How to Setup SSL/HTTPS on WordPress

Hello there interwebs, today I’m finally going to do a tutorial on how to setup SSL/HTTPS on WordPress. I have been meaning to do this tutorial for quite sometime since this blog has been using SSL/HTTPS from its inception, but I guess better late than never right 😉

Just a disclaimer early on, this tutorial is only going to tell u about the WordPress side of things, I am not going to tell u how to set up an SSL certificate. I am also assuming you would have already obtained and setup your SSL certificate, if you don’t have an SSL certificate you can use cloudflare’s flexible SSL setup as it would work just the same.

Now with all the pleasantries out the way let’s get on with the show

Step 1: Change the URLs

Now all links in WordPress (attachments, CSS and JavaScript files) are all relative to the install URL.

To go about changing WordPress from HTTP to HTTPS, the install URL must be changed, or simply put, just change http://delanomaloney.com to https://delanomaloney.com

Well how do you do that?

  • First login to your WordPress dashboard and navigate to Settings > General.
  • Then make your way down to WordPress Address (URL) and Site Address (URL)
  • Check that both are https (both should be https as I have ran into problems when one was https and one was http) if they aren’t simply add an s after the http to make https and save it.

Fair warning you will break your site’s layout and logins for a bit after doing this but it will be fixed.

Step 2: Enforcing SSL

Yes you just changed the links on your site to all use https, now while that’s sweet you’re not done yet, you need to enable WordPress administration and logins over SSL.

  • By now you should know where your wp-config.php file is and how to get to it, but open that up and scroll down until you find that define( 'WP_DEBUG' ); line.
  • Below add define( 'FORCE_SSL_ADMIN', true );
    That will force all logins and all admin sessions to only happen over SSL.

Step 3: Setting the default server port

Certain plugins (ahem… Jetpack) will have problems with certain functionality (Publicize) if you don’t specifically set the server port.

  • Pull up back that wp-config.php file and find the FORCE_SSL_ADMIN line.
  • Below that add $_SERVER['SERVER_PORT'] = 443;

After completing those steps your site should be up and completely functional over SSL/HTTPS.

Optional Step 4: Setup a 301 Permanent Redirect

Now that your site is up and running in SSL/HTTPS goodness, you need to tell Google and your visitors that your URL has changed. To do that you need a redirect, more specifically you need a permanent redirect.

  • To set up a 301 permanent redirect, FTP/SFTP to your server and add the following code at the TOP of WordPress’ .htaccess file. (if you don’t know what I’m talking about well…. look it up)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# END HTTP to HTTPS Rewrite

To inform Google about the change in URL, re-add your WordPress site to Google webmaster tool (but this time with https://) and follow this this guide to let Google know about the change of URL.

You can check your SSL website status using Qualys SSL Labs.

Congratulations on reaching the end of this tutorial!


About these ads

Leave a Reply