How to Make Your WordPress Website Secure (SSL) in 6 Steps

If you've considered search engine optimization as a promotional technique for your website, you've probably found the advice to secure your site Web an https: // appears in front of your URLs instead of http: //). Google insisted that all websites must be secure and even claims that sites using SSL have a slight boost over sites that do not. This guide is for websites based on WordPress. If you are an ecommerce store or a more complex website, you'd better hire an SEO consultant to oversee the migration.

Step 1 – Install a Secure Certificate

My hosting company enables secure certificates for websites hosted with them by default (although you must follow the steps listed below for your sites to be rendered using them). These are very basic SSL certificates, but they meet minimum standards to secure a site. For most sites, this option will do just fine.

If your host does not include secure certificates in their standard plans, you will need to contact them and find out what your options are and then have them install the secure certificate you choose to buy. If they do not install the certificate for you, I suggest you find a new host with better support.

Step 2 – Change your WordPress installation to use secure URLs

Once your secure certificate is installed and active, sign in to your WordPress dashboard. Go to Settings> General. Change both the WordPress address (URL) and the site address (URL) to use an https: // at first, and then click Save Changes at the bottom of the page. (Note: WordPress will automatically disconnect you at this point and ask you to reconnect.)

Step 3: Solve mixed content issues and force rendering of all site pages

You can use a free plugin called Really Simple SSL to perform this task. Find the plugin in the WordPress plugin in the plugin repository, install it and activate it. You will see a notification prompting you to enable SSL on your site. Click to activate it.

Go to the plugin settings page and check that "Automatically replace mixed content" is checked. You will notice that you have three types of redirect that you can use (to force any request for an http: // page to the https: // version). In most cases, the Enable 301 .htaccess redirect option will do the trick. Save the settings at the bottom of the page.

If everything works properly, you should see a green padlock to the left of your URL in the browser's address bar. You should also find that visiting the pages of your website with the help of http: // should redirect you to the https: // version. I would test this on multiple pages and messages to make sure you are redirected to the https: // version with a green padlock next to the URL each time.

Step 4 – Troubleshooting

If you do not see a green padlock next to your URLs in the browser's address bar, then something causes the page to render without to be totally secure.

Tip for Pro: If you use the Genesis Theme this can often be caused by the background images used in the "Customize" section. They do not automatically update secure URLs and Really Simple SSL will not replace them with SSL versions. Just click to change the images, choose the same image in your media library and click Save. The Customizer will now use images via https: // secure URLs.

If you do not use Genesis or this fix is ​​not the case, you will need to dig deeper into what is happening. Open Firefox and install the module Firebug

Navigate to a page that does not display the padlock, right-click and choose "Inspect Element with Firebug". open at the bottom of your screen. Click to refresh the page in your browser now that the Firebug window is open. Click the Console tab in Firebug, and then click the Errors tab. This will show you a list of your site's content that prevents secure loading. Fix these problems and you are ready to go

Step 5 – Clean up your internal link

While your site will automatically force all queries for the http: // version of a page At https: // one, it's always a good idea to change the links you have in your posts and pages to other posts and pages on your site to link them directly to the secure version.

Install and activate the free Broken Link Checker plugin . It will take some time to explore your entire site and gather all the links, so I recommend you let it work and come back to accomplish this task the next day.

Once the plugin has done a full crawl, it will show you a list of broken and redirected links that you link to your site. You can find this list by logging into your WordPress dashboard and navigate to Tools> Broken Links. You may find a ton of links to clean, but for now we will focus only on links to your site that are related to the old version http: // of your pages.

On the Broken Links screen, click the Search button at the top right. In the URL field, place your domain and choose Redirections from the Link Status drop-down list. Click on the search links. This should show you a list of links on your site that need to be updated to link to the https: // versions of these URLs.

WARNING: If you use a plugin like Pretty Link Pro or some other affiliate link redirection method, you want to be sure not to "fix" the redirects for these links – or "Fix" all links blindly – or it will change all your affiliate links to direct links to the merchant.

If you do not use affiliate links, you can check all messages and update them. Otherwise, check the boxes next to all the URLs for publications, pages, and images from your site in this list, then choose the Correct redirects option in the Bulk Actions drop-down list and click Apply. It will update all URLs to link directly to the https: // version of your posts. Keep doing this until you have changed them all.

What if you use cloaking for your affiliate links? Unfortunately, you will need to click on the "Edit URL" option that appears when you hover over each link and edit it to use https: // instead of http: // . You can leave them alone, but that means that you will add an additional redirection to the transfer of your site to the affiliate site, which could slow down the user's access to the place where you want that he surrenders.

Note: If you use .htaccess to create redirects, be sure to update your .htaccess file to link internal redirects to the new version of https: //. If you do not edit your .htaccess file to create redirects, you can skip this part of the task.

Although this captures most of your internal links that require an update, it does not catch the links. In the author's bios, I recommend you to launch your site via Screaming Frog after cleaning up the links using the above method to catch stragglers.

Step 6 – Add the secure version of your site to Google Search Console and update your Google Analytics settings

Make sure you add the secure version of your site as a new site in your site. Google Search Console account (do not know how to proceed). on my Beginner's Guide to Google Search Console here ). I will not delete the old version http: // because it contains data that will not be transferred to the secure version in Google Search Console. As for GSC (formerly Google Webmaster Tools), it is a different site.

Next, sign in to your Google Analytics account. Click the site you just secured from your Accounts dashboard. Click the Admin button at the bottom of the left sidebar. Click Property Settings in the middle column. Click the drop-down list under Default URL, choose https: // and click Save at the bottom of the page. Then, on this same page, click the Adjust Search Console button under the Search Console header. Connect your Google Analytics profile for your site to the new https: // version of your site that you added to Search Console in the previous paragraph. Click Done.

That's all! You will not need to change your analytics code and your Google Analytics data will remain transparent with all data from the old version http: // and the new version https: // of the same account.

Now give Google time to sort everything

You could see both versions of the same page in the search results while Google captures the change. As long as you followed the above steps and your content successfully redirects all requests from the http: // page to the https: // page, Google will understand and start updating your URLs in the results of the research. Google says that switching from http: // to https: // will not have a negative effect on the search engine rankings of your website when you do it properly.

Leave a Reply

Your email address will not be published. Required fields are marked *