How to activate SSL/HTTPS on a WordPress site

Recently Google has announced that the search engine will prioritize HTTPS based websites in search result listing. That means if your WordPress site doesn’t use Secured HTTP/SSL, it may be under-ranked on Google. Moreover, HTTPS also enhances user-privacy by encrypting information passed between the web server and the client device. Adding HTTPS/SSL on a WordPress site involves several steps. Let’s see them.

This procedure requires some tweaks both in the site’s hosting server and domain SSL certificate control sides.  

CSR stands for Certificate Signing Request. To start the total process, we need to generate a CSR code and a Private Key on the website’s server. If you use cPanel, go to the its control panel. Visit the Security section.

Go to SSL/TLS Manager > Private Keys (KEY) > Generate, view, upload, or delete your private keys

On the next page, find Generate a New Private Key section. Select Key Size 2048 bits from the drop-down list. Click Generate button to create the Private Key.

Now again visit SSL/TLS Manager and click Certificate Signing Requests (CSR) link. Go to Generate, view, or delete SSL certificate signing requests. Navigate to Generate a New Certificate Signing Request (CSR). In this purpose, use the Private Key we’ve just created. Fill the required fields with appropriate information like City, Country etc. Click the Generate button. If you are not using cPanel, please see this link to learn how to generate the Private Key and CSR code in other environments. The Private Key is really private. Keep it secret.

You can purchase an SSL certificate via Namecheap, GoDaddy etc. After purchasing an SSL certificate, you will need to activate it (on the seller’s dashboard) by providing with your CSR code that was generated in the previous step. Then the certificate authority will send a verification email to the domain’s admin email address given in its WHOIS record. After validating the admin email address, you will receive the certificate files via email. One file will be named as example.com.crt (example.com is your domain name) and another will be intermediate.crt.

Now we need to install the certificate on the web server to make it effective. If you use cPanel, again visit Security section in the control panel. Go to SSL/TLS Manager > Install and Manage SSL for your site (HTTPS) > Manage SSL Sites.

Select the appropriate domain. Copy and paste the certificate codes into relevant fields. Remember, Certificate Authority Bundle (CABUNDLE) field is supposed to get the intermediate.crt code. Also don’t forget to copy the entire text inside the certificate file (including —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– ).

Click the Install Certificate button. If you are not using cPanel, you can see this link to get detailed instructions for Apache OpenSSL, Nginx etc.

So you’ve just activated SSL/HTTPS on your WordPress site. Now visit your WP Dashboard > Settings > General. Update the WordPress Address (URL) and Site Address (URL) to https://www.example.com

Example.com is your site’s address. Now force HTTPS everywhere by adding the following code inside your site’s .htaccess file:

# Force HTTPS

RewriteEngine 

OnRewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Your site is now live with HTTPS. Still you may get some pages with mixed contents (menus, images etc.) with old HTTP links. You would better manually fix these URLs by adding the new secured links.