wpthemedetector-logo
WordPress Theme Detector Blog
wordpress-ssl-featured

How to implement SSL in WordPress

27 comments

An encrypted WordPress site is very important in today’s world, chances are that if you read this blog you probably know a thing or two about https and why it’s becoming so popular, the keys being secured and Google pushing the implementation more and more with each update.

The standard way of transmitting data to and from the internet in what is known as HTTP 1.1 protocol is something that will sooner or later will become a thing of the past. With the ever increasing attempts at hacking, theft and rising privacy concerns of the technological world of today, the encrypted way of doing things is getting more and more important to the point that Google will penalize websites that are not secured.

When Google and several other companies put as their objective to change a technological paradigm, we better follow suit, specially if the points in argument are more than logical and needed.

HTTPS implementation will help prevent theft, will secure your WordPress site and will improve its visibility. The way Google decided to force this change is by a 2-way plan:

  • Display of a warning on Google Chrome for non secure sites.
  • Giving a slight increase in SEO visibility to SSL-enabled sites.

A bit too much

The idea that Google had initially was a bit too much. They planned to have the browser display red warning signs to non-encrypted sites. A warning such as this:

Google decided to back off that plan and not do it just yet, but they may decide to implement it at a later stage, so it is only a matter of time.

How we are today

The current treatment of non-secure sites in Google Chrome is something like this:

The warning sign is not severe but it is subject of concern to all non-SSL sites because the trend will clearly affect those sites more and more in the future. On the other hand, this is how Google decided to push the SSL-enabled content on their browser.

Not only does it show the green lock but they added the Secure legend to further signal the importance.

But the Certificate is not free, or is it?

Yes and no. If you own a digital store you need to take care of paying for a certificate because there will be a company behind that certificate that will give a guaranteed sum of money in case of theft. You need this guarantee for your customers. Paying for a certificate when you sell stuff on the internet is a must. But what about your new blog or your magazine?, you don’t sell stuff there, you post articles and make useful information available. In that case, Let’s Encrypt is the first gate to your free certificate that can be easily added to WordPress and instantly improve your Google SEO rating.

Let’s Encrypt certificate can’t guarantee any amount of money because they can’t guarantee anything besides giving you a free certificate, but it will be absolutely valuable if you don’t sell stuff on your site and you just want to reap the benefits of going secure.

Using SSL encryption will not only allow you to enter into Google’s good behavior pattern but will also benefit you with the new and improved HTTP/2 protocol which is and will be only supported on SSL enabled sites. A decision made by all major companies when the new standard came to be.

Let’s Encrypt Plugin

So, you’re interested in going https with your WordPress installation?  This is your first step.

wp-encrypt

The plugin can be easily added from the WordPress Plugins directory or directly from your WordPress installation. You can search for it and enable it. Let’s see how it looks.

wp-encrypt settings

The first thing to do is to load all the pertinent important information. It is highly advisable to fill the form properly with correct data because this will be stored in your certificate. The auto-generate certificate and expire warnings should be enabled.

Once you have everything in place, proceed to Register Account.  This will send the signal to Let’s Encrypt servers and will proceed to create your new certificate. Let’s Encrypt certificates have a validity of 60 days and will be auto-renewed if you keep your WordPress plugin in place.

SSL Certificate

Once the certificate is in place you can easily download the information so you can upload it to your hosting control panel, the routes will be easily visible and you can use any file explorer or even an FTP connection to extract those files.

There will be different procedures to upload and activate the certificate according to your control panel of choice but I will not cover those. I will show you the most widely used today, which is cPanel so you can get an idea.

Install the certificate on cPanel

From your account panel you can go to your SSL/TLS settings

Certificate install

You will proceed to go to Install and Manage SSL for your site.

manage SSL

The first thing to do is fill the domain field and then you can easily copy-paste the contents of the certificate file, which will be the cert.pem that Let’s Encrypt plugin gives you and the Private key, corresponding to the private.pem file.

Once you have everything in place, the certificate should be enabled. The next step is to go into your WordPress installation and point it to the https version, like this:

http to https

That’s it !. Your site should be running on https now !

But I’m getting mixed content!

Mixed content is something that will always happen after you switch your site and it will break your green lock display on all browsers. This happens when some of your assets are loaded over http and the problem with mixed content is that even a single asset loaded over http can break your green lock and penalize you for it so you should absolutely need to take care of it.

The solution can be as easy as an SQL query in your phpMyAdmin menu.

You need to replace the specific parts in your WordPress database that are currently pointing to your old http site version. This can be easily done with just 2 SQL queries. You need to copy paste this content and modify it with your domain and execute those queries in the SQL Query window of phpMyAdmin:

UPDATE wp_posts SET post_content = replace(post_content, 'http://www.yoursite.com/', 'https://www.yoursite.com/');

UPDATE wp_postmeta SET meta_value = replace(meta_value,'http://www.yoursite.com/','https://www.yoursite.com/');

This piece of code will replace all the instances in the database that has http assets with the https version, you just need to replace the www.yourdomain.com  part of the code with your domain value and please, do a backup of your database before trying it !

Once you execute that query you should see the amount of links that got modified. If you’re using Divi don’t forget to modify the location of your Logo & Favicon with the https version since that data won’t get modified by these queries.

