Do you want to know How to Move WordPress from HTTP to HTTPS and Install SSL Certificate?
As a beginner who wish to move from HTTP to HTTPS and also install SSL Certificate on your website, then you need to follow this guide.
Years back Google announced that Chrome browser will start marking all websites without SSL as insecure. So if you don’t have SSL Certificate install on your website, Google will mark your website insecure for users.
What is HTTP and HTTPS
Contents
The communications protocol used to connect to Web servers on the Internet or on a local network (intranet) is what we call HTTP.
The primary function of HTTP is to establish a connection with the server and send HTML pages back to the user’s browser while Hypertext Transfer Protocol Secure is an extension of the Hypertext Transfer Protocol. It is used for secure communication over a computer network, and is widely used on the Internet.
In HTTPS, the communication protocol is encrypted using Transport Layer Security or, formerly, Secure Sockets Layer.
Difference between HTTP and HTTPS
HTTP URL in your browser’s address bar is http:// and the HTTPS URL is https://.
HTTP is unsecured while HTTPS is secured.
HTTP sends data over port 80 while HTTPS uses port 443.
HTTP operates at application layer, while HTTPS operates at transport layer.
No SSL certificates are required for HTTP, with HTTPS it is required that you have an SSL certificate and it is signed by a CA.
HTTP doesn’t require domain validation, where as HTTPS requires at least domain validation and certain certificates even require legal document validation.
No encryption in HTTP, with HTTPS the data is encrypted before sending.
Whst is SSL
SSL stands for Secure Sockets Layer and in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.
Advantages of SSL Encryption
High encryption levels of up to 256-bit to protect user’s sensitive information.
Provides strong encryption to protect the users’ information from phishing scams & attacks.
Protects websites from attack, reducing the risk of hacking, eavesdropping and man-in-the-middle attacks.
Can provide a positive influence in Google’s evaluation of your website.
Establishes a safe shopping experience, It’s necessary for websites accepting payments.
Proves your business authentication and increase your brand reputation by validating your Business from Trusted Certificate Authority (CA)
Displays Green Address Bar along with Organization Name (Only for EV SSL).
Enhance user’s trust & confidence while increasing your organization’s profits – Users trust the website with the ‘secure connection’ sign.
Why do you need HTTPS and SSL on your Website
An HTTPS connection facilitates more conversions while also boosting your Google rankings at the same time.
When it comes to the security of your website, an SSL certificate is one of the most important elements to consider.
HTTPS and SSL certificates essentially allow users to browse, buy products or services and share information in a secure manner.
Whether you have a simple blog or an Ecommerce website, an SSL Certificate and HTTPS are very essential.
Requirements for using HTTPS/SSL on a WordPress Site
The requirements for using SSL in WordPress is not very high. All you need to do is purchase an SSL certificate, and you might already have it for free.
Some hosting companies gives it for free for the first time you purchase a domain name some are;
If your hosting company does not offer a free SSL certificate, then you’ll need to purchase an SSL certificate.
Once you have purchased an SSL certificate, you will need to ask your hosting provider to install it for you.
How to Set up WordPress to Use SSL and HTTPs
There are different ways to set up your SSL and HTTPS on your website, either with plugins or manually. So we will show you how to set it up with the two ways.
Setup SSL/HTTPS in WordPress using Plugins
There are easier ways to enforce HTTPS use throughout your website.
this approach is much simpler, it also comes with some added risk.
If compatibility issues arise with another tool, your SSL plugin could stop working and your website won’t load over HTTPS until you fix the issue. That means you’ll want to choose your plugin carefully, but we recommend it for beginners.
First, you need to install and activate the Really Simple SSL plugin. For more details, see our step by step guide on how to install a WordPress plugin.
Upon activation, you need to visit Settings » SSL page. The plugin will automatically detect your SSL certificate and it will set up your WordPress site to use HTTPs.
You can also use WordPress SSL plugin option like WordPress HTTPS (SSL).
The plugins might say deactivate the plugin, please don’t because it might bring error or missed content if you do.
Setup SSL/HTTPS in WordPress Manually
This method requires you to troubleshoot issues manually and edit WordPress files. If you find this method difficult, then you can hire a WordPress developer or use the first method instead. You may need to edit WordPress theme and code files.
You need to visit Settings » General page. From here you need to update your WordPress and site URL address fields by replacing http with https. Remember to save it.
When you save it, WordPress automatically log you out so you need to login again.
After that, you need to set up WordPress redirects from HTTP to HTTPS by adding the following code to your .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>Following these steps, you will avoid the WordPress HTTPS not working error because WordPress will now load your entire website using https.
If you want to force SSL and HTTPS on your WordPress admin area or login pages, then you need to configure SSL in the wp-config.php file.
define('FORCE_SSL_ADMIN', true);Once you do this, your website is now fully setup to use SSL / HTTPS, but you will still encounter mixed content errors.
These errors are caused by sources (images, scripts, or stylesheets) that are still loading using the insecure HTTP protocol in the URLs. If that is the case, then you will not be able to see a secure padlock icon in your website’s address bar.
It used to be the case that WordPress SSL certificates were reserved for business websites, which dealt with a lot of sensitive information. These days, SSL certificates and HTTPS have become commonplace.
In fact, search engines such as Google encourage you to use them. Fortunately, as you’ve seen, implementing SSL and forcing your WordPress site to use HTTPS isn’t a difficult task.
If you have any issue on this, you can use our comment session or join our delegate on Facebook to solve any issues related to WordPress and subscribe to our YouTube Channel for WordPress video tutorials.