+4 votes
in Tutorials and Guides by (1.5m points)

How to enable HTTPS SSL in WordPress

1 Answer

+5 votes
by (725k points)
 
Best answer

More than once I was wondering what would be the best way to activate HTTPS SSL in WordPress to protect me from certain attacks and add an extra layer of security. In online stores or forms where sensitive data is handled it is practically an obligation to use HTTPS to prevent data theft and our WordPress should not be less. If we use it to sell some type of product or if we use a form to collect sensitive information, it is a highly recommended practice.

image

In this article I will try to collect all the possibilities to activate HTTPS SSL in WordPress, either through plugins, modifying WordPress settings or through an Apache .htaccess configuration file.

Guide on how to activate HTTPS SSL in WordPress

How we have already commented before there are several possibilities and we will go commenting one by one so that you can choose the one that suits you best.

Activate HTTPS SSL in the access and administration page.

This is a configuration that every WordPress blog should have activated since it protects us from possible theft of passwords. To force HTTPS on the wp-login.php access screen and on the administration panel the easiest way is to modify the WordPress configuration file wp-config.php adding the following lines:

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

With these two lines we will have forced the use of SSL so that access to the blog and its administration are a little more secure.

Activate HTTPS SSL with plugins.

Using a plugin is the easiest and at the same time offers us greater flexibility in determining what to protect with SSL and what not.

To secure the entire site we can use the Force SSL everywhere plugin, which activates SSL security throughout our blog (entries, access page, administration panel, etc ...) . This plugin only forces https when a user is authenticated so it will not affect our SEO, since the Google bot (or other search engine) does not access our blog as an authenticated user.

We have available a second plugin called WordPress HTTPS (SSL) that allows us to select which entries or pages we want to protect with SSL. It has several options, among them, it allows activating SSL in the administration panel and it even allows to secure with SLL based on URL filters , for example it allows to secure all the content that the word "store" has in its URL. Another interesting option is that it allows us to force SSL on individual entries or pages, for this you will only have to select the corresponding option in a new box of the post / page editor.

image

This plugin is SEO friendly, since if we force SSL into an entry, the plugin itself creates a 301 redirection from the HTTP version to the HTTPS.

Activate HTTPS with .htaccess file

Another valid option is to redirect all pages of our blog to its HTTPS version using an .htaccess file. We would only have to add the following lines:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://tudominio.com/$1 [R,L]

As is logical where you put tudominio.com we have to write our domain.

Note to maintain SEO after activating HTTPS in WordPress

If we make a change of all the pages of our blog to HTTPS we must bear in mind that the HTTP version must show a 301 redirection to the HTTPS version so that Google does not consider both pages as duplicate content .

It is also very important to add and verify in the Google Webmasters tool the HTTPS version of the web.

I hope this guide has helped you and if you think it deserves it, you can share it on social networks.


...