There are several benefits when we enable SSL on our WordPress website. The main benefit is make your website and your visitors more secure. Meanwhile, it will also benefit your site SEO result. But how big the impact is, no one knows. Anyway, enabling SSL is better than nothing. If you are using WordPress to setup your website and it will be easy to use SSL. If you already have a website and you decide to switch your website from HTTP to HTTPS, there will be some extra jobs to do. Normally, you have to accomplish following task to switch your website from HTTP to HTTPS.
- Apply HTTPS certificate
- Enable HTTPS in your share hosting
- Setup WordPress Address (URL) and Site Address (URL)
- Redirect all HTTP traffic to HTTPS
- Update all
link in Database
What’s HTTPS
Normal people doesn’t know what’s HTTPS, even some programmers. Here I will not repeat this answer, as you can find lots of 100% right answers from internet. This is the HTTPS definition on Wikipedia. For webmaster, actually we don’t have to understand this definition. But we’d better to understand the HTTPS CA (Certificate Authority). There are 3 different types:
- DV Certificate
- OV Certificate
- EV Certificate
Domain validated certificate is the most common type of SSL certificate. CA will verify the domain name and owner email. Some CA will provide DV for free.
Organization validated certificate is used by corporations and governments. It will need CA to verify the actual business that is applying the certificate.
Extended validation certificate is the highest trust to visitors, which most big companies are using this certificate.
For more information, you can check the differences in details on ssl.com. After we know the difference, we can go through the next step, apply a HTTPS certificate.
Apply HTTPS Certificate
Basing on different needs, we can apply different type of SSL certificate. For personal websites or small websites, DV is the most suitable one and we can apply this for free. If we manage our website by CPanel, most of the hosting providers give a free option “Let’s Encrypt”. It is very easy to use and only take a very short time to get the certificate. About how to use “Let’s Encrypt”, you can check with your hosting providers for support.
Enable HTTPS in your share hosting
That’s very simple. Most of the hosting support “Let’s Encrypt”, and they can enable HTTPS automatically.
Enable HTTPS on WordPress
To enable the HTTPS on WordPress, just setup the WordPress Address (URL) and Site Address (URL) with https. For my website, I am setting the URL as “https://jmsliu.com/”.
Redirect all HTTP traffic to HTTPS
After you setup the WordPress URL, all links generated by WordPress will use HTTPS. But links out of the website, for example, the backlinks on other website. Those links are still using “http”. To make sure you can get benefits from those old backlinks, we can set up the .htaccess to redirect all http traffic to https. Here is the example .htaccess redirect rule:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This example is marked as working, but it doesn’t work for my site unfortunately. This is my .htaccess redirect clause:
# redirect all http to https
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Update all image source link in Database
After we changes the WordPress configuration, all links generated by WordPress will be automatically changed into HTTPS. But links of all images inserted in the articles is the exception. To do so, we can only fix it by updating the <img> tag src attribute value in database. When we are doing this, we can go to PHPMyAdmin and run following SQL code:
UPDATE wp_posts set post_content = REPLACE(post_content, 'http://jmsliu.com','https://jmsliu.com');
At this point, we can open our website in chrome or firefox to see if the green lock appears in the address bar.