of you probably have a CPanel installed on your server. To access phpMyAdmin from CPanel, simply log into cPanel and click the phpMyAdmin icon in the Databases section.
Make sure to backup your database, in case something goes wrong. Once done, run the following two queries:
UPDATE wp_posts SET guid = REPLACE (guid, 'http://yoursite.com', 'https://yoursite.com'); UPDATE wp_posts SET post_content = REPLACE (post_content, 'http://yoursite.com', 'https://yoursite.com'); UPDATE wp_postmeta SET meta_value = REPLACE (meta_value, 'http://yoursite.com','https://yoursite.com');
The queries listed above will update all your internal links from HTTP to HTTPS. Now, your WordPress site is fully SSL compliant and you should see a green padlock in your address bar, showing your visitors that your site is fully secure.
If you need help making your website secure, feel free to contact OnePoint Software Solutions.
