How to force HTTP(Ssl) On Your Website

kmaradmin

The Guru
Staff member
Oct 21, 2018
14
11
14
united kingdom
remix-inc.com
#1
What is HTTPS?
HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.
Every day we share our personal information with different websites whether it’s making a purchase or simply logging in.
In order to protect the data transfer, a secure connection needs to be created.
That’s when SSL and HTTPS come in.
Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and its certificate doesn’t match, then most modern browsers will warn the user from connecting to the website.

Now you are probably wondering, why do I need to move my WordPress site from HTTP to HTTPS specially if it’s a simple blog or small business websitethat doesn’t collect any payments.
Why do you need HTTPS and SSL?
Last year Google announced a plan to improve overall web security by encouraging website owners to make the switch from HTTP to HTTPS. As part of this plan, their popular Chrome web browser would mark all websites without a SSL certificate as “Not Secure” starting July 2018.

As part of the announcement, Google also said that websites with SSL will also see SEO benefits and higher rankings. Since last year, a large number of websites have switched from HTTP to HTTPS.
Google has been slowly rolling out the “Not Secure” warning in Chrome. For example, if someone visits a HTTP website using the incognito window, it will be marked as Not Secure. If someone visits a HTTP website on regular mode and tries to fill out a contact form or another form, then the website will be marked as insecure.
When your readers and customers see this notice, it gives them a bad impression for your business.
This is why all websites need to move form HTTP to HTTPS and install SSL immediately.
Not to mention, if you want to accept payments online on your eCommerce website, then you need SSL.
Most payment companies like Stripe, PayPal Pro, Authorize.net, etc will require you to have a secure connection before accepting payments.
We use SSL for our websites including WPBeginner, OptinMonster, WPForms, and MonsterInsights.

Requirements for using HTTPS/SSL on a WordPress Site

The requirements for using SSL in WordPress is not very high. All you need to do is purchase an SSL certificate, But we offer free and automatic Ssl Certificates to all our customers

Setting up WordPress to Use SSL and HTTPs
After you have enabled SSL certificate on your domain name, you will need to set up WordPress to use SSL and HTTPs protocols on your website.
We will show you two methods to do that, and you can choose one that best fits your need.

Method 1: Setup SSL/HTTPS in WordPress Using a Plugin
This method is easier and is recommended for beginners.
First, you need to install and activate the Really Simple SSL plugin. For more details, see our step by step guide on how to install a WordPress plugin.
Upon activation, you need to visit Settings » SSL page. The plugin will automatically detect your SSL certificate, and it will set up your WordPress site to use HTTPs.

The plugin will take care of everything including the mixed content errors. Here’s what the plugin does behind the scenes:
  • Check SSL certificate
  • Set WordPress to use https in URLs
  • Set up redirects from HTTP to HTTPs
  • Look for URLs in your content still loading from insecure HTTP sources and attempt to fix them.
Note: The plugin attempts to fix mixed content errors by using output buffering technique. It can have a negative performance impact because it’s replacing content on the site as the page is being loaded. This impact is only seen on first-page load, and it should be minimal if you are using a caching plugin.
While the plugin says you can keep SSL and safely deactivate the plugin, it’s not 100% true. You will have to leave the plugin active at all times because deactivating the plugin will bring back mixed content errors.
Method 2: Setup SSL/HTTPS in WordPress Manually
This method requires you to troubleshoot issues manually and edit WordPress files. However this is a permanent and more performance optimized solution. This is what we’re using on WPBeginner.
If you find this method difficult, then you can hire a WordPress developer or use the first method instead.
As part of this method, you may need to edit WordPress theme and code files. If you haven’t done this before, then see our guide on how to copy and paste code snippets in WordPress.
First, you need to visit Settings » General page. From here you need to update your WordPress and site URL address fields by replacing http with https.

Don’t forget to click on the ‘Save changes’ button to store your settings.
Once the settings are saved, WordPress will log you out, and you will be asked to re-login.
Next, you need to set up WordPress redirects from HTTP to HTTPS by adding the following code to your .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
 
Click here to login using your socials account