SSL2BUY Wiki
News, Information and Resources about SSL Certificates
Comodo
Sectigo
AlphaSSL
RapidSSL
GeoTrust
Thawte
GlobalSign
DigiCert
Symantec
Authorized Reseller

How to Enable HTTPS / SSL for WordPress?

SSL Encryption has become a question of talk of the town as many giant corporate and social media companies have mulled over its urgency in the online world. Today, most businesses are moving their presence over the secure web whether it is an e-commerce website, banking or any blogger; everyone wants peace of their customers or visitors. A minor negligence on the part of business causes huge mayhem in business continuity.

Stepping into the world, WordPress – an open source CMS (content management system) has also announced to make its millions of website secure with HTTPS. In this short piece of information, we will be aware of how to use SSL and enable HTTPS on WordPress hosted site. Before going further, it is quite good to know about SSL certificate and its need.

Do I need an SSL certificate for WordPress?

Yes, WordPress recommends to use SSL certificate for web security. Users share their personal details with websites for login, purchase or subscribe. In this case, the data travels between the user’s PC to website remain in plain text, which could be intercepted by any third party or hacker. To avoid this situation, SSL (HTTPS) comes into the ground and encodes the ongoing information with strong encryption that will impossible for anyone to sniff the data. While browsing the website, if you see that there is a URL starts from HTTPS instead of HTTP then it is a secured website with SSL certificate and is safe for online transactions.

Why Move WordPress from HTTP to HTTPS?

SSL secures the information and it is one of the most significant requirements in today’s online world. Besides, Google has also announced that websites those have SSL enabled would likely to take advantage of higher ranking in Google search engine. It means the website will have security as well as help your website’s SEO.

Even if you are running content-based blog, there may be chances that you can be a victim of hacking. Suppose, you have widely known blog with the huge community of regular contributors and readers then any suspicious behavior on your blogging site could alter the article content, redirect to an unauthorized site, inject malware that damages blog impression in front of your readers.

By enforcing HTTPS, you’re providing a guarantee to the web users that the information is passed securely between the server and client and no one can be intercepted in any way.

Where to Buy an SSL certificate?

It is essential to get an SSL certificate for your WordPress site. You have two options to purchase the certificate,

  1. Certificate authority.
  2. Authorized resellers.

It is worthwhile to obtain an SSL certificate from authorized resellers instead of a certificate authority. We are authorized reseller of leading certificate authorities like DigiCert, Comodo, GlobalSign, GeoTrust, Thawte, RapidSSL and AlphaSSL and our all SSL certificates are same as CA certificates. We are emerging with small profit margin and passed heavy discount to our existing and potential customers.

How to Set up WordPress to Use SSL?

If you are on WordPress site and want to enable HTTPS everywhere on your website. You can do this by just making a simple edition in WordPress setting.

Go to Settings>>General>> Use “https” instead of “http” to WordPress Address URLs and Site Address URL and save it. It will ensure that all content of a web page will be served over HTTPS.

How to Redirect HTTP to HTTPS WordPress without Plugin

A website works on both protocols HTTP and HTTPS can be harmful and web users can face warning message. Always-On SSL is an ideal option that enables HTTPS over entire website.

To force HTTPS for your WordPress site, you need to set up a 301 redirection that your website visitors will be automatically moved to HTTPS secure site instead of HTTP.

You can redirect traffic from HTTP HTTPS using .htaccess file, just add the following code and replace “yoursite.com” with your active domain name.

# Force HTTPS
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.domainname.com%{REQUEST_URI} [L,R=301]
</IfModule>

Once you enabled HTTPS everywhere, you should use “Why No Padlock” tool to identify insecure elements to avoid mixed content warning message. It will help you to detect insecure elements over the web like images, JavaScript, CSS.

Important Tips to Move on HTTPS

Site Back-up:

It is recommended to take a backup before applying SSL on your WordPress site that will prevent you from losing data if something goes wrong.

Serve Static Content via SSL Enabled CDN:

You can secure your CDN with HTTPS as it is a different server and URL and it should be on SSL as well. Once you have set up SSL for CDN, all static content will be served via SSL enabled CDN.

Reputed Web Host

It is advisable to take managed hosting service from a well-known provider. They can help you to detect server related errors and resolve it.

https for wordpress

About the Author

Nikita Gupta

Nikita Gupta is a seasoned professional with a master's degree in Computer Applications. She brings over 10 years of profound experience to the realm of technology. Her exceptional expertise spans software security, data security, and mastery in SSL/TLS. When it comes to cutting-edge solutions for securing digital assets, Nikita is a dedicated pro.