WordPress SSL Tips

 

So if your reading this you most likely have got your WordPress site installed set up and having SSL issues.  Is the website not showing the SSL with green padlock?  No worries we’ll go over some of the common ways to fix this.

Requirements: SSL certificate installed. (If one of our clients there should be a free Let’s Encrypt certificate installed for all shared accounts.)

First is the issue on all pages? if it is then it may indicate the WordPress & SITE URL are set to http://domain.com

To check this you can navigate to the WordPress admin dashboard > General Settings  and change the URL there to include the https proper link.

Once that is fixed it should default to https for all internal links.

Enforcing SSL via rewrite rule

Next to ensure all users who visit the non https link we will want to setup an .htaccess rewrite rule to force them to use https version of the site.

This can be done via the below code in the .htaccess in the account document root. For cPanel accounts this is usually /home/yourusername/public_html/.htaccess and can be done via File Manager.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://yourdomainhere.com/$1 [R=301,L]

So for our domain "whattheserver.com" we would we add this to the top of the file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://whattheserver.com/$1 [R=301,L]

 

If this was done right and save it will force all http visits to the site to use https going forward.

 

Common Issue for existing sites enabling SSL

Green lock not enabled with ! in browser URL bar.  See below for an example.

So to fix this issue it means some of the content is loading insecurely and not using https. It could be a plugin or theme making a non SSL call to image etc.  The easy way to find out what the problem it to visit Why No Padlock Then paste in the exact page without the green lock.  Let it do its thing and it will tell you what is being called or loaded over http.

So in this test case it was a hardcoded URL with http in the link in my domain checker tool. So you open up the post or page text and find the offending code or link that needs updated.

And then you save and go check and it should be working now.

 

Another common issue is there is alot of css or weird stuff that would be buried in the theme or in hard to edit spots.  This can usually be fixed with a helper plugin for WordPress called Insecure Content Fixer So install this plugin and set it to “capture” in the settings once installed and activated. This usually fixes the hard to fix things.

 

We hope you enjoyed the post and please follow us for more updates and share this post if you found it helpful.