Setting up HTTPS SSL

Google announced back in August 2014 that they would start using HTTPS as a ranking signal.  Now more than ever, it’s important to use HTTPS to secure your site as well as improve your SEO.

Implementing HTTPS on a new site can be done by going to Settings > General and setting the URLs in the WordPress Address and Site Address fields to https://.  This should only be done on a new site.

If you are implementing HTTPS on an existing site then you will need to add the following code to your .htaccess file in the web root directory of your server:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yoursite.com/$1 [R,L]
</IfModule>

Make sure you replace yoursite.com with your domain name.

If you are running NGINX then you would us this code:

server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}

If you want to use HTTPS to secure your WordPress admin area then add the following line to your wp-config.php file in the web root directory of your server:

define('FORCE_SSL_ADMIN', true);

Place this line before the that says “That’s all, stop editing!”

You’ll need an SSL certificate installed on your server so contact your hosting company for that or consider switching to a hosting company that has signed up for Let’s Encrypt.

Finally, test each page on your site to make sure it’s fully secure.  You can use the Developer Tools in Chrome or a site such as Why No Padlock.

You can find more information on how to properly move WordPress to HTTPS in this article on WPBeginner.