RMRS

STANDARD OPERATION PROCEDURES (SOPs)

  • Writer SOPs
  • Content Management SOPs
  • Copywriting SOPs
  • Onboarding/Offboarding SOPs
  • Standard Operation Procedures

SOP – Moving WordPress site from http to https

March 28, 2017 Yuri

To make a website HTTPS, firstly get an SSL certificate for the domain, install it on the server and change the website permalinks from http to https.

A lot of WordPress sites are on shared-hosting servers with cPanel provided as the control panel hence a shared-hosting will be use as the base of this tutorial. If your website is on a dedicated server or VPS, this tutorial is still applicable but the process on getting it done varies with servers.

To follow along with this tutorial, ensure your shared-hosting has SSL/TLS activated. If absent, contact your host and request it. They might charge to activate it.

To check if it is activated, login to cPanel and you should see an

SSL/TLS manager

under the Security widget.

Move WordPress from HTTP to HTTPS

Getting an SSL Certificate

There are various kinds of SSL certificates. They are basically categorized into three groups: Domain Validation, Organization Validation and Extended Validation.

  • Domain-level validation is the most basic type of SSL and are generally the least expensive.
    These certificates provide basic encryption, are issued very quickly and involve a simple check to verify domain ownership.
  • Organization-validated SSL certificates include authentication of the business or organization behind the domain. This provides a higher level of security and lets customers know they can trust your server with their personal information.
  • Extended validation is top of the line. With extended validation, the certifying authority conducts a very in-depth examination of your business before issuing the certificate. This type of SSL provides the highest degree of security and user trust.

Here is a guide from Namecheap on what SSL certificate to choose.

There are lots of companies selling SSL Certificates online, such as SSLs.com, Media Temple, GoDaddy, Comodo and Namecheap.

How to Activate an SSL Certificate

Note: I bought my SSL certificate from Namecheap but the instructions remain valid regardless of the company you bought your SSL from.

The first step in activation of SSL certificate should be obtaining

CSR code

from your hosting company. To obtain the CSR code from an SSL activated shared-hosting account, follow the steps below:

1. Login to your cPanel account and navigate to the SSL/TLS Manager.

WordPress SSL

2. Click on the link below Certificate Signing Requests (CSR)

cPanel's CSR code link

3. Fill out the form for the domain that you wish to create the SSL on and click the

Generate

button.

CSR code form fill-out

4. Your domain Encoded CSR should be generated and shown to you.

Generated encoded CSR code

5. Head over to your SSL provider to get started with SSL activation. Enter the CSR code generated above in the provided CSR text area field, select the web-server your host is running on and click the Next button.

CSR and web-server type form

6. You will be prompted to enter your CSR information and to choose an approval email.

CSR information and approval email

7. Provide your personal contact details. When done, submit the order. An approval email will be sent. Follow the instructions to validate your domain.

Domain validaion control

On completion of the validation, your SSL would be issued and sent to your email.

We need to get the SSL issued to you installed on your server. A dedicated IP address is required to be assigned to your cPanel account. If you cannot afford one, most cPanel hosting support Server Name Indication (SNI) – an extension to the TLS protocol that allows a server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites.

Since the shared-hosting am using for my WordPress blog supports SNI, I decided to use it instead of buying a dedicated IP.

Note: There are several advantages of using a dedicated IP address over SNI. See this article for more information.

To install the SSL certificate, follow the guide below:

1. At cPanel

SSL/TLS Manager

, click the link beneath Certificates (CRT)

Instal SSL cert cPanel

2. Upload the certificate (with .crt file extension) or past the certificate in the text area provided.

Installing SSL certificate in a server

3. Activate the SSL for your site. Click on the link under Install and Manage SSL for your site (HTTPS).

Install SSL for your site

4. Select the domain from the drop-down list, click the

Autofill by domain

and finally click the

Install Certificate

button.

Install SSL for a domain name

Configuring WordPress for SSL/HTTPS

Links in WordPress (such as image attachments, themes CSS and JavaScript files) are relative to the install URL.

To change WordPress from HTTP to HTTPS, the install URL must changed from say

https://designmodo.com

to

https://designmodo.com

.

  • Login to your WordPress dashboard and navigate to Settings > General.
  • Ensure that the WordPress Address (URL) and Site Address (URL) are
    https

    . If not, add

    S

    after http to make

    https

    and save it.

WordPress General Settings

To easily enable (and enforce) WordPress administration over SSL, the constant

FORCE_SSL_ADMIN

should be set to true in your site’s

wp-config.php

file to force all logins and all admin sessions to happen over SSL.

1
define(
'FORCE_SSL_ADMIN'
, true);

The constant FORCE_SSL_ADMIN can be set to true to force all logins and all admin sessions to happen over SSL.

If your WordPress site uses a content delivery network (CDN) to serve its components (images, JavaScript, CSS style sheet), ensure the URLs are all

https://

otherwise your website will be deem insecure by the web browser.

What’s Next?

Now that we’ve successfully moved WordPress to HTTPS, we still need to do two more things — set up a 301 permanent redirect and inform Google of the URL change.

To setup a 301 permanent redirect, FTP/SFTP to your server and add the code below at the top of WordPress’ .htaccess file.

1
2
3
4
RewriteEngine on
RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ https:
//www.yoursite.com/$1 [L,R=301,NC]

Change every instance of

yoursite.com

to your WordPress URL.

To inform Google about the change in URL, re-add your WordPress site to Google webmaster tool (but this time with

https://

) and follow this this guide to let Google know about the change of URL.

You can check your SSL website status using Qualys SSL Labs.

SOP | Tech https, secure, ssl, web-site

The Team

  • Dane Macato (3)
  • Gavin Parker (2)
  • Jamie Briones (9)
  • Jane Flores (19)
  • Michael Medina (4)
  • RMRS1 (109)
  • Thomas Marshall (3)
  • Tina Myk (23)
  • Yuri (103)

MOST VIEWED

  • How to insert a GIF in Ma... 4.8k views | by RMRS1
  • Ideal Image size for Chat... 4.5k views | by RMRS1
  • Antonio Centeno’s S... 3.5k views | by RMRS1
  • Color trends for men and... 2.4k views | by Tina
  • SOP – Embed YouTube... 2.3k views | by Yuri
  • Refund Email Templates SO... 1.7k views | by RMRS1
  • Email Management SOP 1.4k views | by jamie
  • SOP To Add Secondary User... 1.3k views | by Yuri
  • Finding CTR Click Through... 1.3k views | by RMRS1
  • Creating ClickFunnels Spl... 1.2k views | by Yuri
  • RMRS Team Holidays 1.2k views | by jamie
  • Checklist For Writing An... 0.9k views | by RMRS1
  • Thumbnail Creation Checkl... 852 views | by RMRS1
  • Payment Systems for RMRS... 800 views | by jamie
  • SOP – Create or Del... 767 views | by Jane
  • SOP Infusionsoft –... 712 views | by Yuri
  • Zoom – SOP To Sched... 683 views | by Yuri
  • DeadlineFunnel – Ho... 682 views | by Yuri
  • Infusionsoft – Camp... 609 views | by Yuri
  • SOP To Create Amazon Affi... 607 views | by Yuri

Copyright © 2021 · RealMenRealStyle - Standard Operation Procedures ·

Copyright © 2021 · Daily Dish Pro Theme on Genesis Framework · WordPress · Log in