If you are concerned about keeping your website secure, you might be looking to move from HTTP to HTTPS.  Installing an SSL certificate on WordPress might be your goal.  In this article, we’ll explain how to add SSL and HTTPS on your WordPress site.

If you’re new to internet security and not sure what these terms mean, we’ll take you into a deeper understanding.

First things first:  understanding the jargon.

Although people often speak of SSL, it should truly be TLS (Transport Layer Security) which gets spoken of most.  This is because TLS is the latest version of secure certificates which are used.

SSL (Secure Sockets Layer) was the name of the original website security certificates.  Although the product has changed to TLS, many people still speak of SSL when referring to internet security certificates.

When you move your site from HTTP to HTTPS, it means you are offering HTTP on a secured site (via TLS).

What are HTTPS and SSL?

Each day we surrender our information onto the internet.  Sometimes we simply log into an account.  At other times, we give bank account or credit card details in order to make an online purchase.  We do this trusting that our information will be secure.

In order to protect data online, we need to ensure that this information will be transferred securely.  This is why SSL and HTTPS are so important.

When you use SSL certificates, the connection between your viewer and your server becomes encrypted.  This means that third parties will not be able to read your information.

Each site is offered its own unique SSL certificate to keep your information secure.  If the site is not secure, or the certificate does not match your site, your viewers will be warned before entering your site.

Why would you want to use WordPress SSL?

If you don’t secure your site, you’re allowing any information your clients or viewers submit to your site to be read by hackers.  If your viewers log into your website and it hasn’t been secured, hackers can gain access to their information.  If your viewers submit financial information online, this can easily be read or stolen by hackers.

ANY confidential information can be stolen if you don’t secure your site using security certificates.  Your site can become susceptible to attacks.  Hackers can use tools to read online data which hasn’t been encrypted.

Hackers often look for specific patterns in information such as credit card details, social security numbers, passwords and any other data which could benefit them.   WordPress HTTPS will keep your site secure.

Considering this, having WordPress SSL is something that you can’t do without.

HTTPS and SEO:  the benefits of creating a secure site

Search engines wish to find sites which will most benefit their users.  As a result, Google has announced that it will boost websites that use security certificates in order to protect viewers.  They made this announcement in a blog post entitled “HTTPS as a ranking signal.”  Adding a secure certificate creates online benefits for both clients and websites.

As websites move towards creating secure sites, those who do not do so will lag behind.  This will impact on Google ranking.  Google treats internet security as a priority and is trying to ensure that security is increased throughout the industry.

In order to create as much motivation as possible for moving to a secure site, Google has added SSL ranking to their search engine criteria.  This means that if you implement WordPress SSL, you’ll have a huge advantage over less secure sites.

Why you should add HTTPS

If you’re running an e-commerce site where your customers submit highly confidential data, you’ll need an SSL certificate to protect both your clients and your site.

In order to receive payments through a bank account, PayPal or other online payment options, you’ll need to ensure that you have an SSL certificate before incorporating payment options on your site.

However, adding WordPress SSL is not a difficult process.  Ask the company who hosts your site whether they can sell you an SSL certificate.  If not, find out if they can assist you with acquiring a third-party SSL certificate.  Once your certificate has been purchased, ask your site host if they can install it on the server for you.  It is as simple as that.

You don’t have to be concerned that installing an SSL certificate will slow your site down.  The difference in speed is negligible, and your site will achieve higher search engine rankings based on your certificate anyway.

How to redirect from HTTP to HTTPS

Step 1:  acquire a certificate

In order for you to change from HTTP to HTTPS, you’ll need to acquire an SSL certificate for your site.  This will validate the security of your connection and keep both your and your visitors’ financial information secure.  When you know that personal data is safe, it will be much easier to carry out web transactions.

When you have an SSL certificate, your viewers will know your site is safe because they’ll see the trusted padlock show up in their address bar.

There are three different types of SSL certificate to choose from:

  1. Domain Validation Certificates:  These certificates are a basic option for a single domain.  They don’t need any paperwork and are an affordable option.
  2. Organization Validation Certificates: These certificates go beyond the basics.  If you choose this option, you’ll get a padlock in the address bar.
  3. Extended Validation Certificates: These offer the highest security and take some time to process.  If you choose this option, you will not only get a padlock but the name of your company in the internet address bar.

Once you’ve decided on the type of certificate which would be best for your site, it’s time to make a purchase.  Beginners may want to start by approaching their hosting site (as mentioned above).

However, there are other companies, such as Encrypt (who offer free security certificates on their sites), GeoTrust, GlobalSign or Symantec who offer WordPress SSL.

Step 2:  Redirect with .htaccess

Once you’ve acquired your certificate, you can ask your host or even WordPress to update your site’s address.  However, you can also update it via your .htaccess file.

To do this, go to your site’s root folder.  Back up your .htacces file.  Then add the following code:

RewriteEngine On

RewriteCond % {HTTPS} Off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This code will ensure that a 01 (permanent) redirect is forced – from HTTP to HTTPS.

This is very important for SEO purposes because it will redirect your backlinks.

When rewriting for a WordPress site, you could use the following approach:

# HTTPS Rewrite

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

# END WordPress

# Remove www from URL

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]

RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

This example shows you to eliminate the www. Which forms the beginning of your URL.  This prevents you from duplicating content on your website.  Duplicate content can hurt your search engine SEO rankings.

Step Three:  Clear up insecure content

Once you’ve moved to HTTPS, each aspect of your website will need to be secure. This means that if your website is HTTPS secured but some of your files are still HTTP, you will need to change this, or the security of your website will be compromised.

Go to your website and remove any hardcoded URLs so that your website doesn’t send back mixed content warnings.  You could use an SSL Insecure Content Plugin to help you resolve this problem.  The Velvet Blues URLs update plugin is another great choice and will assist you with fixing any embedded links you might have.

Step 4:  Update links

Once you secure your website and it is updated to HTTPS, all people will be redirected to your site, even if they type in your old web address.  However, it might be better for you to update your old address on any third party sites, in order to ensure your address remains consistent.

Here are some frequently used sites where you can update your links and redirect from HTTP to HTTPS:

  • Google Webmasters Tools & Analytics
  • Social media sites such as Facebook, Twitter, Google + and Pinterest
  • Websites or blogs which contain backlinks to your site
  • Any third party tool (such as email) which links to your site.

Ending thoughts on WordPress SSL

Redirecting from HTTP to HTTPS will protect your site, gain your audience’s trust and improve your SEO ranking.  When you are ready, ensure you make the best SSL certificate choice for your needs, and begin to redirect from HTTP to HTTPS for WordPress as soon as you can.