Latest News

How to force WordPress to use SSL

If you have WordPress sites refusing to work with your SSL certificates, Jack Wallen has a quick fix to show you.

Image: Jack Wallen

Recently, I realized my professional site hadn’t been using SSL for some time. This was an oversight on my part—one that I had to rectify. After all, people could purchase items from the site, and without SSL, those purchases couldn’t exactly be trusted.

I had to set out to change this. 

My site uses WordPress from WordPress.org, not WordPress.com. Instead, I install the framework manually, so I have more control over it. By doing this, everything is on me to manage and fix. Although the third-party host I use employs SSL certificates, my WordPress site was still displaying the warning that it wasn’t secure. I checked the certificates and everything was good to go. The problem was with WordPress.

Fortunately, it didn’t take me long to get SSL back up and working with WordPress. I’m going to show you how I did it.

SEE: Security incident response policy (TechRepublic Premium)

What you’ll need

  • A running instance of WordPress that you maintain and manage
  • Ann admin account that allows you to log in to the wp-admin page and install plugins

How to install the necessary plugin

The plugin we’ll be using is called Really Simple SSL. The name is apropos, as this plugin does make setting up SSL quite simple.

Log in to your WordPress admin section and go to Plugins. Click Add New and then search for Really Simple SSL. Click the Install Now button associated with the plugin (Figure A).

Figure A

Installing the Really Simple SSL plugin for WordPress.

After the installation completes, click Activate Now (Figure B).

Figure B

Now that Really Simple SSL is installed, you can activate it.

How to configure Really Simple SSL

After activating Really Simple SSL, click Plugins from the left navigation and then the Settings link associated with Really Simple SSL (Figure C).

Figure C

The Really Simple SSL entry in the WordPress Plugins page.

There’s very little you need to do at this point because the Really Simple SSL takes care of everything. For my site, the only thing I had to do was enable the WordPress 301 redirect (Figure D).

Figure D

Enabling the WordPress 301 redirect feature.

This feature redirects all requests over HTTP to HTTPS using a PHP 301 redirect. You use this if the .htaccess redirect cannot be used on NGINX servers.

Point your browser to https://DOMAIN (where DOMAIN is the domain of your WordPress site) and you should now see the lock to the left of the address. Congratulations, you have SSL enabled for your WordPress site. 

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

http://www.techrepublic.com/

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see

Read More

Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker