In this tutorial, you will learn how to set up SSL encryption to work with your WordPress website. These days keeping your website secure is more important than ever, especially on websites that provide E-commerce solutions where customers are providing sensitive details such as credit card information. Using SSL will allow you to provide your site via HTTPS, keeping your customers data encrypted and secure while also instilling trust in your website with your customers by showing the little green padlock that appears in most web browser’s address bars.
This tutorial assumes, you already have your SSL certificate installed on your web space. If you don’t have an SSL certificate, this can usually be purchased as an addon from your web hosting provider. In most cases when adding an SSL certificate to your web hosting account, it will usually be set up and ready to go. All hosting providers are a bit different so check with your hosting provider on how to do this. In most cases their online support will help you get started, it doesn’t take long to set up and should be available right away.
Checking your website is using HTTPS
To check if your certificate is working, simply type your domain name into a web browser’s address bar and add https:// to the start eg. https://example.com. In some cases you will find that your website uses https without any problems and you already have it working right away. You can tell it’s worked when you see the padlock appear. This is usually a small, green padlock, sometimes followed by the word “Secure”. Check all of the pages on your website and make sure this appears on every page.
More than likely though, your website will show as insecure. In this case we have to find what’s causing the site to be insecure and eliminate the problem. To check why your site isn’t secure, do the following:
- Visit www.whynopadlock.com
- Enter your domain name and hit “check”
Once you have checked your website on whynopadlock.com, it will display the reasons why you are not getting your padlock and HTTPS isn’t working. The most common reasons are that you are still using http instead of https on links and image paths on your web page. This can be fixed by changed all the links and path URLs to use the https prefix instead of https.
Setting up WordPress
The first thing to do is go to Settings->General on the WordPress admin area and change the WordPress Address and Site Address URL’s to use the https prefix instead of http. This will change relative links on your website to use https. You can then use the whynotpadlock.com website to find other links and change them to https. However, for this, I prefer to use a plugin to take care of all of that for me since if I ever need to turn https off for any reason, it’s as simple as just deactivating the plugin.
Let a plugin do all the work
There are a whole range of WordPress plugins that can force SSL and do all the hard work for you. My personal favourite is a plugin called Really Simple SSL, which you can find here: Really Simple SLL Plugin
This plugin, as the name suggests, is really simple. To set it up, you simply just install the plugin, activate it and it’s all set up. In most cases, this will work right out the box. There are also settings under Settings->SSL in the WordPress admin area where you can debug and change the settings to suit your needs. This plugin will automatically change all your links and paths to use https to make sure all the resources on your website are using https.
You should now have yourself an encrypted https website along with padlock in your web browser’s address bar.