In this tutorial, we will show you how to add SSL and HTTPS in WordPress.
Don’t worry, if you have no idea what SSL or HTTPS is. We’re going to explain that as well.
What is HTTPS and SSL?
Every day we share our personal information with different websites whether it’s making a purchase or simply logging in.
In order to protect the data transfer, a secure connection needs to be created.
That’s when SSL and HTTPS come in.
HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.
Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and it’s certificate doesn’t match, then most modern browsers will warn the user from connecting to the site.
Now you are probably wondering, why would you ever need to move from HTTP to HTTPS and install a SSL certificate?
Why do you need HTTPS and SSL?
If you are running an eCommerce website, then you absolutely need a SSL certificate specially if you are collecting payment information.
Most payment providers like Stripe, PayPal Pro, Authorize.net, etc will require you to have a secure connection using SSL.
Recently, Google also announced that they will be using HTTPS and SSL as a ranking signal in their search results. This means that using HTTPS and SSL will help improve your site’s SEO.
We already use SSL for our eCommerce sites like OptinMonster, Soliloquy, and Envira Gallery. We will also switch all content sites to SSL as well. We just added SSL for Syed Balkhi’s blog (our founder).
We’re often asked wouldn’t SSL and HTTPS slow down my WordPress website? In reality, the difference in speed is negligible, so you should not worry about that.
Requirements for using HTTPS/SSL on a WordPress Site
The requirements for using SSL in WordPress is not very high. All you need to do is purchase a SSL certificate.
Some WordPress hosting providers offer free SSL with their plans. Siteground, one of our favorite providers, offer a one year free SSL certificate with their “grow big” plan).
If your hosting provider does not offer a free SSL certificate, then you can ask them if they sell third party SSL Certificates. Most hosting providers like Bluehost sell them around $50-$200.
You can also buy SSL from providers like Godaddy.
Once you have purchased a SSL Certificate, you would need to ask your web hosting provider to install it on your server.
This is a fairly straight forward process.
How to Setup WordPress to Use SSL and HTTPS
If you are starting a new site and/or want to use HTTPS everywhere on your site, then you need to update your site URL.
You can do this by going to Settings » General and updating your WordPress and site URL address fields.
Now if you’re adding SSL to your existing site, then you need to setup WordPress SSL redirect from HTTP to HTTPS.
You can do this by adding the following code in your .htaccess file:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
Don’t forget to replace yoursite.com with your site URL.
If you are on nginx servers (most users are not), you would add the following to redirect from HTTP to HTTPS:
server { listen 80; server_name yoursite.com www.yoursite.com; return 301 https://yoursite.com$request_uri; }
By following these steps, you will avoid the WordPress HTTPS not working error because all your site URL and content will be on SSL.
If you want to add SSL and HTTPS on your WordPress multi-site admin area or login pages, then you need to configure SSL in wp-config.php file.
Simply add the following code above the “That’s all, stop editing!” line in your wp-config.php file:
define('FORCE_SSL_ADMIN', true);
This wp-config.php SSL trick works for single sites as well as multi-sites.
Setup SSL and WordPress HTTPS on Exclusive Pages
Now if for some reason, you only want to add HTTPS and SSL on specific pages of your site, then you would need the plugin called WordPress HTTPS (SSL).
First thing you need to do is install and activate the WordPress HTTPS (SSL) plugin.
Please note that this plugin hasn’t been updated for a while, but it works fine and is safe to use. See our guide on installing plugins not tested with your WordPress version for more information.
Upon activation the plugin will add a new menu item labeled HTTPS in your WordPress admin. You can click it to visit the plugin’s settings page.
The first option of the settings page asks you to enter your SSL host. Mostly it is your domain name. However, if you are configuring the site on a subdomain and the SSL certificate you got is for your main domain name, then you will enter the root domain. If your using a shared SSL certificate provided by your web host, then you will need to enter the host information they provided instead of your domain name.
In some cases if you are using a non-traditional SSL host and need to use a different port, then you can add it in the port field.
Force SSL Administration setting forces WordPress to use HTTPs on all admin area pages. You need to check this box to make sure that all traffic to your WordPress admin area is secure.
The next option is to use Force SSL Exclusively. Checking this box will only use SSL on pages where you have checked the Force SSL option. All other traffic will go to the normal HTTP url.
This works if you only want to use SSL on specific pages like shopping cart, checkout, user account pages, etc.
Click on the save changes button to store your plugin settings.
If you want to use HTTPS just for specific pages, then you need to edit those pages and check the Force SSL checkbox.
Once done, visit your page to ensure that you have all green light in Chrome and other browsers.
That’s all, we hope this tutorial helped you add HTTPS and SSL in WordPress.