How to make your WordPress website HTTPS://

Keeping your website safe

It’s now become recognised that all websites – not just ones that take payments – should have a SSL or security certificate installed. This will help you protect your customers data.

As wordpress is fast becoming the MOST used content managed system out there I thought that I would share how you make your WordPress website switch from http:// to https://

Please note this is a technical how to and should only be completed by someone that understands FTP and some coding

Make sure that you have a working SSL Security certificate set up and working (test your own site by going to https://yoursite.co.uk/ and making sure that the certificate is working and valid – don’t worry about errors for now)

Take a backup of the wordpress MySQL database

Login to your WordPress dashboard and go to Settings > General

Ensure that the WordPress Address (URL) and Site Address (URL) are https. If not, add S after http to make https and save it.

Click Save Changes – this will cause the site to ask that you log in again

Connect via FTP to your website server and download 2 files and take a backup of them
.htaccess and wp-config.php

Add the line below to your wp-config.php file

define('FORCE_SSL_ADMIN', true);

Save file

Edit the .htaccess file and add this at the start – this sets up a permanent 301 redirect

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
</IfModule>

Don’t forget to change the www.yoursite.com to your own domain name

Save file

Upload the new .htaccess and wp-config.php files to the server

Then you need to make sure that all links within WordPress itself have been updated – the simplest way that I have found to do this is to use Velvet Blues plugin, install the plugin as you would normally and follow the instructions on updating all the links.

Once completed your site should automatically display https:// and all links to match.

If you see the SSL is working but you have restricted content, this is usually because there has been some hard coded links or images files that also need updating. This is most often found in the widgets section and also your stylesheet CSS files. Some slider plugins I have found you nede to remove and reinsert the images too.

The best way I have found is to VIEW SOURCE on your page and then search for HTTP:// this will show all links or images that are showing HTTP:// you only need to change internal links or internal image links.

Don’t forget to check your stylesheet to though!!

Once the green/gold padlock is showing your site is now secure – well done!

If you have Google Analytics, Google Places or Google Adwords or any other analytical statistics in pace these will need to be updated to point to the HTTPS:// version of your website – this I will explain in future blogs.

Good luck!

and if you need help – call me – I can do this service for you