Adding SSL and HTTPS in WordPress

Adding SSL and HTTPS in WordPress
0

#1

Being a beginner web developer, I have started asking too many questions with everyone everywhere, and I am going to do it again here. Recently, I was working on one of my website which I developed on the WordPress, and as per its requirement, I needed to add SSL and HTTPS on the website.
The dilemma is, all of my friend who is also related to the website development industry is now willing to point out the mistake in the code which is given below.

RewriteEngine On
RewriteCond {SERVER_PORT} 80
RewriteRule ^(.*) https://www.overleaf.com/ [R,L]

This is the code that I am trying to use to add SSL and HTTPS through updating my WordPress website URL.
It is not like I am not aware of such terms and codes. The only problem is that I never did this with any of the websites. I have only done adding HTTPS and SSL on specific pages with a plugin. That is why this thing is new to me, and I think such are the confusions that every beginner website developer must have faced once or two.
That is why I am writing this post and want to ask it from the readers of this post that what is wrong in the code and it would be great for me if anyone walks me through the whole process of adding SSL and HTTPS on the WordPress website. Please comment below and help me out from this misery which is costing me a lot of valuable time.


#2

To enable SSL on your website (so you can connect to it via https), you need to install an SSL certificate on your web server. Depending on your web server (IIS, apache, etc), you’ll have to generate a CSR (Certificate Signing Request).

Then you order your SSL certificate (the cheapest I found is $50/year), submit your credentials, info, domain, etc. and CSR, and after processing, they’ll email you back a certificate that kinda looks like this…

-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIQVpHsJAxNtfcO238Z8SNkFTANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE3MTAwMzAwMDAwMFoXDTE4MTAwMzIzNTk1
....
....
....
SIK6dI43mx/atRlt6OaIJDAELQtYpQzHYXhayXszvZkqfnyqXx81u1k3NPpq0Z2A
D+dAsIBH2oN5ldVs594+9TF4oY1Uy1NNTrrL5ZOTkvmz
-----END CERTIFICATE-----

You then paste the above certificate to your web server account.

Only then can you connect to your website via https://www.mydomain.com

Now, if you want to force every user to connect via https instead of http, that’s when you do the Rewrite Rules.

Again, this differs whether you’re running an IIS web server or Apache web server. Consult your web host.

Okay, now to the practical side… SSL certificates are not free. If your website isn’t asking for any secure information (say ID and password), you don’t need https. Also, https works on a per domain basis. Some certificates only work with your main domain name and www, while the more expensive ones can work with your domain.com and any other subhost (a wildcard certificate).

** I think there are some non-profit groups that give out free SSL certificates but it has to be renewed every 3 or 6 months I think. The whole process is also automated, and if your web host supports it, then you’re in luck.

You can check out this site.
https://www.rapidssl.com/


#3

This isn’t true.

LetsEncrypt offers free certificates.

Browsers (i.e. Chrome) are moving in the direction of alerting users when they view HTTP pages, regardless of the content.

Also, Google gives higher search engine rankings for pages with HTTPS.

@Ellaschofield00 are you asking what’s wrong with that specific .htaccess code? I know there are different ways to write that RewriteRule statement, so maybe that’s what they’re worried about. Also, you’ll want to change the base URL of the site in the WordPress settings to HTTPS as well as everything in the database that refers to HTTP.

Here’s a popular plugin to help with this: https://wordpress.org/plugins/really-simple-ssl/


#4

Let’s Encrypt does indeed offer free certificates. I’m with Dreamhost and, once you have requested for one to be installed on a domain/subdomain, the entire process is automated—including renewal. Organisations like Mozilla and the EFF, to name a few, sponsor Let’s Encrypt.

Here’s an example. :stuck_out_tongue:

Insecure security


#5

No need for a rewrite — once you set the wordpress site url to https, wp will automatically (internally) redirect as needed.


#6

Adding redirection of HTTP to HTTPS is tedious and needs careful planning. Follow the steps given below:

  1. Purchase an SSL certificate
  2. Install the SSL certificate
  3. Update all internal and external links to HTTPS
  4. Set up 301 redirects from HTTP to HTTPS
  5. Add all variants of the website site in Webmaster Tools
    These are the general steps for redirection.

Since the whole procedure can’t be explained here because it includes some code also so I suggest you Check this Resource including screenshots of the procedure to know every bit of HTTPS and SSL and how to implement the same.
Good Luck!


#7

You’re overcomplicating the matter. It seems from the first post OP already has a cert (if not, get a free one , eg. from Let’s encrypt). Wordpress will deal with 3-4, the webmaster has to fix only any hardcoded http paths he added himself. Webmaster Tools I have never heard about, so can’t comment on that.


#8

For WordPress users there is an amazing guide available for integrating SSL.
How to install SSL certificate on WordPress site


#9

Thank You for the informative post.