Convert your WordPress site from http:// to https:// (SSL) using Let’s Encrypt

When you install a WordPress site, you most likely are going to start off with a website that is isn’t encrypted.

http://

vs

https:///

The latter, https:// is much more secure.

The impact of not having encryption that can be huge if you sell products or services as customers may not want to trust someone’s website that isn’t secure. Furthermore, Google Chrome has started to give pretty severe warnings whenever a site isn’t secure interrupting the experience of users.

Here’s a quick tutorial on how to encrypt your WordPress site.

1. Encrypting your Site

There are a couple of options available if you want to encrypt your site. I’m going to discuss Let’s Encrypt since it is a free solution and one of the most widely used.

Screenshot of Let's Encyrpt website

https://letsencrypt.org/

Option 1 – Your WordPress Hosting offers Let’s Encrypt (Recommended)

Screenshot of DreamHost and their Secure Hosting options

I currently use DreamHost as my provider for my WordPress hosting needs. One of the features they offer is a simple way to integrate SSL encryption into your website installations.

Login to your host to explore if your WordPress hosting provider offers Free Let’s Encrypt SSL certificates.

This is the recommend pathway as it is relatively easy and simple to do.

Option 2 – WP Encrypt Plugin by Felix Arntz

WP Encrypt is a plugin that adds SSL certificates to your WordPress site. Unfortunately, it’s not longer maintained and the directions aren’t straight forward.

2. Force your site to be HTTPS

1. Change the settings of your website to be https://

General in WordPress” class=”wp-image-359″/>

On the General Settings page, it is recommended that you modify the WordPress address and Site Address to now have a https:// at the prefix.

2. Modify .htaccess file

The final step in the process is to modify your .htaccess file to force anyone who accesses your site via http:// to be redirected to https://. The .htaccess file allows you to control user and server behavior in regards to the urls on your site.

Add the following lines to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

Your .htaccess file should look like this when you are done.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

3. Clean Up

1. Rename files and posts to be https://

You most likely will have some errors on posts and images that still have an http:// prefix. In order to fix these errors at scale, install the Better Search Replace plugin. This plugin will allow you to search and replace all the instances of http:// to https://.

Once you activate the plugin, it will be under the Tools section of WordPress.

Better Search Replace” class=”wp-image-361″/>

You then want to write a query that will search for instances of your http:// site and replace them with https://.  See the screenshot below.

Screenshot of Better Search Replace

2. Add https:// property to Google Webmaster

Lastly, you want to add a new https:// property to Google Webmasters.

Stay up to date, get my newsletter