Configuring WordPress for SSL/HTTPS
Links in WordPress (such as image attachments, themes CSS and JavaScript files) are relative to the install URL.
To change WordPress from HTTP to HTTPS, the install URL must changed from say http://tdwebservices.com
to https://tdwebservices.com
.
- Login to your WordPress dashboard and navigate to Settings > General.
- Ensure that the WordPress Address (URL) and Site Address (URL) are
https
. If not, addS
after http to makehttps
and save it.
To easily enable (and enforce) WordPress administration over SSL, the constant FORCE_SSL_ADMIN should be set to true in your site’s wp-config.php file to force all logins and all admin sessions to happen over SSL.
define('FORCE_SSL_ADMIN', true);
The constant FORCE_SSL_ADMIN can be set to true to force all logins and all admin sessions to happen over SSL.
If your WordPress site uses a content delivery network (CDN) to serve its components (images, JavaScript, CSS style sheet), ensure the URLs are all https:// otherwise your website will be deem insecure by the web browser.
What’s Next?
Now that we’ve successfully moved WordPress to HTTPS, we still need to do two more things — set up a 301 permanent redirect and inform Google of the URL change.
To setup a 301 permanent redirect, FTP/SFTP to your server and add the code below at the top of WordPress’ .htaccess file.
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]
Change every instance of yoursite.com to your WordPress URL.
To inform Google about the change in URL, re-add your WordPress site to Google webmaster tool (but this time with https://) and follow this this guide to let Google know about the change of URL.