As a follow-up to our previous post on SSL certificates, here we tell you how to convert your WordPress website to SSL. If you read the other post, or have been paying attention to online discussions, you know about Google’s recent decision to mandate SSL certificates for all ecommerce websites. What you might not know is how to go about converting your website from HTTP to HTTPS in order to secure the coveted green padlock icon that will demonstrate to all your website visitors that your site is safe and secure.
There are actually lots of ways to go about making the switch from HTTP to HTTPS, but below we provide 3 tips converting your WordPress website to SSL based on our recent experience converting our own website and several client sites.
HTTP vs HTTPS: What’s the Difference, Again?
If you haven’t read our other post and aren’t clear what the difference is between a site that uses HTTP and one that uses HTTPS, we highly recommend reading that post before continuing. Basically, though: a website that uses HTTPS serves only encrypted information to its users, making it difficult, though not impossible, for third parties to see that information. This is particularly important if your website asks users for sensitive information like credit cards, passwords, etc. Given the recent decision by Google to mark all websites as either secure or insecure, however, it’s actually important for pretty much everyone to make the switch.
Tip #1: Use Let’s Encrypt to Install a Free SSL Certificate
Our first tip is to use the free, open source Let’s Encrypt to install an SSL certificate on your site. An SSL certificate is an addition to all the links in your site which certifies them as secure. DreamHost, our preferred hosting provider, makes it very easy to install Let’s Encrypt on any site you host with them. If you’re not sure how to install Let’s Encrypt on your site, you should contact your hosting provider for help.
The caveat to any SSL certificate, however, is that you then have to make sure you change all the links in your site from HTTP to HTTPS, which we cover in Tip #2, below. Simply installing a certificate on your site won’t make your site secure.
Tip #2: Use the SSL Insecure Content Fixer Plugin
To help you make the switch from HTTP to HTTPS throughout your site, we recommend you install and run the SSL Insecure Content Fixer plugin. The plugin will force the links in your site to be served as HTTPS rather than HTTP, meaning it will effectively convert your entire site from insecure to secure. There are a variety of levels of intervention you can set the plugin to, from the least intrusive to the most intrusive.
We recommend starting off at the third level, “Content,” once you install the app. This will typically fix everything throughout your site, including links to images and internal links. The plugin may change outbound links as well, however, which may break them, as many websites haven’t made the switch to HTTPS yet. To make sure all your links still work, we recommend you install and run the Broken Link Checker plugin after you run SSL Insecure Content Fixer.
If the “Content” level doesn’t work, you can try some of the more advanced levels, but be forewarned: they can break your website. Before using the more advanced levels of the plugin, we recommend using Why No Padlock to discover which content is still insecure, which we cover in Tip #3 below.
Tip #3: Use Why No Padlock to Assess Any Remaining Insecure Content
If you have gone through the steps described in Tips #1 and #2 and still don’t see the green padlock on your website saying that it is secure, we recommend using Why No Padlock to identify insecure content on your site. To use Why No Padlock, you simply input your website’s address into the main form on the site and the app will give you a readout of any links on your site that are still insecure. If you only have a few links that are still registering as insecure, you can manually change them to finish the process of securing your site.
How Will I Know I’ve Successfully Converted My WordPress Website to SSL?
You’ll know if you’ve been successful if your website displays the green padlock icon pictured below. Be sure you use an incognito tab in Google Chrome, or a Private Window in Firefox, to view your site. Otherwise, you may be looking at a cached version of it, which won’t display the change.
If You Need More Help, Bring in an Expert
If you’ve done the above steps and still don’t see the green padlock on your site, we recommend working with someone who knows more about WordPress. Making the switch from HTTP to HTTPS is not always a simple process, and you can definitely break your website if you don’t know what you’re doing. Depending on the problem, a competent WordPress developer can fix the problem for you in an hour or two, saving you the time and hassle of trying to fix a problem you may not fully understand yourself.