Conclusion

Implementing https on your WordPress site is easier than ever now and with a single query to your database you can fix any mixed-content errors and have your site running in SSL in no time. The later steps involves adding a new SSL domain in your Google Webmaster tools and Analytics and monitoring any 404 errors that may arise. There is no excuse to switch your site to Secure and be ahead of the changes that are coming.

Alex Vojacek

Alex Vojacek is a full-time sysadmin for ESH, his own hosting company, a veteran in WordPress Design and a speed freak. He is also the founder of TecnoGaming, a Gaming & Tech magazine in Latin America. When he is not managing or designing something, he loves to write about technology.

Latest posts by Alex Vojacek (see all)

Liked this post? Please share it!

27 Comments

  1. You have cleared some of my confusions regarding Let’s Encrypt. I am user of Cloudways and they are providing Let’s Encrypt. I am happy with Let’s Encrypt but after some time you’ll get a notification from google that your SSL certificate is not Authorised.

  2. You need to check if your certificate is renewing properly. Let’s Encrypt only allows you to use the certificate for 60 days, if the hosting implementation of Let’s Encrypt don’t renew the certificate in that period you may receive warnings.

    • I am aware of that that Alex. I always keep on auto renewal.

      • i think it has to be done manually to be more precise

  3. In Hostgator hosting you have no way to configure ssl / tls and would like to know how to do this …

  4. At last, an easy to follow guide for installing SSL on a blog that doesn’t process payments! And thanks for the bit on updating MySQL DB, that’s the bit I was missing;) Thank you Alex!

    • It is available in your hosting company.

  5. Hi,

    Glad to know that Let’s Encrypt came with a plugin. Thanks for sharing the code to fix the mixed content issue.

  6. Hi,

    I will suggest bloggers, to first study and make themselves ready before they get into SSL thing for their website.

    It may seem simple here but, there are consequences for not setting up SSL properly.

    Things to avoid like:- Self signed SSLs “Free” (Google oppose this)

    And most important, For a properly working SSL, You need a dedicated server hosting, which will cost you high. So make sure, if you are ready to afford it.

    I am in favor of upgrading sites to SSL but, A well preparation will avoid many bad things.

    Thanks

  7. Hi, thanks for your article; I have an additional domain in my account and it gives me an error in the google bar: “This page is trying to load scripts from unauthenticated sources” How can I fix this??? It´s makes me crazy…I don´t understand what happens and in google i can´t found info.

    Thanks a lot!

  8. I have installed SSL on one of my domain and when I checked in whynopadlock.com. It is showing an error that “Server supports SSLv3, may be vulnerable to POODLE attack. It is suggested to disable the SSLv3 protocol.
    Server certificate”

    I can’t understand what it is exactly. I asked hosting company to Fix because hosting company installed the SSL on my domain.

    Question-2

    Is is necessary to install an SSL on domain having a website/blog. Can we install SSL first on the domain and then install WordPress. what is the different between these two things? Kindly explain. thanks.

  9. hi,
    i never knew that Lets encrypt came up with a plugin, in fact i am really glad to know.And By the way thanks for sharing the code. It really helped me out.

  10. Hi,

    I recently installed “Let’s Encrypt” by using ‘WP Encrypt Plugin’ on my WP multisite and every thing seems to be working all right except the one issue, which is as follows.

    https://www.subdomain.mydomain.com >> https://subdomain.mydomain.com

    The above redirection does not work. I also took help of the author of “Really Simple SSL”, who helped me alot and solved some of the critical issues, but above redirection issue could not be resolved.

    I also tried to contact the author of ‘WP Encrypt Plugin’ but he has abandoned the project and now not available.

    In view of the above, Can you look into my site https://exploremyindia.in/ and help me please.

    Thanks & Regards.

  11. By Alex very good keep it up but can you share about free SSL?

  12. Thanks for the helpful information on SSL. I already know a new plugin.

  13. Before now I still configured in nginx. By reading today’s posts I know that Let’s Encrypt has such automatic configuration plugin. Thanks for sharing.

  14. Everything working fine, except that when on Dashboard > Home I get exclamation mark across padlock in URL bar. Anyone know what content is being served insecurely on this page?

  15. Hye I already knew about Let’s Encrypt but its interesting read. keep it up.
    And thank you

  16. Really useful post about SSL ….
    Thanks for sharing amazing post.

  17. Hello everybody! Thank you very much for the article. It is very nice. I would like to ask a thing. Is the ssl very important for SEO Local? Can we go down in the Google ranking if we don`t have ssl? The website isn´t ecommerce. Thank you very much for all. All the best from Lanzarote.

  18. we re using it on some of our websites but y’know it kinda slows down the loading of the website and google said websites which have ssl will get a tiny little improvement on SEO but we have not seen any improvement. on the other hand we swiched on of our websites to HTTPS and google knows all of our links as new links! and they lost thier rank on google!

  19. Thank you for another useful post which seems to be easier than the one noted here at wpbeginner.com/wp-tutorials/how-to-add-free-ssl-in-wordpress-with-lets-encrypt/

    Here he recommended another plugin named Really Simple SSL

    If I follow your suggestion on bdnews.one do I still need to use Really Simple SSL plugin?

  20. Hello everybody! Thank you very much for the article. It is very nice. I would like to ask a thing. Is the ssl very important for SEO Local? Can we go down in the Google ranking if we don`t have ssl? The website isn´t ecommerce. Thank you very much for all. All the best from Lanzarote

Submit a Comment

Your email address will not be published. Required fields are marked *