How to Implement SSL on your WordPress Website

, , , , ,
Setup WordPress SSL Certificate Naples Florida

So you’ve made the wise investment of purchasing a secure socket layer (SSL) certificate for your WordPress powered website. Great! Now how do you enforce https on all of your website pages, images and other resources? This article will show you how to do just that.


How to Test for an SSL on your Website

Testing to see if the SSL certificate is correctly installed on your website is straightforward and simple. Just visit your website replacing the “http” with “https” which should reveal the green lock icon followed by the word “Secure” next to it within the address bar (if using Google Chrome as your website browser). If you don’t see the green lock followed by the word “Secure” you will need to contact your website hosting provider to get your SSL Certificate installed or properly configured on your website domain.


Updating Your WordPress Website to use HTTPS

If you want to take advantage of your SSL certificate you’ll need to update the URLs on your WordPress website. All of your URLs! We’ll run through these simple steps within this article.


Would you like prompt assistance? If you don’t have time or are not comfortable taking the risk of adding custom code to your website, let us get this done for you now!


Steps to Implement the SSL on Your WordPress Website:

  1. Begin by logging into the backend of your WordPress website
  2. Click on the “Settings” menu item on the left side which will take you to the “General Settings” page.
  3. From there, update the “WordPress Address (URL)” and “Site Address (URL)” so that it reads “https” rather than “http” and click on the “Save Changes” button at the bottom. Upon doing so, you will be redirected to your new WordPress website SSL secured login page.


Forcing HTTPS Throughout Your WordPress Website

Now that you’ve updated your WordPress Site Address (URL) to reflect HTTPS we’ll need to make sure to force any “http” requests to be redirected through our secured SSL certificate via “https“. To achieve, this we’ll need to update your root .htaccess file with the following code:

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This code should be inserted as follows, but is dependent upon your particular installation and setup (if you need help, reach out to us):

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress


Updating All Your URLs on Your Website

Next we’ll need to update all your URLs on your website including your image URLs so prevent security warnings from appearing when visitors browse your website.

  1. Log back into your website and click on the “Plugins” menu item on the left side.
  2. Click on the “Add New” button at the top and search for “better search“. From the list of available plugins located the one titled “Better Search Replace” and click the “Install Now” button. Once it is installed, click the “Activate” button.
  3. If you haven’t already made a backup of your database, be responsible and do this NOW.
  4. To utilize this new plugin, click on the “Tools” menu item on the left side. From there click on “Better Search Replace
  5. In the “Search for” field, enter your old, insecure, web address (example
  6. In the “Replace with” field, enter your new, secured, web address (example:
  7. Select all of YOUR WEBSITE tables within the “Select tables” area. If you have multiple WordPress installations make sure you’ve selected on those tables which refer to your particular website.
  8. Uncheck the box, “Run as dry run?” and click on the “Run Search/Replace” button.

After a minute or two your website this process will complete converting all your prior insecure http requests to https taking advantage of secure communications from here on out. As an additional security measure, I make it a point to deactivate and delete the “Better Search Replace” plugin.

More importantly, if you use Google Analytics and or Google Search Console (formerly Google Webmaster Tools) don’t forget to update your properties on there to reflect the use of https.


We hope this article has helped you with implementing secure communications between your website and its visitors. If this was helpful please take a moment to like us on Facebook, share this on your social media or buy us a cup of coffee.

Hire us to get it done for you!

Select, WordPress Support Basic, from the drop down list on the form below. We’ll get your WordPress website utilizing “https” across all its page URLs, images and other resources as quickly as possible.