Sorry for not posting in a while, I’ve been really busy! But here goes….
I’ve just switched to HTTPS the second of my own sites that I’ve made the switch with. Often a lot of people make a big deal about how hard it is and the potential issues with doing so, but with WordPress it really isn’t and if you don’t want to fork up the £30-50 a year for the certificate, you don’t have to, and you can still get the HTTPS protocol.
If there are any of you that don’t know HTTPS is Hyper Text Transfer Protocol Secure, secure being the new addition to the standard HTTP. It essentially means that all you communication between your browser and website is encrypted, therefore harder to get a hold of.
Why Switch To HTTPS?
There’s tons of articles out there saying why you should and shouldn’t switch to HTTPS, so I’m just going to quickly summarise it into a few key reasons why you should.
- Google are going to show a red padlock to users who visit a none secure site (HTTP) in the new year, this could put users off using your website and buying if you are ecommerce.
- HTTPS sites are given a small ranking boost by Google.
- Having your website encrypted is obviously a positive, and the green padlock can help users trust your website.
Steps To Do So:
If you want to change your site to HTTPS then please follow these steps carefully. Don’t do what I did and lock myself out of my WP-Admin…. Which I’ll explain.
Step 1: Sign Up To CloudFlare
CloudFlare is an awesome platform that you can use for website security, along with giving you free HTTPS it can also help you improve your cache, load times and prevent DNS attacks.
Step 2: Add Your Website
It’s very simple and straight forward, once you’ve signed up to CloudFlare then add your website.
Step 3: Changing Your Name Servers
Once you have added your site to CloudFlare you will be prompted to change your name servers. This typically is done in your hosting platform login – so for me it was in the TSOHost admin section.
You need to switch to the two name servers they prompt you and then run the check. It’s fairly straight forward and switching name servers usually only takes a few seconds so don’t be frightened!
Step 4: Implementing the Right Plugins
Down your tools a second and head back to your website. There are two major plugins that you need from a WordPress point of view, and here are the two best ones to implement. Make sure you do not skip this step it’s very important! (Remember when I was talking about locking myself out of WP-Admin….yeah).
WordPress HTTPS – This essentially redirects your site to HTTPS and makes the process a lot easier. Here’s how you should have the plugin settings:
CloudFlare Flexible SSL – Now this is the majorly important plugin, if you don’t implement it WordPress will create a redirect loop and you will be locked out of your WP Admin, which then means fiddling around with your FTP to try fix the issue.
I’ll write about how I fixed the redirect issue later and link to it from this post.
Step 5: CloudFlare Settings
Now you need to put in place HTTPS – this can take up to 24 hours for a certificate to be issued so don’t worry it won’t work straight away.
When on your CloudFlare dashboard go to “Crypto” then change your SSL settings (the first box) to “Flexible”. This is the bit that takes the 24 hours as yours won’t be active yet.
See you tomorrow!…. When 24 hours has passed and that is now reading active you can move on to the next bit. On that same “crypto” page scroll right the way to the bottom and you will see a section called “Automatic HTTPS Rewrites” make sure that you tick that to On.
Now this next bit is just a back up to ensure that your whole site redirects to HTTPS correctly, go to the page rule section and add a rule to have your site redirect to HTTPS it works precisely like this:
You obviously need to replace my domain with yours but it needs to be in the same http://*domain.com/* format, and add a setting to always use HTTPS.
Step 6: WordPress URL Change
Your in the home stretch now, everything almost in place the only thing you need to do is change your standard WordPress URL. Go in to your general setting (Setting > General) and change your WordPress URL & Site URL to the HTTPS version of your site. This will log you out.
That’s it though, everything should now be HTTPS.
The only issue you could potentially see is if a page has an image on it that is still HTTP, this will throw up a “mixed content” error on your encryption, which usually means that it’s being used in a plugin that isn’t supported by “WordPress HTTPS”. What to do in this scenario is just to re-upload the image and it will come through as HTTPS.