After you’ve gone through the steps to obtain an SSL security certificate and have enabled SSL with your web host, you still need to know how to make WordPress use SSL for your site. With SSL enabled at the host, the default action is that WordPress will honor both SSL (https) and non-SSL (http) requests on your site.
What is SSL?
SSL stands for secure socket layers. When SSL is enabled and used, all communications between the web server and the client (your site viewer) is securely encrypted. This is especially important when handling usernames, passwords, or other sensitive data. Using a secure connection will soon because the default standard though for all sites.
Why is it a problem to use both http and https?
The main reason is that it technically creates two sites. Search engines will see http://YourSite.com as a different site from https://YourSite.com – even though the domain name and content are the same. In this case you have the potential of “duplicate” content seen by search engines, and two different links on your site competing against each other for rankings.
Why default to SSL instead of non-SSL?
Besides the benefit of all the data being transferred securely, there are also technical advances with the latest implementation of SSL that allows it to load faster than non-SSL sites. Site load time can have a big impact on both your search engine rankings (slow sites don’t rank as well) and also your user experiences.
So what do I do to enable SSL in WordPress?
First you need to make sure that you have SSL enabled at the host and working. To confirm this you can add “https://” before your domain name in your browser and see if your site still loads okay. If so, SSL is enabled.
After you confirm SSL is working – well, it’s working. There isn’t anything you need to do in WordPress to make it work.
BUT, what you want to do is tell WordPress to set SSL as the default. Then if someone visits the non-secure version of your site, WordPress will redirect them to the secure version. WordPress will handle this for search engines too that are crawling your site.
Video walkthrough of enabling SSL as the default for your WordPress site
It isn’t hard, so go do it
If you don’t already have SSL enabled at your web host, consider getting that set up now. With new options like Let’s Encrypt you no longer have to pay for SSL certificates. A decent web host should be able to set this up for you for free and enable it on their end.
If your web host doesn’t support this option, you might want to consider changing web hosts.
Watch the video walkthrough above – it’s only a couple of minutes. Then set the default to SSL for your own site (once it is confirmed enabled at working at the host).
You’ll be glad you did it now instead of waiting. Why?
As I mentioned, secure and non-secure are seen as two different sites. If you make this change after years of page ranking and site credibility, you’ll take a few step backwards. It isn’t horrible, but it takes some time and work to regain rankings again after a change like this.
today we’re going to update the setting in our WordPress site so that WordPress will start using SSL instead of just regular non secure calls so SSL enable security on your website you need to have a certificate and you need to have it already set up at your web host before the steps that we’re talking about to do today so as you can see this is our homepage or it’s the home page as of creating this video I’ve got a little circle with an eye there which shows that this site is not currently secure but if I put HTTPS which uses SSL so the HTTPS means that it’s secure HTTP and then press return to reload the site you can see that SSL is working on the site this light does load securely and I get the green lock which tells the person who’s visiting site that all of the information between the website and them is secure anything that they send to the site anything that the site sends back to them this is especially important if you’re doing any kind of logins username password any kind of sensitive information you definitely want to have SSL setup on your website so if you try this putting HTTP colon slash slash in front of your domain name and it doesn’t load properly that means that you need to take some steps before you make the changes in WordPress you probably need to contact your web host make sure that the SSL is supported there and if there any changes you need to make in the settings and you need to make sure that you have a valid certificate that basically authenticates you are who you say you are so that you can’t pull some sort of a scam on the people that are visiting your website so SSL is working on the site and the site as you can see loads with both HTTP or HTTPS I want it to force to HTTPS though I want that to be the default we’re going to switch to another tab over here to our dashboard go down to settings and general now you’ll notice that the WordPress address is HTTP by default so we’re just going to go ahead and put an S in there same thing with the site address HTTPS let’s go down and save the changes all right it’s asking me to log in again because it’s now over on the secure version of the website the HTTPS so I’m going to log in settings saved I’m on a secure version everything looks good so over here I’m still going to be fine and not notice anything if I change to the non secure version let’s just get rid of that s to show you exactly what talking about the site actually redirects over to the secure version so even though somebody can enter in just the domain name WP blog today com you’ll notice that it automatically redirects over to the secure version somebody clicks on one of the blog posts again you can see that all of the traffic is now secured between the client and the website it’s an easy change to make but again just make sure that you have SSL already working on your website with your web host and you’ve got a valid certificate before making this change