HTTPS stands for Hyper Text Transfer Protocol Secure. It is the secure version of HTTP, the standard web protocol over which data gets transmitted between a web browser and a web server. The benefit of using HTTPS is that all the communication between the web server and the visitors’ browsers are encrypted before they are transmitted over the network. Also known as SSL authentication, it uses the concept of encryption/decryption key pair for protecting the sensitive data. A user must supply the corresponding decryption key for gaining access to the data transmitted in encrypted format.
Although SSL has traditionally been used by the websites dealing with financial transactions, the scenario has drastically changed over the course of last few years. With the rise in the number of incidents involving web security breaches, there is an increasing trend of all sorts of websites inclining towards the use of SSL certificates.
To prevent the major security vulnerabilities – be it Sensitive Data Exposure, Cross-Site Scripting or Broken Authentication Tokens – the most straight-forward approach is to take the SSL route. If you have decided to invest on SSL certificates for your WordPress website, then you have definitely taken the right decision.
Next comes the most important part. How to configure SSL on your WordPress website? Thankfully, that’s not too difficult a task if you have an SSL certificate installed on the server. Your web hosting partner can help you with the installation part, but configuring SSL would still be your own responsibility. This tutorial will take you through the procedure of setting up HTTPS on your WordPress website in a step by step manner.
Step 1: Buy SSL Certificate
I would like to recommend that purchase Comodo SSL Certificate from SSL2BUY (authorized re-seller of Comodo CA). They are offering cheapest price SSL certificate products and dedicated to provide excellent services as free installion support, 30 day refund policy, lifetime re-issuance, 100% satisfaction guarantee, etc.
Step 2: Get the SSL Certificate Installed
If you have a VPS or dedicated server with root-level admin access, then you can install the SSL certificate on your own. Otherwise you can raise a support ticket with the technical support wing of your hosting provider to get it installed on the server.
Step 3: Change the Primary Site URL
After SSL is installed on the server, login to your WordPress admin panel and go to the ‘Settings’ >> ‘General’ tab. Under the General Settings section, you need to update two URLs – WordPress Address (URL) and Site Address (URL). Just replace ‘http’ with ‘https’ at the very beginning of both these URLs.
If the original website URL was ‘http://www.yourdomain.com’, then the updated URL should be ‘https://www.yourdomain.com’.
After making the changes, you need to save the new settings.
Step 4: Setup SSL Redirect
To setup SSL redirect, you need to append a rule to your .htaccess file. Login to your hosting account and use any available file manager program to browse to the website’s root directory. Open the .htaccess file using any textual editor (for example, Notepad) and add the below given code snippet to it –
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
</IfModule>
Don’t forget to replace the site URL from yourdomain.com to the actual one. Then save the changes.
STEP 5: Force SSL Login
Finally, open your wp-config.php file, set ‘Force_SSL_Admin’ parameter to ‘True’ and save the new settings.
define(‘FORCE_SSL_ADMIN’, true);
That’s all you need to do to configure HTTPS protocol on your WordPress website. Now if you would like to start a new blog and implement HTTPS authentication on it, then it should not take you more than 30 minutes to implement the same.