Wordpress SSL HTTPS

SSL (HTTPS) with WordPress

Security is important for the web. SSL is the current security standard to establish safe connections between a server and a browser (HTTPS) and it makes sure that all data sent between the browser and the server is kept private and secure. Apart from allowing for safe  internet browsing, SSL is also very important in other aspects, such as SEO. More and more search engines (like Google or Bing) favour in their search results pages that use a valid SSL certificate and penalize those that do not use one.

Most of the available services to get a valid SSL certificate are not free, but using Let’s Encrypt we can automatically, and without any cost, create and renew valid SSL certificates. I personally use this service and can only recommend it.

But let’s suppose that we already have our SSL certificate and that we’ve configured it on our web server, but WordPress still doesn’t seem to use it. For WordPress to make use of our certificate on the whole website and administration panel and secure the connections, we need to follow the following steps:

Update the WordPress address and site address.

To do so, login and open the administration panel. Go to Settings > General.

Wordpress URL

Here you change the URLs replacing HTTP for HTTPS.

Update the WP-Config.php file

Open the wp-config.php file to for editing. Search for a line that says “Stop Editing Here” and above that line paste the following two:

define('FORCE_SSL', true);
define('FORCE_SSL_ADMIN',true);

This configuration will force WordPress to use SSL (HTTPS) in all connections to the website and administration panel.

Force the URL to use HTTPS.

For this, open the .htaccess file for editing. There should be a default configuration for WordPress in there, and under the first line RewriteEngine On you paste the following two lines:

RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Once you save the file and upload it to the server, your website will be secure and use HTTPS correctly on all connections.

Plugin

I personally prefer to do these configurations manually as described above, but there are also some WordPress Plugins which allow to do all this for those who prefer not to edit any files. One very easy to use and that offers all features to configure SSL is Really Simple SSL.