Envira Gallery Blog

Digital Photography Tips, Tutorials and Resources

security for wordpress sites

Security for WordPress Sites: Moving from HTTP to HTTPS

by Brenda Barron on Apr 5, 2018

Google announced a while ago that it’s now using security as a ranking factor. For now, this is relatively small and affects less than 1% of global queries. However, that doesn’t mean that companies using WordPress shouldn’t think about transforming their security strategy.

Learning how to convert your website from an HTTP solution to HTTPS is an important issue, as many of today’s brands expect customers to share sensitive information online like login credentials, email addresses, and even credit card information. Moving to HTTPS could be enough to earn loyalty from your followers and improve their trust in your brand. So how do you get started?

What’s the Difference Between HTTP and HTTPS?

Before we get started discussing how to implement security for WordPress sites, you might want to know what separates HTTP from HTTPS. The most significant differences include:

  • Network layers: The HTTP framework operates at the application layer of the IP/TCP model. On the other hand, SSL security operates as a sub-layer of the same model, encrypting HTTP messages prior to transmission so it can be decrypted upon arrival.
  • Security: HTTP is not pre-secured, and often vulnerable to cybersecurity attacks where malicious individuals can get ahold of sensitive information. HTTPS is designed to protect brands against online attacks.
  • URL scheme: Secured URLs begin with the https:// prefix and use the 443 port by default, while unsecured URLs use the HTTP:// prefix and work on port 80.

How to Move Your WordPress Site to HTTPS

Now that we’ve covered the basics of security for WordPress sites, it’s time to look at how you can move your WordPress setup from HTTP to HTTPS.

Step 1: Back up Your Website

Whenever you make a significant change to your website, you should always back up first. This ensures that if something goes wrong, you can always revert back to a working version of your website. If you have the opportunity, you can even run through the process of moving to HTTPS on a test server before you try it for real. One common way to backup your site is through your hosting platform.

Step 2: Implement an SSL Certificate

Once you’ve got your backup, you’re ready to implement an SSL certificate. You can do this relatively easily just by contacting your host or purchasing an SSL from your host interface. If you don’t currently have a host that offers an SSL certificate solution, then you might want to consider switching. However, if you need to implement an SSL solution manually, you can always use a control panel like Plesk or cPanel.

Step 3: Add HTTPS to your WordPress Admin Area

With your SSL certificate at the ready, you’ll be able to enjoy your new and safe connection on the WordPress dashboard. You should secure your back-end first to ensure that information is exchanged securely whenever someone logs into your network. All you need to do to access security for WordPress sites is go to the wp-config.php section of your WordPress folder and edit the part that says “define (‘FORCE_SSL_ADMIN’, true);”

Once you’ve done this, you can check if everything works by trying to access your website page with “HTTPS” in the URL instead of “HTTP”.

Step 4: Update Your Site Address

If everything seems to be working as it should be, you can then go back to your WordPress settings and update the rest of your website. You can do this by going to the Settings > General in the WordPress dashboard and add HTTPS:// to the beginning of both your WordPress address and your site address. All you need to do after that is apply your changes by clicking Save.

Test and Go Live

Now that you’re done with all the main steps, you can test to ensure that everything works as it should. To do this, you may need to use a tool like SSL Test where you can input your domain name and receive an overall score of how well SSL has been implemented into your website. After that, you can crawl your site with an SSL Check tool to ensure everything is in working order.

That ought to do it! Have you made the switch from HTTP to HTTPS? How did the process go? Share your triumphs and struggles below. And feel free to connect with us on Twitter and Facebook for even more tutorials and ideas for improving your WordPress website. 

SaveSave

SaveSave

SaveSave

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.