SSL, why and how to switch your WordPress site to HTTPS?
Last Updated:
Contents
HTTPS (Hyper Text Transfer Protocol Secure) is a protocol that secures data transfers between different websites.
Thanks to an authentication certificate issued by a recognized authority, HTTPS makes it possible to verify the identity of the site and guarantees the confidentiality and integrity of data transmitted by the user.
Why should you switch your WordPress site to HTTPS?
HTTPS secures data transfers by encrypting the information (SSL / TLS), thus limiting the risks of violation.
Its use is also a necessity for natural referencing, Google uses it as a criterion in its algorithm. In addition, Google Chrome, Safari and Firefox browsers now display warning messages such as “dangerous” or “your connection to this site is not secure” which are not very engaging for visitors.
How do you switch your WordPress site to HTTPS?
Your host or domain name manager can offer you an SSL certificate adapted to your needs. For my part, I regularly use Let’sEncrypt, a free certification authority.
To activate HTTPS on your servers, you must generate (or regenerate) the certificate in your hosting once it has been issued by the authority.
The propagation time may vary depending on your host.
How to redirect HTTP to HTTPS from .htaccess file.
To execute an HTTP to HTTPS redirection, you must create or modify the .htaccess file located at the root of your FTP account associated with your domain.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_HOST} ^(?:www\.)?domain\.com(?:.*)$ [nc]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [redirect=301,L]
Replace with your domain.
How to redirect HTTP to HTTPS with a WordPress plugin.
Really Simple SSL is an extension that makes your WordPress site compatible with the SSL protocol without any configuration.
How to remove mixed content.
Although your SSL certificate is valid and active, an alert of this type may persist.
Your connection to this site is not completely secure.
This alert is usually caused by the presence of mixed content in your page. Your site uses a secure HTTPS protocol, but it still contains unsecured HTTP elements. Your console should then report the error with an alert like this:
Mixed content: The page has been loaded in HTTPS. This content must also be served in HTTPS.
The SSL Insecure Content Fixer extension makes it easy to fix insecure content in your WordPress CMS.