If you have WordPress sites refusing to work with your SSL certificates, Jack Wallen has a quick fix to show you.
Recently, I realized my professional site hadn't been using SSL for some time. This was an oversight on my part—one that I had to rectify. After all, people could purchase items from the site, and without SSL, those purchases couldn't exactly be trusted.
I had to set out to change this.
My site uses WordPress from WordPress.org, not WordPress.com. Instead, I install the framework manually, so I have more control over it. By doing this, everything is on me to manage and fix. Although the third-party host I use employs SSL certificates, my WordPress site was still displaying the warning that it wasn't secure. I checked the certificates and everything was good to go. The problem was with WordPress.
Fortunately, it didn't take me long to get SSL back up and working with WordPress. I'm going to show you how I did it.
SEE: Security incident response policy (TechRepublic Premium)
What you'll need
- A running instance of WordPress that you maintain and manage
- Ann admin account that allows you to log in to the wp-admin page and install plugins
How to install the necessary plugin
The plugin we'll be using is called Really Simple SSL. The name is apropos, as this plugin does make setting up SSL quite simple.
Log in to your WordPress admin section and go to Plugins. Click Add New and then search for Really Simple SSL. Click the Install Now button associated with the plugin (Figure A).
After the installation completes, click Activate Now (Figure B).
How to configure Really Simple SSL
After activating Really Simple SSL, click Plugins from the left navigation and then the Settings link associated with Really Simple SSL (Figure C).
There's very little you need to do at this point because the Really Simple SSL takes care of everything. For my site, the only thing I had to do was enable the WordPress 301 redirect (Figure D).
This feature redirects all requests over HTTP to HTTPS using a PHP 301 redirect. You use this if the .htaccess redirect cannot be used on NGINX servers.
Point your browser to https://DOMAIN (where DOMAIN is the domain of your WordPress site) and you should now see the lock to the left of the address. Congratulations, you have SSL enabled for your WordPress site.
Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
- Checklist: Securing digital information (TechRepublic Premium)
- How to add categories to a page in WordPress (TechRepublic)
- How to scan your WordPress sites for vulnerabilities (TechRepublic)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)