How to Secure Your WordPress Website with SSL

In this article, we will show you how to secure your WordPress website with SSL.

In today’s world, the security of the website is the first priority. There are so many cyber-attacks cases registered, and so many popular websites are getting hacked every day.

It has become mandatory to take into consideration all the possible security measures to safeguard your website from the mischievous cyber attackers and hackers.

The first step you should take is to buy SSL certificate and install on your WordPress website.

Secondly, you should move your website urls from HTTP to HTTPS.

What Are HTTPS and SSL And How Do They Secure A Website?

Before moving to the detailed steps, you should know what SSL and HTTPS are all about and how they keep your website secure. HTTPS is an encryption method that lets the users access your website over a secure connection.

If you have a website that collects personal data from users or if it is an e-commerce site, you would be having a form where the users have to enter card details.

If the connection is not encrypted and secured, the data can get hacked and leaked by illegal access. Therefore, HTTPS is mandatory to prevent hackers from eavesdropping.

Coming to SSL certificate is a unique for every site. It helps the web browsers to identify whether the connection is secure and whether the site has been hacked and contains malware or not.

If there is any concern, your web browser will show your appropriate messages like ‘Your connection is not private’, ‘the website is not secure’ and likewise.

SSL certificate has become mandatory for every e-commerce site where a payment gateway is involved.

Furthermore, Google has announced that HTTPS and SSL will boost the ranking of the website on search result pages. Now, we will tell you how to secure your WordPress website with SSL.

Requirements To Secure Your WordPress Website With SSL

Before anything, you have to buy an SSL certificate from the web host from whom you have bought the web hosting plan.

Some of the web hosting plans may have free SSL certificate like Siteground, and in such cases, there is no need of buying it explicitly.

Some web hosts offer SSL certificate for a year after which you have to renew. After buying it, you can ask your web host to install it on your web server space for security.

Steps To Secure Your WordPress Website With SSL

Step 1. Change Your Website URL

If you are going to use HTTPS, you have to change your existing site URL from HTTP to HTTPS. For that, go to Admin Dashboard. On the left menu, find Settings and go to General.

In the right screen, you will see the options WordPress Address and Site Address. Change them from HTTP to HTTPS.

Step 2. Redirecting from HTTP to HTTPS

If you have purchased SSL certificate and adding it to your WordPress website, you need to redirect WordPress from HTTP to HTTPS. For that, you have to paste the following lines of code in the .htaccess file in the root directory.

You can get access to the file by connecting to your web server via FTP. Remember to change ‘yoursite’ URL with your website URL.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]

In case you are using Nginx server, you have to use the following lines of code instead of the above. Remember to replace ‘yoursite’ URL. 
server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}

This is a step most of the website owners do not do and complain about getting HTTPS not working error.

Step 3. SSL Installation for WordPress Multisite

If you are running a network of sites from single WordPress installation, using the above method may not help you get SSL available for all the domains and sub-domains. In such cases, you have to edit wp-config.php file and paste the following line.

define('FORCE_SSL_ADMIN', true);

This trick can also be applied to single sites as well in case SSL does not appear or all pages.

Step 4. SSL Installation For Special Pages

Some people are of the opinion that HTTPS and SSL slow down the webpages’ load speed and therefore, they apply HTTPS and SSL in specific pages where it is mandatory.

For that, you have to install the plugin named WordPress HTTPS(SSL). So, install and activate the plugin from Dashboaord>Plugins> Add New> Search.

WordPress HTTPS (SSL)

Once the activation is done, the plugin will add a new menu option named HTTPS in your WordPress Dashboard’s left menu. Go to that and click on Settings. The first option should have your domain name else you can mention it explicitly.

If you are using a shared SSL certificate that you got from your web host, the domain name will be different which is always the root domain name that has the SSL certificate installed.

The second option is Forced SSL Administration which must be ticked so that all the admin connections are fully secured.

The third option is the most important which let you use SSL option on pages you want and the rest of the website will be accessible in normal HTTP mode. It could be the login page, shopping cart checkout page and likewise. Check this option here and Save Changes.

Then you have to go and edit those specific pages where you want SSL activation. On the left side, you will see HTTPS box with options Secure post and Secure child posts.

Tick mark the first option and Save changes. Now, if you visit the page on your web server, you will see HTTPS green icon on the address bar.

Just for information, the following is a complete chart to understand which websites/web pages are SSL/HTTPS and which are risky to access.

You should never enter personal information and passwords on sites that have the last red option on the address bar else there are high chances of getting hacked.

Hopefully, you have understood how to secure your WordPress website with SSL, and it will help you increase your website security immensely.