HTTPS protocol on your WordPress is one step closer to better security for your web site. Besides that, Google emphasizes web sites with HTTPS in Search results. Yes, Google gives help to the web sites with HTTPS protocol in use. More about Google and SSL you can read here.
In this article, we will explain to you the differences in web protocols, how to install an SSL certificate, and how to force your WordPress to use HTTPS instead of HTTP protocol.
What is SSL and where is the differences in HTTPS and HTTP?
SSL (Secure Socket Layer) is secured technology for using the encrypted connection with the server. All the content with this connection (send/receive) is private and secured.
HTTPS (HTTP over TLS, HTTP over SSL, HTTP Secure) is a protocol that is identical to HTTP but tells to browsers to use SSL in order to have secured connection.
There are more criteria to determine the differences in HTTP and HTTPS protocols, but the following three differences are the most important:
- URL scheme: HTTPS links start with https:// and use the port 443, against HTTP links that start with http:// and use port 80 for work.
- Security: HTTP is not secured protocol and allows hackers to get the private information from your web site. The HTTPS protocol is designed to stop those scenarios.
- Network layers: HTTP work on basic, application level TCP/IP model, instead of that HTTPS is on the lower level of same TCP/IP model and create encrypted data in send/receive process.
Migrate WordPress from HTTP to HTTPS with a paid certificate
In order to force SSL on your web site, you need to have an SSL certificate for your domain, installed on your hosting and you need to change all your links from http:// to https://.
A large number of WordPress sites are on the cPanel hosting, because of that this article will explain the process for installing an SSL on the cPanel. Keep in mind that this tutorial is not necessary if you buy hosting and SSL certificate with us – we will install your SSL certificate into cPanel and you only need to set your web site to use HTTPS protocol.
Before you start with setup, create a check is there an active SSL/TLS on your hosting. You can check that in your cPanel when you click on SSL/TLS icon, in the Security panel.
Types of SSL certificates
There is a three main group of SSL certificates:
- Domain-level Validation: this is the basic and most the cheapest type of SSL. This certificate offers the basic protection and it is easy for setup.
- Organization-validated: this certificate requires someone to check your organization in order to use this certificate. This certificate includes an advanced level of security.
- Extended Validation: this is the more advanced certificate with a maximum level of security. The SSL issuer that offers this certificate will create a detailed check of your organization and after that, you will be able to use this SSL.
SSL installation on the cPanel
The first step to install SSL into cPanel is to get CSR code for your domain. You can do that in your cPanel in the SSL/TLS application:
You need to click on the Certificate Signing Requests (CSR).
Fill in the form with your information and write your domain for which you need CSR code and click on the button Generate.
After the CSR code is generated you can copy it from the field:
Login to the web site (account) where you buy your SSL certificate and paste CSR code and confirm it.
It will be requested to enter a CSR data and to confirm your email address. Enter your contact data and confirm it. On your email address will be sent validation mail with details for domain confirmation.
After you confirm your email address and domain, SSL certificate will be activated and you will get the confirmation email about that.
Now you need to install an SSL on your hosting account. To install an SSL you need a dedicated IP address. If you already have an IP address, you can continue.
In your cPanel, go to SSL/TLS and click on the link below the Certificates (CRT):
Paste the CRT code into the field for that:
Activate your SSL and click on the Install and manage SSL for your site (HTTPS).
In the next step choose your domain name from the dropdown menu and then click on the Install Certificate.
If you buy an SSL certificate and hosting in Adriahost, we will install SSL for your domain free of charge.
Now set an SSL/HTTPS in your WordPress
In order for your site to work you need to change all the permalinks from http:// to https://. You can use Better Search and Replace plugin for that. In this plugin, into the field “Search For” enter your site address with “http://”but in “Replace with” field enter your site address with “https:// “
Select all the tables from your database, uncheck Run as dry run? and click on the Run Search/Replace button. The plugin will find all entries with http:// and will replace it with https://.
For example, if you for Search for enter: http://your-site.rs/ and for Replace with: https://your-site.rs/ plugin will find all “http://your-site.rs/” and will replace it with “https://your-site.rs/”
You can also go to Settings > General. In the fields WordPress Address (URL) and Site Address (URL) replace http:// with https:// and save that.
In your wp-config.php you can enter the following code, to ensure to all admin sessions will be foced to https login:
In this way, all admin logins will be created with https link.
Free SSL certificate
Adriahost give Free SSL certificates within Business and Business Plus hosting packages. This certificate will be placed automatically into your hosting and you just need to set your web site to work with https protocol.
Your SSL certificate is up and running
Through this tutorial, you have acquired some basic knowledge of SSL certificates and security protocols on the Internet, how to secure your WordPress site, and the reasons why you need to do it. Now you have a good basis for the security of your site.