How to install and configure HTTPS for a site in WordPress

How to install and configure HTTPS for a site in WordPress

08:04, 18.04.2022
Author: Artur Berezhnoy
2 min.

HTTPS is an extension of the HTTP protocol familiar to us, used to transmit data more securely through encryption. This is done via TSL/SSL cryptographic algorithms. Simply put, switching to HTTPS reduces the risk of data interception. And even if it happens, the intruder will not be able to decrypt them without a special private key stored on the server. The “interceptor” would only get a mass of unreadable useless characters that would take years to decrypt without a key. Or a quantum computer, but so far this possibility looks more like science fiction.

In our article, we tell you how to install and configure the HTTPS protocol for your WordPress site. This is done in 4 steps.

Step one: buy an SSL certificate

All SSL certificates are divided into three groups:

  1. Used for the domain and its version with the WWW. Their cost is inexpensive, and they contribute a little to improving the ranking by search engines. It takes no more than 15-20 minutes to issue such a certificate.
  2. With the protection of the domain and 1st level subdomains. They provide data protection on all pages of the website.
  3. For a group of different domain names.

Any of them are purchased from a provider for a certain period, after which they must be renewed. The main thing is to choose a provider of SSL certificates with a high level of trust.

Step two: Activate the SSL certificate and install it on the hosting

Our site already has detailed instructions on how to properly install SSL on a VPS. In brief, you will need to generate a CSR request, and then through the control panel in the "Users" section connect the received certificate, specifying its name, encryption key, password, certificate contents, and the chain of SSL certificates in PEM-format.

Step Three: Switching the Site to HTTPS via WordPress Settings

The first thing is to go to the console menu of the content management system of the site through your browser. Just type in your domain, adding the text wp-admin after the slash. For example, like this:

how to install and configure https for a site in wordpress

In the console, go to the settings, section "General". Here you will see the fields "WordPress Address (URL)" and "Site Address (URL)". Here, replace HTTP with HTTPS. Confirm the changes and you are done. After that, be sure to configure a redirect to HTTPS, because without it, the unprotected version of the site will still be accessible to the public.

Step Four: Redirect to HTTPS

Redirects are set up in the .htaccess configuration file, which is in the root directory of the server. Edit it by adding a command to force a redirection to its contents. This command looks like this:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule .*{REQUEST_URI} [R=301, L]

Of course, before copying, correct the domain name. Once the changes are saved, the forced redirect to the HTTPS protocol will work, and the configuration is done.

Alternative way

You can also set up redirects after installing an SSL certificate with a special plugin for WordPress called Really Simple SSL. After installing it, go to SSL settings in the settings menu and activate redirect. From now on, your site will be able to open only through a secure protocol.

Finally, do not forget to update the sitemap, otherwise, some operating systems may have bugs. That's the end of our article, thank you for your attention!

Related Articles