Installing an SSL on a WordPress Site

In this article we're taking a look at how to install an SSL on a WordPress site and enable that SSL to make your site display as HTTPS

In this post we’re going to explore how to enable an SSL with WordPress and why you would want to.

SSL stands for Secure Sockets Layer, it’s technically a depreciated technology as in most cases it has been replaced by TLS. We won’t delve into the depths of explaining this, however it’s important to know that most providers still refer to the technology as SSL. But in effect it stands for the secure transmission of data using cryptographic protocols.

An SSL basically binds an organisation and a domain name together to provide a level of authenticity and encrypts the data sent to and from the site.

The key benefits of this include:

1. Enhanced security – Data such as passwords and sensitive information will near enough always be better off sent in an encrypted format due to the sheer nature of it.

2. Improved ranking signals within search engines – Most search engines will prioritise a website with an SSL over a site without, the fact that it’s secure is a valuable signal.

3. Customer / Visitor trust – The fact that a website has an SSL, particularly any website that stores and processes customer information, such as an ecommerce website is going to provide a much better impression to the customer if there is a demonstration that the data being submitted is secure.

The process of installing an SSL on your server will depend on a multitude of factors including who you host your website with, the type of server that the website is on and the type of SSL that you want to install on your website. The best course of action for this is to contact your hosting provider or explore their support articles and service information to determine the SSL options available on your platform and the install process.

Enabling an SSL with WordPress:

Once you’ve purchased an SSL and then installed it / had the hosting provider install the SSL the next major step is getting your WordPress website to be secure.

Option 1:

Hosting Tools

In some cases your hosting provider may offer automatic HTTP to HTTPS redirection within their platform. This may require you to enable the option for this to happen or it may be the default action once an SSL is installed, so it’s always worth checking with your provider.

Option 2:

Using a Plugin

There are some great plugins out there that do most of the work for you when it comes to integrating an SSL into your WordPress site. The key benefit to using a plugin is that it often tells you what items of content aren’t fully secure and any steps that you need to take to adjust your site to ensure it’s fully https. One of our favourite plugins is:

https://wordpress.org/plugins/really-simple-ssl/

Option 3:

Manually ensuring that your site is secure.

This is a slightly more complex process as it requires a few different steps and will depend on your hosting provider.

Step 1: Ensuring that your site doesn’t feature mixed content, this means images, videos, links and any other URL that has http:// instead of https://. You will need to either comb through your site and update these URLs or use a search and replace plugin.

(If your website is running WordPress version 5.7 or above within the Site Health section there is an included tool to automatically update your site and URLs to use HTTPs).

Once you’re happy that your site content features either a non specific URL e.g. :// or features https:// then you’re good to move to the next step.

Step 2: Forcing your site to redirect to Https, in most cases this will be a feature included with your hosting. However in a few circumstances depending on your setup you may need to manually adjust your .htaccess file.

We won’t go into the intricacies of this however the providers of the plugin mentioned above have a great article on this here:

https://really-simple-ssl.com/knowledge-base/manually-insert-htaccess-redirect-http-to-https/

Step 3: Ensuring that your site is redirecting fully will require a few basic tests. Simply visit your website in any browser to check that the secure symbol is shown in the address bar. In some cases if your website or hosting provider has a caching system in place you will need to clear this first and then view your website in the browser.

Further Reading:

Adding a Cookie Notice to WordPress

Adding a Privacy Policy to WordPress

Summary:

We hope this helps when you come to adding an SSL to your WordPress website. If you found it useful we would really appreciate a comment or share, thanks!

Newsletter Updates

Enter your email address below to subscribe to our newsletter

Leave a Reply

Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124