How to force WordPress to use SSL

If you have WordPress sites refusing to work with your SSL certificates, Jack Wallen has a quick fix to show you.

wordpresshero.jpg

Image: Jack Wallen

Recently, I realized my professional site hadn't been using SSL for some time. This was an oversight on my part—one that I had to rectify. After all, people could purchase items from the site, and without SSL, those purchases couldn't exactly be trusted.

I had to set out to change this. 

My site uses WordPress from WordPress.org, not WordPress.com. Instead, I install the framework manually, so I have more control over it. By doing this, everything is on me to manage and fix. Although the third-party host I use employs SSL certificates, my WordPress site was still displaying the warning that it wasn't secure. I checked the certificates and everything was good to go. The problem was with WordPress.

Fortunately, it didn't take me long to get SSL back up and working with WordPress. I'm going to show you how I did it.

SEE: Security incident response policy (TechRepublic Premium)

What you'll need

  • A running instance of WordPress that you maintain and manage
  • Ann admin account that allows you to log in to the wp-admin page and install plugins

How to install the necessary plugin

The plugin we'll be using is called Really Simple SSL. The name is apropos, as this plugin does make setting up SSL quite simple.

Log in to your WordPress admin section and go to Plugins. Click Add New and then search for Really Simple SSL. Click the Install Now button associated with the plugin (Figure A).

Figure A

wpssla.jpg

Installing the Really Simple SSL plugin for WordPress.

After the installation completes, click Activate Now (Figure B).

Figure B

wpsslb.jpg

Now that Really Simple SSL is installed, you can activate it.

How to configure Really Simple SSL

After activating Really Simple SSL, click Plugins from the left navigation and then the Settings link associated with Really Simple SSL (Figure C).

Figure C

wpsslc.jpg

The Really Simple SSL entry in the WordPress Plugins page.

There's very little you need to do at this point because the Really Simple SSL takes care of everything. For my site, the only thing I had to do was enable the WordPress 301 redirect (Figure D).

Figure D

wpssld.jpg

Enabling the WordPress 301 redirect feature.

This feature redirects all requests over HTTP to HTTPS using a PHP 301 redirect. You use this if the .htaccess redirect cannot be used on NGINX servers.

Point your browser to https://DOMAIN (where DOMAIN is the domain of your WordPress site) and you should now see the lock to the left of the address. Congratulations, you have SSL enabled for your WordPress site. 

Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Also see