How to Add SSL and HTTPS Badge in WordPress Website

ssl-secured-website

While most business websites support large financial transactions involving credit card details, bank account information, sensitive personal data, the information entered is vulnerable to unauthorized access and theft, often with malicious intentions. The consequences of such data theft could lead to severe loss of money as well as credibility. Therefore, customers trust e-commerce businesses with secured payment gateways. It is essential for e-business owners to have the right security solution enabled on their websites.

For this, website owners use SSL certificates to ensure safe transaction of the users. Typically, you will see a ‘https’ badge on e-com and other websites that involve any financial transaction. In this article, we will address the importance of SSL/HTTPS for any online business, and how to easily install SSL certificate in your WordPress website.

So What is HTTPS/SSL?

SSL (Secure Sockets Layer) provides a standard security technology capable of encrypting the data that flows between the browser and the intended server. The SSL ensures that the data passed between the browser and the server remains secure, and the integrity is maintained.

HTTPS (Hyper Text Transfer Protocol Secure) on the other hand is a secured enhancement to the traditional HTTP protocol. HTTPS means that the data flowing between the browser and the website servers is encrypted and secured.

Now the question is –

Why do you need HTTPS and SSL for your WordPress website?

With WordPress being the most popular platform for developing high-functioning business websites, the need for necessary SSL and HTTPS integrations cannot be ignored. This way, the sensitive information passed on from the website to the intended recipient is encrypted and cannot be used by any malicious software program that might attempt to intercept the information in between.

If your website doesn’t have an SSL installed in it, your visitors might encountered with this message:

unsecure-connection-on-site

Primary Requirements to add SSL & HTTPS in WordPress

To add SSL & HTTPS in WordPress, the first & foremost step is to buy an SSL certificate. You can buy SSL certificates from SSL providers like GoDaddy, Comodo, DigiCert, Entrust, GeoTrust, etc. Prices for SSL certificate depends on what level of security you are opting for. For example, if you are running an e-commerce site where visitors need to provide their payment information, you must opt for a higher level of security. SSL price varies with different SSL providers. Standard SSL certificate price with one-year validity costs 300$ – 1500$. Some WordPress hosting providers such as WPEngine, Bluehost occasionally provides free SSL certificate with one-year validity. So before buying a third-party SSL make sure if you don’t already have a WordPress SSL certificate.

Setting up a WordPress SSL certificate

Installing WordPress https is simple. Once you have an SSL certificate just follow below steps to install SSL in your WordPress website:

Step1:

  • Back up your site before proceeding with SSL installation. So that if something goes wrong, you will always have the chance to revert.

Step 2:

  • If you purchased a third-party SSL certificate ask your WordPress hosting company to install the SSL certificate on your server. If you opt for WPEngine, you will find an option in the dashboard to easily enable SSL certificate on your website.

Step 3:

Now you need to activate the SSL certificate. This can be done either manually or by using WordPress https Plugins. We would be discussing these details shortly.

Step 4:

  • Test thoroughly. If the SSL certificate is added successfully, https appears in your URL with a green padlock beside it.

Step 5:

  • Keep your SSL certificate up to date. If your SSL certificate expires, the following error will be visible to visitors trying to access your site.

The above are the standard steps to configure SSL in your WordPress website. Now we will take you through with each option to install HTTPS in your website.

How to Set WordPress HTTPS for Existing Sites manually

If setting up SSL in multi-site admin area or login pages is required, then you need to tweak the ‘wp-config.php’ file by inserting following line of code above the “That’s all, stop editing!” line:

define('FORCE_SSL_ADMIN', true);

This change will forcefully direct both logins and access area to the WordPress admin area to use SSL. This change will be effective for both single & Multisite install.

Next setting up a 301 redirect is required to redirect any visitor on your site from HTTP to HTTPS. In order to do so, you need to reconfigure ‘.htaccess’ file. If ‘.htaccess’ file does not exist, create a new one. In the ‘.htaccess’ file place the following piece of code at the beginning:

'<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
&amp;amp;amp;lt;/IfModule&amp;amp;amp;gt;

Replace “www.yoursite.com” with the specific domain & replace the port number “80” if you have a different port number.

If you are using nginx servers, then you’d need to add the following line of code to redirect from HTTP to HTTPS:

server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}

How to Install WordPress HTTPS for new sites manually

If you plan to use SSL certificate while launching a new site and categorically want to use HTTPS everywhere on your site, all you need to do is update the site URL. Navigate to Settings -> General & update the ‘WordPress Address’ & ‘Site Address’ field as depicted in below picture:

updating-urls-with-ssl

How to use WordPress HTTPS Plugins

If you are not confident enough to tweak the code, plugins are just the perfect solution. There are several plugins available to add SSL and HTTPS in WordPress easily. While some SSL plugins are pretty basics, the others are advanced with the capability to activate the HTTPS redirection only for some specific pages of your choice. Here are few of the best WordPress SSL and HTTPS plugins out there described briefly.

1. Really Simple SSL

Really Simple SSL

As the name suggests the USP of this plugin is its simplicity. With a single click, this plugin will migrate your entire site to HTTPS. You can have the option of partial WordPress https redirect for pages of your choice, only if you upgrade to pro version.

2. WP Force SSL

WP Force SSL

This basic WordPress SSL plugin can be used to turn the entire site to HTTPS, though the option for partial HTTPS redirection is not available. To use this plugin users need to navigate to Settings-> General & add ‘WordPress Address (URL)’ and ‘Site Address (URL)’ fields.

3. Easy HTTPS Redirection

Easy HTTPS Redirection

This plugin comes with the ability to turn on WordPress https redirect in the entire domain or in some specific pages. If you want to activate the HTTPS redirection partially, you just need to list down the specific URL in the settings.

Plugins do minimize the efforts of tedious work and turn hours’ job in minutes, however, sometimes it impacts the load time as well. To avoid such nuisance, we recommend you always to keep a check on sites’ performance and keep it optimized always.

Does Your WordPress Website Have HTTPS and SSL Installed?

Enabling SSL and HTTPS takes just a few minutes of your precious time, but could save you from a host of perils and unforeseen data thefts which could create absolute havoc and ruin your credibility as a business owner. That is all you need to know about adding SSL certificate to your WordPress.

Don’t forget to verify the changes when you configure and install SSL and HTTPS on your WordPress website. To do so, just visit your website and check if the status bar is with green color badge. Also, check for the below signs to verify it further.

ssl-verification

We hope you have found our endeavor helpful. You can also browse our other articles to find out more about WordPress.