Overview

Adding an SSL certificate to your WordPress site is a great place to start when it comes to data security. However, you must take a few more steps to guarantee that all links on your site redirect to the secure version of your domain name (This means the HTTPS version).

Please keep in mind that these guidelines do not apply to GreggPress sites. If you’re using GreggPress for your WordPress site, please follow these steps instead:

Using GreggPress to enforce HTTPS

Step 1 — Add an SSL certificate to the domain

Make sure your website is set up properly for HTTPS. To begin, you must first install an SSL certificate on your website.

Overview of installing an SSL certificate
A Unique IP address may be required depending on your site’s requirements. For additional details, see the article on Unique IP.

Before proceeding, double-check that your SSL certificate is active.

Step 2 — Update database URLs

You can skip this step if this is a brand new site with no data. This is because all new pages/posts you create will automatically utilize the new HTTPS URL.

Several hard-coded URLs in your WordPress database point to the http version of your domain. To update your database URLs, you have two alternatives. For more information, see the following article:

How can I alter the URL of my WordPress site?

Step 3 — Verify the Home and Site URL are updated

Use the new secure HTTPS URL to access WordPress.
https://example.com/wp-login.php \s\
Go to the General page in Settings.

Your Home and Site URLs should now point to https on the General page.

Clear your plugin’s cache

If you’re using WP Super Cache, you should also clear your cache at this point.

the cache is being deleted
All URLs within your WordPress site will now use the new domain name, if you check your site now.

Step 4 — Update your wp-config.php file

Using SSH or SFTP, connect to your webserver.
In a text editor, locate the file wp-config.php in your WordPress site directory and open it.
Above the line that says, add the following two lines. /* That’s all; no more editing! * Have fun with your blogging. /: define(‘FORCE SSL’, true); define(‘FORCE SSL ADMIN’, true); define(‘FORCE SSL ADMIN’, true);

Step 5 — Force the URL to redirect to HTTPS

GreggHost automatically changes the URL visitors use to see your site from HTTP to HTTPS after you add an SSL certificate to your domain. Your connection will be encrypted thanks to the S. Consider the following scenario:

https://example.com
You don’t need to do anything on your end to force your site to utilize the secure URL. However, in rare circumstances, creating your own custom configuration file to compel the redirect from HTTP to HTTPS may be necessary.

If your website requires particular code to force the redirect, you’ll need to add custom code. If that’s the case, you’ll need to disable the automated redirect in your panel first.

Disabling the automatic HTTPS redirection
After you’ve disabled it, you may upload your custom redirect file.

The majority of WordPress sites do not require you to add code to the.htaccess file in order to redirect them. However, if your WordPress site requires special code for some reason, you can use the following article code to force a redirect from HTTP to HTTPS.

In the.htaccess file of your website, make changes to the rules.

Step 6 — Prevent mixed-content warnings using an .htaccess file

To eliminate any possible mixed-content warnings, it’s a good idea to add a line of code to your.htaccess file. For more information, see the following article.

Resolving alerts about insecure sites and mixed material

Configuring Cloudflare with your SSL certificate

If you’ve also added Cloudflare to your domain, you’ll need to complete this stage. If that’s the case, check out the following article for instructions on how to set it up properly.

Summary

Summary of how to use Cloudflare with an SSL certificate and WordPress
Any request to your website will redirect to the HTTPS version once you’ve performed all of the procedures above.