Are you looking to move WordPress from HTTP to HTTPS and install a free SSL certificate on your website? Yes, this could be your thought because Google announced that Chrome browser will mark all HTTP sites as “Insecure” starting July 2018. In this article, I’ll show you how to move your WordPress website from HTTP to HTTPS with a free SSL certificate from LetsEncrypt.
I will also explain what is SSL and HTTPS for a better understanding of Secure Web.
What is HTTPS?
HTTPS stands for Hypertext Transport Protocol Secure where HTTP (which stands for the same minus the Secure at the end), is the communication protocol usually used for facilitating web traffic.
HTTP VS HTTPS
The secure version uses an SSL (Secure Socket Layer) certificate to establish a connection between browser and server. That means any information that is exchanged gets encrypted. This makes it harder for hackers to eavesdrop on the connection. This extra security layer is not available in HTTP which makes the data transfer less secure. Hence moving your WordPress website from HTTP to HTTPS is very important to make your website secure.
Requirements for using HTTPS/SSL on a WordPress Site
The requirements for using SSL in WordPress is not very high. Only SSL certificates and some tweaks & settings in WordPress would do it.
The best hosting companies are offering free SSL certificates for all their users:
- Liquid Web
- InMotion Hosting
If your hosting company does not offer a free SSL certificate, then you shall get it from here for free.
Once you have obtained an SSL certificate, you can install it in your cPanel hosting or you can contact your hosting provider for the support in installing the SSL certificate for you.
Setting up WordPress to Use SSL and HTTPs
After you have enabled SSL certificate on your domain name, you will need to set up WordPress to use SSL and HTTPs protocols on your website.
In this guide, I will tell you, how to Setup SSL/HTTPS in WordPress Using a Plugin because this is easier and recommended for the beginners.
First, you need to install and activate the Really Simple SSL plugin.
Upon installation & activation, you need to visit Settings » SSL page. The plugin will automatically detect your SSL certificate, and it will set up your WordPress site to use HTTPs.
The plugin will take care of everything including the mixed content errors while HTTP to HTTPS. Here’s what the plugin does behind the scenes:
- Check SSL certificate
- Set WordPress to use https in URLs
- Set up redirects from HTTP to HTTPS
- Look for URLs in your content still loading from insecure HTTP sources and attempt to fix them.
Note: The plugin attempts to fix mixed content errors by using output buffering technique. It can have a negative performance impact because it’s replacing content on the site as the page is being loaded. This impact is only seen in the first-page load, and it should be minimal if you are using a caching plugin.
While the plugin says you can keep SSL and safely deactivate the plugin, it’s not 100% true. You will have to leave the plugin active at all times because deactivating the plugin will bring back mixed content errors.
Congrats now your WordPress website is successfully moved to HTTPS in five minutes.
Now do not forget to submit your HTTPS site to google search console. This means you will need to let Google know that your website has moved to avoid any SEO issues.
I hope this article helped you add HTTPS and SSL in WordPress without any hassles. If you face any problems, Do not hesitate to ask me any questions at [email protected].