Secure Socket Layer (SSL) serves as the standard for encrypted communication between web browsers and web servers. With SSL, one can rest assured that the communication between browser and server is 100% encrypted and private. SSL certified sites are preferred by Google for compiling SERP. A padlock icon can be seen in the address bar once you secure a website with SSL. Also the prefix of URL changes to https:// from http://.

As per a report, it has been revealed that from October 2017, all websites with URL ‘HTTP’ will be marked as t ‘Not secure’. The Non-SSL sites will suffer from fewer visitors and sales due to the growing awareness among buyers. According to a statement by one of the Chrome Security team members, all HTTP pages may be labeled as non-secure soon with a change in HTTP security indicator. It will transform into the red triangle.

Let’s Encrypt

A service offered by ISRG (Internet Security Research Group), Let’s Encrypt is a free, automated, open certificate authority (CA). Once you use Let’s Encrypt, your domain can add an SSL (Secure Socket Layer) certificate free of cost.

Benefits of SSL Certificate 

Boost SEO Ranking

Giving SSL certified websites preference in SERP listings is a sincere attempt on Google to ensure more security the World Wide Web. This preference over non-SSL sites has made SSL certificates a crucial element in SERP placement strategy. You can get in touch with Jitesh Manaktala for more information on this. Jitesh Manaktala is a freelance front-end & WordPress developer committed to solve queries related to WordPress and ensure the best services to his clients.

Adding Free SSL Certificate to WordPress

Step 1: After launching a server and application at Cloudways, visit the Applications tab visible on the screen’s top left part. You will all applications installed on server listed here. You need to open the application where you wish to add SSL certificate.

Step 2: Go to SSL Certificate tab from the left pane. Fill in the requisite details. Click on ‘Install Certificate’. Make sure the domain name is your website domain that has been already done in Domain Management tab.

Step 3: It is time to install SSL on WordPress. Make sure the domain is live and DNS propagation to be able to install the SSL certificate.

This process will take about a few minutes to complete. Successful completion indicates that the website is ready to serve on HTTPS. Renewal of Let’s Encrypt certificates needs to be done every 90 days. This is easy. All you need to do is set the Auto Renewal option to ‘Yes’ and the Cloudways will renew the certificate automatically.

Change Internal URLs to HTTPS

Once you successfully install the certificate, visit the WordPress Admin Panel. Now navigate to Settings -> General. Add ‘https’ instead of ‘http’ right before WordPress and Site Address. Click on ‘Save Changes’ at the bottom of the page. The action changes all internal URLs to https.

The Mix Content Warning

Visit your website and check internal links. Make sure all of these links are moved to https. In case, an info icon ⓘ is still visible on some of the web pages, one or more of the URLs may still be serving via http. You must identify that URL/s.

Try using JitBit. This is a brilliant tool for checking Non-SSL content. It crawls and checks for non-ssl links across the website. Fixing them is easier. Simply use Velvet Blues Update URLs plugin to check all URLs. It also updates them.

Redirect HTTP to HTTPS

Even though, all internal links have been shifted to HTTPS, some may still visit the website with http. These visitors may not be forced to serve through https.

Remember that WordPress .htaccess file serves as a website’s control. Sometimes, even a small error in spelling or a dot (.) may cause damage to the WordPress site. So prior to making changes, it is important that you take backup of your .htaccess file. Store the file on an offsite location.

You can fix redirection of WordPress websites to HTTPS via adding a few lines to the “.htaccess” file.

Step 1: Login to your hosting account.

Step 2: Now navigate to the root directory of WordPress. Using an editor of your choice, open .htaccess file.

Step 3: Paste the following lines at the beginning of the file. Make sure you paste these right under – “RewriteEngine On”.

RewriteCond %{HTTPS} off

RewriteCond %{HTTP:X-Forwarded-Proto} !https

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

1

2

3

RewriteCond %{HTTPS} off

RewriteCond %{HTTP:X-Forwarded-Proto} !https

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Your.htaccess file should look something like:

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteCond %{HTTP:X-Forwarded-Proto} !https

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteBase /

RewriteRule ^index\.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteCond %{HTTP:X-Forwarded-Proto} !https

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteBase /

RewriteRule ^index\.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

Configure HTTPS

It is time to configure HTTPS in Google Search Console.

Step 1: Go to Google Analytics Dashboard and the admin area to track https links in Google Search Console.

Step 2: Now select your required property.

Step 3: Click on ‘Property Settings’.

Step 4: Change the default URL to https:// from the right-hand side.

Step 5: Go one step back. Go to the View tab. Change URL of website to https.

With this step, you have completed the process of Let’s Encrypt integration for your WordPress website. Make sure you change all dependent URLs to https.