Is your site secure? In this article, we are going to make sure it is!
We will look at how to redirect HTTP to HTTPS in WordPress which will secure your site for your customers.
As well as giving your users privacy HTTPS will also give you an SEO boost thanks to Google.
To run your website over HTTPS you will need an SSL certificate, this can sound scary. Don't worry they are free and I will walk you through the process.
We will cover:
Installing an SSL certificate (if you have not got one)
Redirect your HTTP traffic to HTTPS
Using a CDN (Optional but recommended)
Let's get started.
Is your site secure?
Before you install any plugin on WordPress make sure you have a backup. 99% of the time installing a plugin goes without a hitch and uninstalling the plugin will fix the problem. Yet, if something does go wrong you want to be able to rollback.
Once you have a backup we need to check if your site already has an SSL certificate. This is the file that your web server uses to secure the connection to the users’ browser.
The browser reads the SSL certificate and if it is valid it will give you a lock sign like this:
This lets users know your site is secure.
Does your site have this lock symbol?
To check, open the browser and visit your website. Type your address and make sure to include https:// at the beginning of the URL, like this:
This means that your site does not have an SSL certificate and cannot work over HTTPS.
Luckily for us, SSL certificates are now available for free and with the help of a plugin, it is easy to set up.
Next, let's look at installing an SSL certificate and redirecting to HTTPS.
Install SSL and Redirect
LetsEncrypt is a non-profit company supported by Facebook, Shopify, and Wix. LetsEncrypt creates a more secure internet by providing SSL certificates for free. This is great as SSL certificates used to cost hundreds of dollars.
There are a few plugins that use this free service to set up the certificate for you. The one I recommend is SSL-Zen.
They have an instructional video on how to get this set up on the plugin page. Here is the basic outline:
Download the plugin
In the WordPress admin panel click “add new”
On the plugin page you will need to press “Upload Plugin” then click “Choose File”
Select the zip file you downloaded in step one and the plugin will load
Choose “activate” to see the setup guide, you will need to give access to Cpanel with a username and password.
The great thing about SSL-Zen is they will also set up the HTTP to HTTPS redirection for you when you activate SSL:
Once the plugin installs, test your site. Type the address again this time you can use the HTTP version like this:
You will get redirected to the secure site and see the lock when accessing the site.
If you already have a lock in the browser then you have an SSL certificate installed. This could be because your hosting provider has set one up as part of your hosting package.
Yet, your site has not been set up to redirect from HTTP to HTTPS. To test this type your sites web address with HTTP into the browser, for example:
Are you sent to:
If not, then you can install a plugin to do the redirect. The plugin I recommend is Really Simple SSL which will create the redirect for you.
This plugin is different from SSL-Zen because it does not create an SSL certificate. It only handles the redirection from HTTP to HTTPS.
The plugin installation is straight forward. Download the plugin and follow the installation instructions. Don't forget to backup!
Once installed and enabled you can test it in the browser like this:
And the URL will change to:
You should also see a lock symbol. You now have HTTP to HTTPS redirection set up.
Next, I want to talk about CDN. Having many plugins can slow down your site, one solution is to use a CDN instead as this can do the redirection for you.
Consider a CDN
One of the easiest ways to set up redirection for a website is to use a CDN. And unlike a plugin, this will not slow down your site.
A CDN will cost you money each month but this can be worth it as they can also increase your traffic. This is because they speed up the TTFB which will make your site faster.
The CDN I recommend is CloudFlare. It can enable HTTPS redirection with one button with a feature they call “Always use HTTPS”. Once enabled all web traffic will use HTTPS:
To enable it, login to your CloudFlare account and go to the “SSL/TLS” section:
Then click on “Edge Certificates” tab:
Scroll down to the “Always use HTTPS” option. Click on the toggle and it will switch to on:
Once set up your website will work only with HTTPS. There are many other advantages of CDNs but the ease of configuring SSL is one.
The last task is to set up Google Search Console.
Update Google Search Console
Now the site runs over HTTPS we need to update Google with the new URLs. This is because Google will have indexed your site using the old HTTP links. Changing these Google links to HTTPS will speed up your site. Redirects from HTTP to HTTPS slow down your web pages so you want all the Google links to be HTTPS.
You can do a site search and check if the term http:// is in the URL. For example, if I wanted to check if there were any HTTP links in google for PageDart I would use this query:
Here are the results I get:
I get no results which are the result I am after. If we search for HTTPS links we find:
How do you make this change?
There are three tasks you need to perform to update your site: