Implementing SSL in WordPress

• July 5, 2016
• Leave a comment

Whether you are shopping online or logging into a secured account, sharing personal information is something you do on a daily basis on multiple websites. To protect this sensitive information, you need a secure connection. This is where SSL (HTTPS or Secure HTTP) plays its part; it is an encryption method that transfers data securely between a web browser and server or vice versa.

Consider this – you need to receive payments online while developing an e-store. This website will eventually require your potential customers to fill-in their personal as well as confidential credit card details. To protect their sensitive information and to protect you from liability, the connection needs to be secure. Similarly, most of the payment gateways like PayPal, Authorize.Net, Stripe, etc. require SSL for their e-stores, in order to send and/or receive information about the customer.

To begin you’ll need to purchase SSL certificate. Once the SSL certificate is purchased and successfully installed on the web host, you can follow the steps mentioned below to configure WordPress over SSL:

Enforce All Pages to HTTPS

You need to enforce all web pages to HTTPS. This can be done by modifying the WordPress Address (URL) and Site Address (URL) settings under the General tab found in Dashboard Settings. Just change the URL from http://www.example.com/ to https://www.example.com/.

Enforce Secure Login and Admin

To secure logins as well as the entire WordPress admin area, you need to setup two constants in your wp-config.php file, right before WP_DEBUG constant. The two constants will be defined as:

Redirect HTTP Requests to HTTPS

Make sure that your site is working fine on HTTPS. For this, redirect all HTTP requests to HTTPS using .HTACCESS to make the site consistent. The set of HTACCESS rules/statements to redirect all HTTP requests to HTTPS are as follows:

Fixing Mixed Content Issue

One of the most common issues during this process faced is the mixed content error, which means that the HTTPS page is loading content through HTTPS links. There are several ways you can detect this content:

1. Via padlock that shows a yellow triangle above the lock in browser’s address bar
2. By viewing page source and finding the ‘http: with single quotes and “http: with double quotes

The root cause of this error sometimes stems from the fact that web pages are loading assets like scripts, styles and/or images through HTTP. This can be fixed using following steps:

1. Replace all http://www.example.com links in the database to https://www.example.com. This can be done using several tools like Search Replace DB as you need to ensure that the data serialization (which is a key for many WordPress options) is not get affected. Please remember to back up your files before updating the database.
2. An SSL Insecure Content Fixer plugin can also be used to ensure none of the content is be loaded via HTTP.