Need help? Book our fixed price WordPress Support service.

Configure SSL Certificate on your WordPress Website

It is recommended that every website uses an SSL certificate. An SSL certificate encrypts data transmitted between the users computer and the website that has the certificate installed. Google will penalise you in search results for not having an SSL certificate, and popular browsers are now presenting users with increasingly stark security warnings when visiting a website that doesn’t use SSL.

Do I already have an SSL certificate?

Have a look in your browser address bar. If the web address begins with https:// rather than http://, you already have a certificare installed. You may additionally see a message from the browser showing the site is secure:

 

 

How do I get an SSL Certificate?

Speak to your webhost who will provide and install the SSL certificate for you. The price will vary, depending on the host and the certificate but for an average site expect to pay between £0 – £100 per annum. You may be able to get a better rate buying through Watch The Dot so it is worth checking first.

Configure WordPress to use your SSL certificate

Once your SSL certificate has been installed, you will need to configure your WordPress website to do this:

1. Update the Site URL and Home URL

Navigate to General > Settings and change your website web address from http:// to https://

This will automatically configure WordPress to use the SSL certificate.

2. Update internal site references

If you use images on pages or posts (rather than featured images), you will need to update the links within the image tags to use https:// too. Doing this manually can be a laborious process so we recommend the Better Search Replace WordPress plugin for this.

  • Backup your database! If you make a mistake, you WILL break your website and recovery may be difficult without a backup.
  • Install better Sarch Replace from the WordPress Repository
  • Navigate to Tootles > Better Seach Replace
  • Search for your existing web address and replace with the new https:// version. We recommend you search in the tables wp_options, wp_posts and wp_postmeta.
  • Turn off the ‘Dry Run’ option
  • Run Search / Replace

In most cases, your website will now show the secure padlock next to your web address. If it is still missing, your site may have some hardcoded references to insecure content. In this case, we can get this fixed for you using our fixed cost WordPress support services

Was this article helpful?

No 0

About the Author

Christian Mayne is a full time WordPress developer and consultant based in the UK. He runs a UK based WordPress development agency with clients all over the World. As well as WordPress development, Christian has been teaching WordPress use and development since 2014 in classroom settings and online.

LEAVE COMMENT