How to force Http to Https in wordpress

This article will talk about what SSL is, its functioning, and how to move your HTTP site (unsecured site) to an HTTPS site (secured site) in WordPress..

What is SSL & HTTPS? How does it Function?

SSL (Secure Socket Layers) is a digital certificate that uses encryption security to secure your website data and information.

This digital certificate encrypts all communications exchanged between browser and website, keeping it safe from prying eyes.

Installation of this certificate on a website shows a padlock in the URL along with HTTPS in the address bar.

The majority of the sites nowadays start with HTTPS (HyperText Transfer Protocol Secure) instead of HTTP (HyperText Transfer Protocol).

Both these signals state that the site is secured enough and helps maintain the privacy of customer transactions.

The Functioning of SSL:

Exchange of information between browser and web server is encrypted with the help of an SSL certificate. But many visitors have questions on the functioning of the SSL certificate. They are:

  • How does the encryption and decryption process work?
  • How does the plain text get coded into ciphertext and later again converted into plain text on the receiving end?

SSL security algorithms work on encryption and decryption theory. The ciphertext from the encryption process is hard to decode, and only the sender and receiver can decrypt or translate the text. That’s the main reason why cyber-thieves abandon sites with SSL certificates because they are unable to decipher the sensitive information.

Two keys shown in the above picture are used in the encryption-decryption process. They are the public key and the private key.

The message’s sender replaces the plain text with a coded text (numbers and letters) using the public key. To get the correct information of the coded text, the receiver should have the private key sent by the sender, for the decryption process. Without the correct algorithm key, the message cannot be decrypted.

Even in unfortunate circumstances, when the public key is compromised, the message is still safe, because the unknown hacker does not have the private key to decrypt the information.

The SSL certificate has all information regarding the domain name, company name, address, city, state, and country, including the CA name, and expiry date.

Why is it essential to shift website from HTTP to HTTPS in WordPress:

SECURE SENSITIVE INFORMATION:

Your e-commerce store handles thousands of online transactions daily, and hence it becomes all the more essential to secure credit card information, login credentials, passwords, bank account numbers, etc. 

HTTP sites where SSL certificate is not installed are easily susceptible to malware, ransomware, phishing attacks, etc.

Customers trust sites with SSL certificates installed when they make financial dealings, and get an assurance about their data security.

SYMBOL OF TRUST:

Trust, Trust & Trust. Since SSL certificates provide robust encryption security and are SHA-2 enabled, they prove to be a trust symbol. Their encryption standards i.e., 256-bit encryption and 2048-bit digital signatures, prevent cyber-criminals from gaining control over customer sensitive data.

Also, browsers like Chrome have started labeling “Not Secure” on Http sites, which is a significant drawback for businesses.

Another added advantage is that SSL certificates come with trust badges as shown in the above picture. These trust logos are visible on all the pages of your WordPress website.

CONFIGURING HTTPS IN WORDPRESS ADMIN AREA& UPDATE SITE ADDRESS:

To change your WordPress website URL from HTTP to HTTPS you need to follow the below steps.

  1. Login in WordPress Dashboard
  2. Later go to Settings > General
  3. Check whether the WordPress URL and Site URL is HTTPS or not. If not, add HTTPS in both the URL as shown in the image below.
  1. Later click Save.
  2. Go to site’s wp-config.php file and defineForce_SSL_Admin to true

This command will force all logins, URLs, and admin sessions to move over SSL.

CHANGE URL LINKS IN CONTENT, IMAGES, AND TEMPLATES:

Old HTTP links can lead to errors in your site. While migrating a website from HTTP to HTTPS, many times, it may happen that some links related to images, videos, templates, etc. are not processed,; which may lead to Mixed Content Error.

Dr. Link Check is one such Checker tool for locating all HTTP links on your site. To know more about this tool, click here.

SET 301 REDIRECTS IN .HTACCESS:

The main purpose of setting 301 redirects is to forward visitors directly to the secured version. For that, a command needs to be written in the .htaccess file located in the WordPress root directory.

Since this file is hidden by default, unhide all files in the WP root directory and click .htaccess.

Write the below mentioned command in the file.

RewriteEngine on   RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR] RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC] RewriteRule^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]

This will land all visitors on the secured HTTPS version of your WP site. It is essential to ensure that duplication of pages (in both versions) does not prevail, to benefit SEO.


admin has written 25 articles

Leave a Reply