Table of Contents
Table of Contents
HTTP stands for Hypertext Transfer Protocol, but when it comes to securing your WordPress website, HTTPS (Hypertext Transfer Protocol Secure) is the preferred choice. Unlike HTTP, which transmits data unencrypted and leaves your site vulnerable, HTTPS ensures a secure, encrypted connection.
Encryption transforms data into codes that are not easily understood by humans. HTTPS uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) to establish a secure connection between your browser and the server. Here’s how it works:
This encryption process ensures that data remains private, the server is authenticated, and information is not tampered with during transfer. Since 2014, Google has used HTTPS as a ranking factor, highlighting its importance for SEO.
HTTPS not only provides a security layer by encrypting HTTP traffic but also significantly reduces the risk of data breaches and hacking attempts. To enable HTTPS, you need an SSL/TLS certificate, which verifies your website’s identity and establishes a secure link between the server and the browser.
Switching to HTTPS enhances both your site’s security and its SEO performance, making it a critical step for any WordPress site.
Whenever you are trying something new on the website then for security purposes it is better to take the back up of the content. If something goes wrong then you have the second copy which can save you.
Buy a SSL certificate from your web host. Generally the host gives the option to the website owner to convert their HTTP website into HTTPS. The name of the option given in cPanel is Let’s Encrypt. which don’t have this option then, they can use Certbot. You just select the web server and operating system.
Open your site’s wp-config.php in the root folder and add the following lines.
define(‘FORCE_SSL_ADMIN’, true);
When you update the file then open the wordpress dashboard to check everything is going well.
To fix issues with your SSL certificate, ensure all content on your WordPress site uses HTTPS instead of HTTP. Google shows the “connection is private BUT” warning if your site still includes images or media linked with HTTP. Update these links to HTTPS.
You don’t have to do this manually. Install and activate the “Really Simple SSL” plugin. After activation, you’ll see a popup. Click “Go ahead, activate SSL!” You might be signed out of your dashboard due to the URL change, but simply sign in again with your usual credentials.
To confirm all SSL settings are updated, go to `Settings >> SSL`. You should see green check marks indicating everything is properly configured.
If you see mixed content warnings, it means some internal links still use HTTP instead of HTTPS. To fix this, find and update all internal links to use HTTPS. You can install the “Better Search Replace” plugin to help with this.
This will update all internal links to HTTPS and help resolve mixed content warnings.
In Ubuntu, the .htaccess file is typically located in the root directory of your WordPress installation. Find your .htaccess file and add the following code to your .htaccess file.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
To redirect from HTTP to HTTPS in Nginx, you can add a few lines to your site configuration file in nginx. The exact location of this file can vary depending on your Nginx setup and how it was installed. Here are the typical locations:
Add the following code to your Nginx configuration
server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
Replace example.com with your domain name. And test the configuration to ensure there are no syntax errors.
sudo nginx -t
If the syntax is fine, restart the Nginx service using the following commands:
sudo systemctl reload nginx
Using the Better Search Replace Plugin:
This will help ensure all your internal links use HTTPS, and the redirects will ensure users are always directed to the secure version of your site.