If you’re using WordPress and you haven’t enabled HTTPS yet there’s a few steps you should follow. Google issued a final warning for any websites not using HTTPS by October 2018 stating that it will display a warning for visitors. There’s really no better time to make the switch to HTTPS. Your search rankings will likely be affected and if you’re running WooCommerce then you definitely need SSL.
There’s many ways you can secure your website. HTTPS or SSL is a secure method of encrypting data that is transmitted between your computer and your website’s web server (or the website you are visiting). There’s several different types of SSL certificate available, make sure to choose the one that’s right for your website.
Here Are The Steps:
- Purchase and install an SSL certificate
- Update your site URL
- Force HTTPS throughout the site
- Resolve any insecure elements on your pages
- Update Google Webmaster Tools and Google Analytics
There are several options for SSL Certificates. The first option you should consider is Let’sEncrypt which is a free SSL Certificate that is easily installable via CPanel. This SSL Certificate won’t work with all internet browsers but will get the job done. For ecommerce sites you might want to go with a paid SSL Certificate to ensure it works with all browsers.
A good web host will provide Let’sEncrypt as a standard feature in CPanel and will also offer services to assist you in installing and configuring HTTPS for your website.
If you’re going for a paid option, you’ll need to purchase the certificate and install it on your website’s hosting account or server. This can usually be done via CPanel.
Before you’ll see the green padlock in your browser’s address bar, you’ll need to configure WordPress to load using HTTPS instead of HTTP. Go to Settings > General and change both the WordPress Address and Site Address urls to use “https://” instead of “http://”
Once completed you’ll automatically be logged out of WordPress. You effectively are now logging back into your website using a different address – the URL is now using HTTPS instead of HTTP.
Step 3: Force HTTPS Throughout your Site
If your website is already live on the internet, it will have been indexed by Google to load via HTTP. It’s important that any visitor who is accessing your website via one of these outdated links for them to be converted to HTTPS so that the site will load using SSL.
There’s a few ways to do this. You could use a plugin such as WordPress Force HTTPS. There’s a few plugins that do the job but this one is simple to use. Just install and activate it and it does the rest.
If using a plugin isn’t going to work for you you’re going to need to update your .htaccess file via FTP.
Step 4: Resolve Insecure Elements on your Pages
So you’ve installed and configured SSL for your WordPress website. Time to check for that green padlock icon next to your URL in the address bar. See it? If not, you might still have some insecure elements on your pages.
But how do I find them?
Don’t panic! There’s a great tool called Why No Padlock that you can use. Just type your website URL into their home page and you’ll get a report about any elements still using HTTP on your website. Why No Padlock will tell you the exact file and place that has an insecure URL.
So why are some elements still using HTTP? Well, you may have inserted images or links on your website by using their URL, effectively hardcoding them. So you’ll need to identify what the links are that are still using HTTP and change them. A typical example would be your site’s logo, favicon or graphics on a page. All of these must be fixed before you can get the green padlock working.
Another way you can resolve this simply is by using a plugin called Better Search Replace. This plugin will search through all of your posts and pages and then changes all http links to https. Keep in mind that if your site uses www as the precursor to your domain you’ll need to include this in the settings.
The last step is to let Google know about your upgrade to SSL. Google has previously indexed all of your pages and posts with HTTP. Google needs to know that your website should now be accessed via HTTPS instead.
The quick and easy way to do this is to log into your Google Webmaster Tools account and add an updated sitemap. You can get a free sitemap from www.xml-sitemaps.com. Once you have that, upload it to your hosting account via FTP. Then, navigate to the sitemaps section in Webmaster Tools and advise Google of the location of the sitemap file. You can use their tools to test the sitemap before you submit it, to check for any errors.
Congratulations! You’ve Installed SSL On Your WordPress Website!
Well done! You’ve now installed SSL and your WordPress website is using HTTPS! Now your visitors will feel safe visiting your website and you may experience a boost in your SEO rankings.
If you need help installing and configuring SSL for your WordPress website, we’d be happy to help!