Monthly Archives: March 2023

Setting up SSL/HTTPS in WordPress Manually

Prerequisites: A web server with SSL enabled. This method requires you to troubleshoot issues manually and edit WordPress files. However this is a permanent and more performance optimized solution. Performance gains are due to the fact the requested content does not have to be parsed by an additional plugin before it is displayed in the web page. In addition, it gives you more control over your website's security.

Steps

  1. Log into the WordPress Dashboard.
  2. Roll your mouse over Settings in the navigation menu, then click General.
  3. In the WordPress Address (URL) field, enter your https address.
  4. Enter your https address in the Site Address (URL)  field. 
  5. Click the Save Changes button on the bottom of the screen. 

Note: If you get an error to the effect of "Error connecting to web server" after savings the changes - the problem lies at the hosting provider's end . Some hosting providers use a different IP for hosting http: and https: and you will have to ensure the "A" record of your https domain is pointing to the correct one.

Next, you need to set up WordPress redirects from HTTP to HTTPS by adding the following code to your .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

If you want to force SSL and HTTPS on your WordPress admin area or login pages, then you need to configure SSL in the wp-config.php file. Simply add the following code above the "That's all, stop editing!" line in your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

This line allows WordPress to force SSL / HTTPs in WordPress admin area. Once you do this, your website is now fully setup to use SSL / HTTPS, but you will still encounter mixed content errors.

Mixed content errors are caused by sources (images, scripts, or stylesheets) that are still loading using the insecure HTTP protocol in the URLs. If that is the case, then you will not see a secure padlock icon in your website’s address bar. The majority of these incorrect URLs will be images, files, embeds, and other data stored in your WordPress database.

What you need to do is find all mentions of your old website URL in the database that starts with http and replace it with your new website URL that starts with https .

You can do this by installing and activating the “Better Search Replace” plugin. However, The free version of the "Better Search and Replace" plugin is not useful and even harmful as you cannot see what changes have been made. I used the “Search & Replace” plugin by Inpsyde GmbH. It is not supported anymore but works in WordPress 6.1.1

      

Credits

https://www.wpbeginner.com/wp-tutorials/how-to-add-ssl-and-https-in-wordpress/