More than once I was wondering what would be the
best way to activate HTTPS SSL in WordPress
to protect me from certain attacks and add an extra layer of security. In online stores or forms where sensitive data is handled it is practically an obligation to use HTTPS to prevent data theft and our WordPress should not be less. If we use it to sell some type of product or if we use a form to collect sensitive information, it is a highly recommended practice.
In this article I will try to collect all the possibilities to activate HTTPS SSL in WordPress, either through plugins, modifying WordPress settings or through an Apache .htaccess configuration file.
Guide on how to activate HTTPS SSL in WordPress
How we have already commented before there are several possibilities and we will go commenting one by one so that you can choose the one that suits you best.
Activate HTTPS SSL in the access and administration page.
This is a
configuration that every WordPress blog should have activated
since it protects us from possible theft of passwords. To force HTTPS on the
wp-login.php
access screen and on the administration panel the easiest way is to modify the WordPress configuration file
wp-config.php
adding the following lines:
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
With these two lines we will have forced the use of SSL so that access to the blog and its administration are a little more secure.
Activate HTTPS SSL with plugins.
Using a plugin is the easiest and at the same time offers us greater flexibility in determining what to protect with SSL and what not.
To secure the entire site we can use the
Force SSL everywhere
plugin, which
activates SSL security throughout our blog
(entries, access page, administration panel, etc ...)
.
This plugin only forces https when a user is authenticated
so it will not affect our SEO, since the Google bot (or other search engine) does not access our blog as an authenticated user.
We have available a second plugin called
WordPress HTTPS (SSL)
that allows us to select which entries or pages we want to protect with SSL. It has several options, among them, it allows activating SSL in the administration panel and it even allows to
secure with SLL based on URL filters
, for example it allows to secure all the content that the word
"store"
has in its URL. Another interesting option is that it allows us to force SSL on individual entries or pages, for this you will only have to select the corresponding option in a new box of the post / page editor.
This plugin is SEO friendly, since if we force SSL into an entry, the plugin itself creates a 301 redirection from the HTTP version to the HTTPS.
Activate HTTPS with .htaccess file
Another valid option is to redirect all pages of our blog to its HTTPS version using an
.htaccess
file. We would only have to add the following lines:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://tudominio.com/$1 [R,L]
As is logical where you put
tudominio.com
we have to write our domain.
Note to maintain SEO after activating HTTPS in WordPress
If we make a change of all the pages of our blog to HTTPS we must bear in mind that
the HTTP version must show a 301 redirection to the HTTPS version so that Google does not consider both pages as duplicate content
.
It is also very important to add and verify in the Google Webmasters tool the HTTPS version of the web.
I hope this guide has helped you and if you think it deserves it, you can share it on social networks.