Requirements: A SSL-Certificate, e.g. a free one from Let’s Encrypt.
Manual Setup
** Make sure you have a valid SSL certificate set up.
** Change WP Admin Settings: In your WordPress backend go to Settings > General and update your WordPress and site URL address fields to „https://…“
** Edit wp-config.php File: Force both logins and access to the WordPress admin area to use TLS/SSL. Add to the wp-config.php:
define('FORCE_SSL_ADMIN', true);
** Edit .htaccess File: Set 301 redirect, so that anyone visiting your site will be redirected to https. Edit the .htaccess file. Enter in the correct server port if it isn’t 80. The snippet goes before the code block that starts with „# BEGIN WordPress“.
# Redirect to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If you are on nginx servers, use this instead:
server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}
** Finally run a search and replace in the database, changing „http://www.yoursite.com“ to „https://www.yoursite.com“.
Using a Plugin
Among others, there’s the popular and reliable Really Simple SSL plugin for WordPress. Unfortunately it caused issues with the wptexturize() WordPress function on my sites, so I stopped using it.
Troubleshooting
** The browser reports too many redirects, respectively „Really Simple SSL“ cannot detect the certificate.
Check cloudflare or other third party tool SSL settings, that may result in a redirect loop.
** Site shows a white screen of death.
Check SSL certificate. Wildcard certificates sometimes don’t work as expected.
Tags: SSL, TLS, HTTPS
