Adding SSL and HTTPS in WordPress

Ellaschofield00 · October 23, 2017, 10:27pm

Being a beginner web developer, I have started asking too many questions with everyone everywhere, and I am going to do it again here. Recently, I was working on one of my website which I developed on the WordPress, and as per its requirement, I needed to add SSL and HTTPS on the website.
The dilemma is, all of my friend who is also related to the website development industry is now willing to point out the mistake in the code which is given below.

RewriteEngine On
RewriteCond {SERVER_PORT} 80
RewriteRule ^(.*) https://www.overleaf.com/ [R,L]

This is the code that I am trying to use to add SSL and HTTPS through updating my WordPress website URL.
It is not like I am not aware of such terms and codes. The only problem is that I never did this with any of the websites. I have only done adding HTTPS and SSL on specific pages with a plugin. That is why this thing is new to me, and I think such are the confusions that every beginner website developer must have faced once or two.
That is why I am writing this post and want to ask it from the readers of this post that what is wrong in the code and it would be great for me if anyone walks me through the whole process of adding SSL and HTTPS on the WordPress website. Please comment below and help me out from this misery which is costing me a lot of valuable time.

owel · October 23, 2017, 10:47pm

To enable SSL on your website (so you can connect to it via https), you need to install an SSL certificate on your web server. Depending on your web server (IIS, apache, etc), you’ll have to generate a CSR (Certificate Signing Request).

Then you order your SSL certificate (the cheapest I found is $50/year), submit your credentials, info, domain, etc. and CSR, and after processing, they’ll email you back a certificate that kinda looks like this…

-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIQVpHsJAxNtfcO238Z8SNkFTANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE3MTAwMzAwMDAwMFoXDTE4MTAwMzIzNTk1
....
....
....
SIK6dI43mx/atRlt6OaIJDAELQtYpQzHYXhayXszvZkqfnyqXx81u1k3NPpq0Z2A
D+dAsIBH2oN5ldVs594+9TF4oY1Uy1NNTrrL5ZOTkvmz
-----END CERTIFICATE-----

You then paste the above certificate to your web server account.

Only then can you connect to your website via https://www.mydomain.com

Now, if you want to force every user to connect via https instead of http, that’s when you do the Rewrite Rules.

Again, this differs whether you’re running an IIS web server or Apache web server. Consult your web host.

Okay, now to the practical side… SSL certificates are not free. If your website isn’t asking for any secure information (say ID and password), you don’t need https. Also, https works on a per domain basis. Some certificates only work with your main domain name and www, while the more expensive ones can work with your domain.com and any other subhost (a wildcard certificate).

** I think there are some non-profit groups that give out free SSL certificates but it has to be renewed every 3 or 6 months I think. The whole process is also automated, and if your web host supports it, then you’re in luck.

You can check out this site.
https://www.rapidssl.com/

camper · October 23, 2017, 11:15pm

This isn’t true.

LetsEncrypt offers free certificates.

Browsers (i.e. Chrome) are moving in the direction of alerting users when they view HTTP pages, regardless of the content.

Also, Google gives higher search engine rankings for pages with HTTPS.

@Ellaschofield00 are you asking what’s wrong with that specific .htaccess code? I know there are different ways to write that RewriteRule statement, so maybe that’s what they’re worried about. Also, you’ll want to change the base URL of the site in the WordPress settings to HTTPS as well as everything in the database that refers to HTTP.

Here’s a popular plugin to help with this: Really Simple SSL – WordPress plugin | WordPress.org

honmanyau · October 24, 2017, 2:51am

Let’s Encrypt does indeed offer free certificates. I’m with Dreamhost and, once you have requested for one to be installed on a domain/subdomain, the entire process is automated—including renewal. Organisations like Mozilla and the EFF, to name a few, sponsor Let’s Encrypt.

Here’s an example.

Insecure security

lynxlynxlynx · October 24, 2017, 9:36am

No need for a rewrite — once you set the wordpress site url to https, wp will automatically (internally) redirect as needed.

cynthia · November 7, 2017, 6:48am

Adding redirection of HTTP to HTTPS is tedious and needs careful planning. Follow the steps given below:

Purchase an SSL certificate
Install the SSL certificate
Update all internal and external links to HTTPS
Set up 301 redirects from HTTP to HTTPS
Add all variants of the website site in Webmaster Tools
These are the general steps for redirection.

Since the whole procedure can’t be explained here because it includes some code also so I suggest you Check this Resource including screenshots of the procedure to know every bit of HTTPS and SSL and how to implement the same.
Good Luck!

lynxlynxlynx · November 7, 2017, 4:31pm

You’re overcomplicating the matter. It seems from the first post OP already has a cert (if not, get a free one , eg. from Let’s encrypt). Wordpress will deal with 3-4, the webmaster has to fix only any hardcoded http paths he added himself. Webmaster Tools I have never heard about, so can’t comment on that.

silversurfer90 · September 11, 2018, 9:24am

For WordPress users there is an amazing guide available for integrating SSL.
How to install SSL certificate on WordPress site

tamil1996 · September 11, 2018, 12:51pm

Thank You for the informative post.

diana123 · September 25, 2019, 11:39am

You are basically adding SSL and HTTPS in your WordPress site, which is quite straight forward. I have done this many times and I can help you in this process.

First you need to create your SSL which is totally free. You can do it from Let’s Encrypt without paying a cent. All steps are given at this article - How to manually Install Let’s Encrypt free SSL Certificate on any hosting

After that you need to go to Settings » General page of your WordPress dashboard and update your WordPress and site URL address fields by replacing http with https.

Check the below screenshot with explains this:

download

Finally, you need to set up WordPress redirects from HTTP to HTTPS. This is done by adding the following code to your .htaccess file. You will find this file in your website’s root folder.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

That’s quite easy, isn’t it? You also don’t need any help from some plugin to do this.

Thanks & Regards