Enigma Digital

Menu

How to install SSL on a WordPress site

Posted by Maeve, 22 Jun, 2016 | 3 Comments »

Step 1 – Purchase and install an SSL certificate

Unless you’re a pro and know what you’re doing then save yourself some pain and get your web host to do this for you! A standard SSL certificate for an average business or personal website should price in the ballpark of $150 to $250 AUD. If your webhost won’t help you or charges like a wounded bull for the service then it’s time to change hosts!

Step 2 – Configure WordPress for HTTPS

There are a few things you need to configure yourself now, even if your host installed the certificate for you.

  1. Login to WordPress > Settings > and change your Site URL and Home URL to use https://
    add-s-https
  2. Now set a redirect from HTTP to HTTPS in your htaccess file. Add this code:
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]

    Don’t forget to replace yoursite.com with your own domain and make sure that you enter in the correct server port if yours isn’t 80.
    If your htaccess file already has stuff in it place this code above everything else (with htaccess, the order matters – this code needs to be up first).
  3. Next we need to adjust the wp-config file. Add this code:
    define('FORCE_SSL_ADMIN', true);
    A good place would be at the end before the /* That's all, stop editing! Happy blogging. */ line.
  4. Finally, I like to run a search and replace script to catch any rogue instances of http:// and change them to https:// This fixes any “mixed content warnings”.

When you’ve completed all the steps above test every page of your site and make sure it shows a green https:// in the URL bar. If it doesn’t on any given page there is something wrong. Check the error console to troubleshoot further.

Notes

  • For step 4 – the search and replace – an alternative is to use a plugin like SSL Insecure Content Fixer. I tested the plugin and it worked perfectly. I just personally prefer not to use a plugin if there’s a more streamlined way of handling it. Plugins work by executing code – more code executing = slower load time. It also means more to go wrong and can confuse the client or site owner or yourself later!
  • If you see any mixed content warnings on specific pages then check your error console where you should be able to see exactly what is causing the error. Mixed content means something is trying to load over http:// instead of https:// If you followed the article steps correctly then this is quite likely to be an external file being called from your theme eg Google Fonts, or some JS. Usually easily fixed by manually adding the ‘s’.
  • If you use Cloudflare make sure you enable the Full SSL (Strict) setting.  I also advise installing the official Cloudflare plugin and configuring it with your details. The very last option (Protocol Rewriting) should be switched OFF seeing as that is for use with their Flexible SSL option not SSL certificates issues by a proper signing authority (although having it ON should do no harm if everything else is set up right). There is also no need to set up any Page Rule Redirect on the Cloudflare side because we are already doing that via htaccess (step 2 above) and we don’t want to confuse it with different instructions (redirect loop).
  • Further to the previous point, if you’re thinking of using Cloudflare’s free SSL certificate instead of a properly signed certificate then the setup instructions are completely different to the above article. 😉 So don’t follow the article above at all, go back to square one and read this fabulous guide instead.

Maeve

Maeve is an experienced UI designer and front end developer here at Enigma Digital. Aside from designing websites, Maeve develops plugins, speaks at WordPress events, and co-organizes the Perth WordPress Meetup group. She’s also an intrepid rock climber and demon trumpet player!

3 Responses to “How to install SSL on a WordPress site”

  1. Pete says:

    Great post Maeve, I’m really keen to try my first http – https conversion but i’m a little “scared”.

    • Maeve says:

      Cool, glad you found it helpful Pete. Of course the net is flooded with information about SSL and WordPress but I wanted to note the exact steps with no extraneous explanation or background info complicating things. Let me know how you go! Shout out if you need help.

  2. MSVCP140 says:

    🙂 OK !

Leave a Comment

Work with us.

Want to have a chat about your next big project?

We would love to hear from you!