Switch Your Whole WordPress Website to Secure HTTPS SSL

I had cause recently to purchase and install a Secure Cert for this website so I could accept credit card payments securely but since then I’ve seen a few people mention the benefits of fully securing your whole site, not just payment sections. There are benefits for Forms pages and communications with other sites too. Here are some of the steps necessary to switch a whole WordPress site to SSL  as I’ve just done successfully with this one.

Purchase an SSL Cert

These have always been expensive but I found an affordable “Domain Validated” RapidSSL one at €7.85 per year that should work for most small to medium sites at NameCheap.com. There’s a bit to purchasing it and installing it on your server but tutorials are available online and it can be done in a matter of minutes if you’re familiar with the process.

Dedicated IP Address

If you are on a shared hosting server you may need a Dedicated IP address for your site. Mine was on a private VPS so I’d nothing to do. Dedicated IPs should be pretty cheap from your hosting company.

HTTPS Plugin

There’s a great plugin for WordPress that allows you to make certain posts or pages use HTTPS or turn the whole site HTTPS including the admin section. It’s called WordPress HTTPS. It does a pretty good job of converting any urls it finds, including those in your content, to HTTPS automatically.

WordPress Settings

A quick way of switching all the internal urls to HTTPS once you have your secure cert installed is to add https:// to the WordPress URLs in Settings – General.

Theme/Template Tweaks

You may need to go into your theme’s code and convert any absolute http:// url references to relative urls. Especially if it’s old or custom made like mine. I found the following WordPress functions very handy here as it kinda future proofs your site if you ever switch urls again:

bloginfo( 'wpurl' );
bloginfo( 'template_url' );
bloginfo( 'stylesheet_url' );

301 Redirects

Technically search engines may view your HTTP and HTTPS site as 2 separate sites and cry duplicate content. You could sort this by using a 301 redirect in your .htaccess file and using a “Canonical” tag.

Speed Issues

One barrier to switching to HTTPS was that it can slow your site considerably as the encryption processes involved take time and cpu power but I havn’t noticed too much of a slow down. Bigger, busier sites may notice more. Here’s a Response report from Site24x7 for the changeover period (around May 7th). It looks bad but is only a slowdown of about 500ms on the previous weeks report:

HTTPS Speed Report

You may be required to update your website url with other services providers like Google Analytics and Webmaster Tools but that’s a bit beyond the scope of this article!

Leon

Advertisements

Published by

Leon Quinn

Multimedia Design company in Leitrim, Ireland specializing in WordPress Website Design, Photoshop and Graphics. www.reverbstudios.ie

One thought on “Switch Your Whole WordPress Website to Secure HTTPS SSL”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s