Adding SSL to WordPress site

One of my clients required security for their Donation page. The site in question is hosted with Instructions may vary depending on host and site. I hadn’t done it before, so here it is for dummies:

  1. Get a certificate
  2. Once the certificate is installed: Make your WordPress site https. If the urls are greyed out in settings, then you will need ftp or Dreamweaver to make changes to your wp-config.php file which is in the root folder of your WordPress files.  Look for:

    Change http:// to https:// in both spots. Save file and replace the old one.

  3. Grab your .htaccess file from your site. Add the following code (to the top) to force the site to use https everywhere:
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    Save and reupload.

  4. At this point, the site should be showing https:// everywhere. But it is likely that you will need to replace some old urls from when you first did your WP site. Grab a plugin like Velvet Blues Update URLs, then do a search/replace for -> – check all boxes except bottom one. This should find most of the unsecure files and pages.
  5. At this point, maybe you are successful and you see a green lock or indication that the site is secure. If not, your first step is to plug your URL into Why No Padlock. It will search and report any unsecure files or pages. Here’s where you will need to be a detective to determine what plugins or unusual things your theme (or yourself making custom CSS or other tweaks) may have done to link to the old http.

This information comes from a few different sites and hopefully will help others in the future. There are some plugins which may help as well, but I wanted a solution which would allow me to easily fix any problems beyond WordPress.



No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.