By default, WordPress is not configured to use SSL certificates no matter the fact that your domain might be using such. The configuration however is quite an easy and straight process which if you follow this tutorial you will be able to handle on your own.
In this tutorial, we will mostly discuss how to configure the plugin required for the SSL certificate. You will need to know of course how to install a plugin in your WordPress, however, if you are not convinced that you are fully aware of how this process should be handled please refer to another article from our WordPress series related to the management of your plugins.
To enable SSL for your WordPress, you will need to: #
1. Install the SSL plugin #
First we will begin with installing the plugin for the SSL activation and configuration of your website. This can be quite easily achieved if you login into your WordPress admin area and navigate to Plugins→Add new.
Then you will need to type the name of the plugin in the search box – “Really Simple SSL”
In order to install the plugin you will need to click on the Install Now button.
Once the plugin is installed and activated it will automatically enable SSL for your website if a SSL certificate is alredy installed on your domain. To further configure the plugin’s settings, you can either use the link from the plugins manager or navigate to Settings→SSL from the side panel of your admin area.
2. Configure the SSL Plugin #
On the newly opened settings page, you will see three tabs. The first one is the Configuration tab and in it you will be able to see the setup of your connection. If you did not have an SSL Certificate for your website you will see a warning message here suggesting to fix the issue.
Do not worry about the HTTP Strict Transport Security option. This is just another security rule that protects against protocol downgrade attacks. If you absolutely want to add the rule, you can either buy a premium license for the plugin or try using the following code snippet in your .htaccess file:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPSThe next tab represents the settings you can change:
- Stop editing the .htaccess file – Checking this will halt the editing of the .htaccess file. This can be done if you are certain all of your redirection rules are correct and do not need additional editing. If this option is checked, and you are experiencing issues, you can enable debugging and check if you need to re-enable .htaccess editing. (It is recommended to leave this unchecked)
- Auto replace mixed content – Mixed content occurs when your website has both HTTPS and HTTP content types. The plugin will make sure to fix all of the mixed content by using HTTPS rules for all of the HTTP content.
- Debug – Enable this option to unlock the 3rd tab of the settings menu. In it you can see the plugin’s report on issues and how to fix them.
Once you are ready configuring these settings please click the Save button.