To enable SSL/HTTPS for your WordPress site, you need to make a few changes in your WordPress configuration and server settings. Here’s how you can achieve this:
- Install an SSL certificate on your server: Contact your hosting provider or use a trusted SSL certificate provider to obtain an SSL certificate for your domain. Once you have the certificate, install it on your server.
- Update your WordPress site URL: Go to the WordPress admin dashboard and navigate to Settings > General. Update the “WordPress Address (URL)” and “Site Address (URL)” fields to use the HTTPS protocol. Save the changes.
- Redirect HTTP to HTTPS: To ensure that all traffic is redirected to the HTTPS version of your site, you can add the following code to your theme’s
functions.phpfile:
function wpsnippets_redirect_to_https() {
if ( ! is_ssl() ) {
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
exit();
}
}
add_action( 'template_redirect', 'wpsnippets_redirect_to_https' );
This code checks if the current connection is not using SSL and redirects the user to the HTTPS version of the page using a 301 redirect.
- Update internal links and resources: After enabling SSL, it’s important to update any internal links and resources (such as images, scripts, stylesheets) to use the HTTPS protocol. You can use a plugin like “Better Search Replace” to search and replace HTTP URLs with HTTPS URLs in your database.
- Test and verify: After making these changes, test your site by accessing it with the HTTPS protocol (e.g., https://www.example.com). Ensure that all pages load correctly and there are no mixed content warnings.
Enabling SSL/HTTPS for your WordPress site helps secure the communication between your site and its visitors, ensuring that sensitive information is transmitted securely. It also improves your site’s credibility and can positively impact search engine rankings.
Examples
Example 1: Enabling SSL/HTTPS using a Plugin
This example demonstrates how to enable SSL/HTTPS for a WordPress site using a plugin. The code example shows how to use the “Really Simple SSL” plugin to automatically redirect all HTTP requests to HTTPS.
/**
* Enable SSL/HTTPS using a plugin.
*/
function wpsnippets_enable_ssl_with_plugin() {
// Activate the "Really Simple SSL" plugin.
activate_plugin( 'really-simple-ssl/really-simple-ssl.php' );
}
add_action( 'init', 'wpsnippets_enable_ssl_with_plugin' );
In this code example, the wpsnippets_enable_ssl_with_plugin function is hooked to the init action. When the function is executed, it activates the “Really Simple SSL” plugin, which handles the SSL/HTTPS redirection.
Example 2: Enabling SSL/HTTPS using a Server Configuration
This example demonstrates how to enable SSL/HTTPS for a WordPress site by configuring the server. The code example shows how to add the necessary server directives to redirect HTTP to HTTPS.
# Enable SSL/HTTPS using server configuration (Apache).
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>In this code example, the server configuration file (e.g., .htaccess for Apache) is modified to include the necessary directives for redirecting HTTP to HTTPS. The RewriteCond checks if HTTPS is off, and the RewriteRule redirects the request to the HTTPS version of the site.
Example 3: Enabling SSL/HTTPS using WordPress Constants
This example demonstrates how to enable SSL/HTTPS for a WordPress site by defining the necessary constants in the wp-config.php file. The code example shows how to set the FORCE_SSL_ADMIN and FORCE_SSL_LOGIN constants to enforce SSL/HTTPS for the admin area and login pages.
/**
* Enable SSL/HTTPS using WordPress constants.
*/
define( 'FORCE_SSL_ADMIN', true );
define( 'FORCE_SSL_LOGIN', true );In this code example, the FORCE_SSL_ADMIN constant is set to true to enforce SSL/HTTPS for the WordPress admin area, and the FORCE_SSL_LOGIN constant is set to true to enforce SSL/HTTPS for the login pages. These constants can be defined in the wp-config.php file to enable SSL/HTTPS for the entire site.