SSL IN WORDPRESS

SSL means Secure Sockets Layer and is now standard. In this post, I will show you how to integrate an SSL certificate into your WordPress website.

WHAT IS AN SSL CERTIFICATE?

An SSL certificate is a kind of digital ID. The ID contains information about the website owner. When you open a website and knock on the server, the browser checks whether the SSL certificate and you can recognize the result by the small lock next to the domain.

If you do not use an SSL certificate, it says “not secure”. Google doesn’t like that, and your user doesn’t feel good either. That is why the SSL certificate is now standard.

SET UP SSL CERTIFICATE IN WORDPRESS

The setup is very simple and consists of two parts. You have to apply for a certificate from the hoster and then integrate it into your website. Incidentally, there are different certificates with different security levels. If you run a simple blog, the mostly free variant is sufficient. However, as soon as you run a shop, it is advisable to opt for a better certificate.

The setup at the hoster runs through the backend of the hoster. There you will find your domain and can apply for an SSL certificate for each domain. Most common hosters offer their own instructions that guide you through the interface of the respective hoster. If the certificate is deposited with the hoster, you can start in WordPress.

There are two ways that I would like to show you here.

PLUGIN: REALLY SIMPLE SSL

The Really Simple SSL plugin is the easiest way. After the installation, you will find the plugin under Settings> SSL, and you only have to activate it in many cases that’s it.

I personally try to avoid any unnecessary plugin, as each plugin slows down the website. That’s why I rely on manual setup.

SET UP SSL YOURSELF

A plugin is also used here. However, you can remove this plugin after the setup. It is always advisable to make a backup beforehand. We go through the individual steps:

STEP 1: SETTINGS> GENERAL

Here you change both the WordPress address (URL) and the website address (URL) from http://meineseite.de to https://meineseite.de.

STEP 2: ADJUST URLS

In the next step, you adjust the URLs of the entire website and change the entire page http to https. You can use the Better Search Replace plugin. Once the plugin is installed and activated, you can find it in the Tools area. Just fill out the settings as follows:

ssl setup

With “search for” you enter the URL with http and with “replace with” you enter your URL with https. Under “Tables” you now select all tables and then remove the checkmark from “Test run”. If you then click on “Search and replace”, the plugin searches your database for http and replaces with https.

In many cases, that’s almost it. However, there are plugins that require additional settings. If you find that your page is still displayed as “not safe” and does not know exactly which plugin is the culprit, then simply deactivate all plugins and then activate them step by step until you have found the troublemaker. You can then quickly find out what needs to be done with the help of Google.

STEP 3: REDIRECT ALL REQUESTS

We’re almost there. Now we only need a small adjustment in the .htaccess file. You will find the file on your server and can access it with an FTP program. Just add this snippet to the beginning of the file:

RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This code snippet ensures that all http requests are redirected to https and gives the browser the information “301 Moved Permanently”. This forwarding means that the page has permanently moved to https.

THAT’S IT

In most cases, the setup is done. If your page continues to be shown as “not safe”, I recommend that you consult a specialist. There are cases where further measures are necessary.

Leave a Comment