Moving WordPress to SSL

Moving Wordpress to SSL

Here at MarcCreighton.co.uk and SocialMediaManager.ie we recently took the decision to move our WordPress based site to SSL. Moving WordPress to SSL is relatively easy. So how do you move your WordPress site to SSL?

Moving WordPress to SSL – Why you Should do it

What is SSL?

In simple terms, SSL is the process that encrypts the transfer of data from your PC or laptop to the server when you browse a website. It’s easy to spot, in the address bar of your browser you will see ‘https’.

Why do you need SSL?

  • Better SEO results – Google announced back in 2014 that they would give more weight to sites that run under https. These they deemed were ‘trusted’. Read the blog post
  • Secure transmission of data – As I eluded to before any information transmitted, either transparently or via a contact form, for instance, is protected during transmission.

What do you need to implement SSL?

  • A WordPress site that’s not hosted by wordpress.com
  • An SSL certificate – These are not more affordable than ever and not usually difficult to install. We buy all our SSL certificates from SSLStore.com.

Moving WordPress to SSL

The steps

You will have to have installed your SSL certificate on your hosting first. We won’t be covering those steps here.

  1. Login to your WordPress admin dashboard
  2. Navigate to ‘Setting’ > ‘General’
  3. In here change both the ‘WordPress address URL’ and the ‘site address URL’ to the https address. Remember to match the exact URL in your certificate ‘common name’ field. This maybe www.mydomain.com or mydomain.com
  4. Save the changes.

Wordpress ssl

WordPress HTTPS MixedContent

Mixed content is where some of the content on your page is https, and some are HTTP. Internet Explorer is more brutal than most when it identifies this content, up pops big warnings. You need to fix this. The easiest way to find the offending content is on WhyNoPadlock.com

Mixed content warning

 

Redirect HTTP requests to https automatically

When a person comes to your site via http://www.mysite.com, you automatically want to redirect requests to https://www.mysite.com. We need to do this without losing any search engine ‘credit’. This is done using a ‘301’ redirect.

WordPress HTTPS htaccess

Copy and paste the following code to the .htaccess file on the root of your website between # BEGIN WordPress and # END WordPress.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Now by making these changes, you should now be able to see your site on its https address. Is that it then, well no. There are a few ‘gotchas’ along the way.

Gotcha’s

There are some things to trip you up;

  1. If you use Twitter cards through the ‘Yoast’ plugin these may no longer validate correctly – Solution: Disable, then re-enable Twitter cards through the plugin
  2. Mixed content – This can be the most frustrating – Solution: See the section above on mixed content
  3. Cached content – If you use a caching plugin remember to clear the cache on your site after you have set things up.

With the obvious search engine benefits, we would suggest you move your WordPress site to SSL sooner than later. Let us know how you get on in the comments below.

Be the first to comment

Leave a Reply

Your email address will not be published.


*