We explain how you can quickly and easily convert your existing http, non-secure WordPress website to use https:// and be protected by an SSL certificate.
Before you use these steps you’ll need to ensure you have an SSL certificate. All DomainsFoundry web hosting plans include Free Let’s Encrypt SSL Certificates which are pre-installed and ready for you to use.
We strongly recommend taking a backup of your WordPress website before making changes.
How to use a plugin to convert your WordPress site to use SSL
- Log in to your WordPress Dashboard
- Click Plugins > Add New
- Search for really simple ssl
- Click Install Now next next to the Really Simple SSL plugin by Rogier Lankhorst
- Click Activate
- Click Go ahead, activate SSL
How to manually edit your WordPress site to use SSL
If you don’t want to use an extra plugin and prefer to make the changes yourself manually then you can use these steps.
1. Configure WordPress site to work through https://
- Log in to your WordPress Dashboard
- Click Settings > General
- Update WordPress Address (URL) and Site Address (URL) from http://www.yourdomain.co.uk to https://www.yourdomain.co.uk
- Click Save Changes
2. Update hard-coded links
Next step is to fix any hard-coded links on your website which are using http:// and change these to https://.
We recommend using the really great Search Replace DB script by interconnect/it.
Note that this script can damage your WordPress database. We strongly recommend making a backup of your database before using it. It’s easy to use but if you feel uncomfortable please contact your WordPress developer first.
- Download the Search Replace DB script Zip File
- Upload the zip file to your web space and use cPanel File Manager to extract it
- Open https://www.yourwebsite.com/search-replace-db-master/ in your web browser
- The script will automatically find and use your WordPress database details, check these are correct.
- In the replace – search for field enter http://www.yourwebsite.com — Replacing yourwebsite.com with your domain.
- In the with – replace with… field enter https://www.yourwebsite.com again — Replacing yourwebsite.com with your domain.
- Click Dry run to test the changes
- Click Live run to make the changes to your WordPress database.
- Once finished, delete the search-replace-db-master directory. Do not leave this directory online as it is a security risk
3. Fix insecure items on your site
If you see an insecure or mixed content warnings when visiting your website over https://, it is typically due to CSS, JS or external links. You can look into what is causing the warnings using your web browser console.
- Google Chrome Console in Developer Tools
- FireFox Web Console or Firebug
- Internet Explorer F12 Developer Tools Console
- Safari Error Console
4. Force your website to be accessed only over https – (optional)
Add the following code to the top of your .htaccess file to force everyone to access your website only through https.
# ----------------------------------------------------------------------
# | Forcing `https://` |
# ----------------------------------------------------------------------
# Redirect from the `http://` to the `https://` version of the URL.
# https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</ifmodule>
