How to Configure WordPress to Use an SSL Certificate

Author: Brian Hochstein

Article republished by permission.

In today’s world EVERY site needs to be served over https. Don’t take just my word for it – take the word of one of the biggest internet companies around: Google. Take a look at their developer’s article titled: Why HTTPS Matters.

Below are the step by step instructions on what to do once the SSL certificate is installed. Got a question? Feel free to ask by posting a comment below.

Step One – Install cert. (Let’s encrypt is automatic)
Step Two – Update urls under Settings – General
Step Three – Force https via htaccess file. (Code included at bottom of this comment)
Step Four – Fix mixed content issues with the plugin Better Search Replace and then uninstall the plugin. (Search: http://www.example.com or http://example.com / Replace: https://www.example.com or https://example.com )
Step Five – Update site in google and bing webmaster tools
Step Six – Sit back, relax and have a cold drink as you are done.

The below are two sets of code seperated by ——– The first set is to redirect to https://www. And the second set is to redirect to https:// (if you are doing this on a live site then do NOT switch from www to naked or vise versa as it will mess with SEO)

# BEGIN Force www & https
# This should be the first rule before other rules
# Redirects example.com and www.example.com to https://www.example.com # [NC] flag makes it so the url is not case sensitive so example.com will be treated the same as EXamPLe.com
# [R=301,L] flag makes it do a 301 permanent redirect which is recommended

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

——————————————————————————————–

# BEGIN Redirect to non-www https
# Redirect www to non-www https

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# Redirect http to https
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# END Redirect to non-www https

Additional notes – Ignore anyone saying to use a plugin like Really Simple SSL. Do it right the first time and you won’t have to worry about fixing it down the road if your site needs to scale big.

Leave a Reply

Your email address will not be published. Required fields are marked *