1

Rank Higher on WordPress with HTTPS SSL Certificate

Secure Socket Layer SSL Encryption HTTPS Graphic

Secure Socket Layer SSL Encryption HTTPS Graphic

Secure Socket Layer SSL Encryption HTTPS Graphic

What is HTTPS?

HTTPS or SSL is a secure socket layer on the HTTP protocol. It provides 256 bit encryption of data sent from and to the website making it virtually impossible for anyone to steal sensitive information being sent. Although the CIA have developed decryption software that can still listen and monitor what you are doing online and possibly, more than likely, other developed countries have started to do the same.

How can it help me?

In August of 2014 Google announced it would start ranking websites higher if they implemented https://.

Doing so is a relatively simple process as long as your not scared to dive down into some code and database files.


Most hosting companies have free SSL certificates called “Let’s Encrypt” also known as “Auto SSL”. Ask your hosting company before attempting to implement the below process.

Step 0.

BACKUP EVERYTHING!@

Step 1.

Go to your WordPress dashboard and under Settings -> General change http:// to https://

Wordpress dashboard, general settings.

Step 2.

Go to your Cpanel dashboard and select file manager, then navigate to your website’s root directory. Click on the .htaccess file and select EDIT. If you cannot see this file go to settings and make sure enable ‘hidden’ files is selected. If you can still not see the file go back to your WordPress dashboard and navigate to ‘Permalinks’ -> Select to change the URL slug to page-name and hit save. Now the .htaccess should auto-generate in your Cpanel file list, but you will need to close this down and reopen the file manager to refresh the content.

Edit the section in the file that looks like this:

 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Add the 2 lines to do with server port and https 301 redirects. You can see the final result below.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

If you have the plugin called “iThemes Security” previously known as “Better WordPress Security” and you have enabled the blacklist feature, then a part of the certificate validation process will be blocked.

To white-list Comodo, which for some reason is blocked, you will need to amend the code to look like this.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteBase /
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Now that we have added our redirects it’s time to edit all references of http in our website.

Step 3.

Under your Cpanel dashboard open “PhpMyAdmin”. It’s time to edit the database.

Cpanel screenshot

Select your database from the list (as you can see I have a number of databases). If you’re unsure of which database to select you can dive down into each and look at the site name in each of the files:

 

phpmyadmin screenshot

 

Select wp_options to see if the database you have selected is correct:

phpmyadmin screenshot 2

 

The first few entries will be site URL, home and blog name, which will give you a fair indication if you have selected the correct database or not. Now that we have verified our database we need to jump out of wp_options and go back to the root of the database. Select the database title again on the left panel.

Now select “SQL” from the top menu field.

SQL query

Paste the following query into the text field and select “Go” from the bottom right of the text box.

update wp_posts set post_content =
replace(post_content,'http://','https://');

We are almost done!

Time to look at your site and see if there’s a green padlock in the URL field.

https green lock

Congratulations you’re all done!!!

If this is showing as orange we have one final step.

Step 4.

As our database query didn’t encompass everything in the database (I’m not an expert on SQL yet), it’s likely we still have either menu items, sidebars referencing http or we have images in our theme settings that are still using http. Navigate to your theme settings and look for logo’s, favicons, and site icons in the header and footer of your theme settings (every theme is different, so I’m not going to attempt an image for that here). Fixing these is a simple case of deselecting them and reselecting them from the media menu. Hit save on your theme settings and you’re done. Make sure if you have images in the sidebar you also replace references to https.

Troubleshooting

Finally if it’s still not working open your homepage in a new tab and click “View Source” in your browser (again every browser is different, and some use webmaster browser addons to make this a simpler process).

Once you have the source code opened in a new tab press CTRL+F to perform a “find” and type in “http://”. Now every instance of http is going to show up. If you slowly scroll through the list and look at each one you can pin-point the culprit, where it is in your site and what is responsible for controlling it.

If you still have trouble feel free to leave a comment below or contact me and I’ll be happy to help by looking through your source code.

Comments 1

Leave a Reply

Your email address will not be published. Required fields are marked *