Securing Your WordPress Website with SSL

We wrote about the importance of using SSL before. And we have been pushing for all our clients to get on board and get an SSL certificate. Not only is it good for SEO, but it also makes sure that browsers this year will not consider forms on your site that take user payment details or password details as insecure if they are not using https / SSL. So let’s talk about securing your website with SSL

Why do you need SSL?

So why do you need it? Well, one, it gives you more authority on the web and better SEO. But also, it is becoming more a more urgent to get an SSL certificate as more and more browsers will flag your sites / pages on your site as insecure when you ask for payment or Credit Card data in forms – think ecommerce – or password and do not use SSL. And that will look really bad on your site. Again, see earlier article on Chrome and SSL push.

What is SSL

SSL or TLS are basically two technologies to encrypt the connection from the visitor of your website to your website. So every time he enters data on your site in forms that data will be sent securely. Once a site is https secure you will see either a green lock in your browser or the lock and the word Secure.

How to get SSL

SSL can be gotten by either paying for an SSL certificate with a company that deals with it, by asking your host to arrange it or by taking care of itself. Normally your webhoster should have options available. Not all hosters have the free Let’s Encrypt option though so you may need to pay around €15-30 a year for it.

User Case

One of our long term clients Het Wapen van Enkhuizen, a hotel in the picturesque Enkhuizen, Holland has just had a lovely upgrade to a Comodo SSL certificate as well and is now completely secure. Giving it more authority on the web, better SEO and better preparation for an SSL only web in the future. Let’s Encrypt was not possible with their Dutch hoster Hostnet. So we went for a Comodo Positive SSL Certificate instead.

Now some technical details

Settings > General URL Change

Here you need to replace http by https. This will not cover all your bases but it is a good and quick start. You can do this in the database as well of course and you could even do this and all replacement in one turn, but that is a bit tougher for most.

Redirects

After adding modified WordPress rewrite

<IfModule mod_rewrite.c>
# BEGIN Force http to https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
# END Force http to https
</IfModule>

and adding

define('FORCE_SSL_ADMIN', true);

to wp-config.php all traffic got redirected to https.

Hard coded Urls

Then we only needed to replace some hard coded urls inside header.php, style.css and replace image paths. You can do this with Search and Replace Database by Interconnectit or yourself in the database. Just be careful with serialized data.

Image Paths replacement

For replacement of image paths in the database we used the search and replace script of the awesome company Interconnectit. And then we had a great secure Wapen van Enkhuizen!

Interested?

If you are interested in help with Securing Your Website with SSL we can take care of this for a very affordable fee.

Tagged in : Tagged in : ,
Jasper Frumau

Jasper has been working with web frameworks and applications such as Laravel, Magento and his favorite CMS WordPress including Roots Trellis and Sage for more than a decade. He helps customers with web design and online marketing. Services provided are web design, ecommerce, SEO, content marketing. When Jasper is not coding, marketing a website, reading about the web or dreaming the internet of things he plays with his son, travels or run a few blocks.