Intro
Having an SSL certificate is a must if you want display trust to users so when you go through the trouble of getting one and updating your URLs to https you want it to show for everyone.
Full Guide
Watch the overview video or keep reading the full article below
Table of Contents
The Problem
So you’ve built your WordPress site you’ve got your SSL certificate, you’ve searched and replaced all of your URLs to sit behind secure https and when you load your site you see that lovely green padlock in the address bar.
So we’re done, right? Well not yet and here’s why. Let’s open up a private browsing window to mimic how other users would first visit your site. For us Chrome users this means opening the infamous incognito window now let’s type in your website’s URL without the preceding http.
What comes up? Well, unfortunately, the regular unsecured http version. Without typing https:// into the browser, which let’s admit no one does, your users and costumes will be directed to the insecure version of your site.
Why would it do such a thing you may ask after I’ve spent all the time to get a SSL cert and update my URLS, well the short answer is the protocols of the internet default to http so you have to force the matter. Luckily this is actually really easy to do and there are two routes to accomplish it.
Solution
If you are extremely lazy or don’t want to mess with coding anything anywhere than this first route is for you. All it involves is installing a plugin called Really Simple SSL from the WordPress plugin library. Activating it and push the button called Activate SSL!
Alternate Solution
So that’s the really easy way to do it, but I’m not a fan of installing plugins if I can accomplish the same goal without it. This route will require a little more experience and higher level access. So if you don’t have access to your CPanel account or don’t know what a CPanel account is then stuck with the plugin, it gets the job done.
In your CPanel account under File Manager in your public_html file, you will find the .htaccess file. If you don’t see it you may have to enable the setting to view hidden files. The .htaccess file is hidden by default.
Go ahead and open the file into the editor and at the top above the other rules but below the first declaration insert the following four lines of rules. Save the file and close. And you are done.
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC] [OR]
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] Conclusion
Adding those rules to the .htaccess file is basically what the Really Simple SSL plugin did automatically for you so that you wouldn’t have to venture into this part of your web hosting environment. Let’s face it most people aren’t willing to mess with stuff back here. I didn’t want to either until I learned my way around better.
Anyway, let’s try our little test again in a private browser window and you’ll be happy to see it goes to https without a problem. I could explain what each rule does but I may save that for a later article.
Of course, when you’re done make sure to clear your website’s cache.
I hope this helps you guys take full advantage of your SSL certificate.
