Most web hosting control panels now offer integration with Let’s Encrypt for free SSL/TLS certificates. With the click of a button, you can allow secure HTTP connections to your website.
If you have a WordPress CMS installed
here’s how you can ensure that any connections to your website are via HTTPS:
- Log into your WordPress admin. Under Settings -> General, change your WordPress Address (URL) and and Site Address (URL) from http://yoursite.com to https://yoursite.com
- Use a database search & replace to change http://yoursite.com to https://yoursite.com. This can be achieved via PHPMyAdmin, MySQL, or these useful WordPress plugins: Velvet Blues or Search Regex
- A couple of options for step three: either modify the .htaccess file in your top-level WordPress directory to redirect to HTTPS, or install a plugin to do the redirect for you.
- I won’t provide exact directions for editing the .htaccess file; I will say, to add your redirect rules near the top of the file, just below the “RewriteBase /” line. See this discussion on StackOverflow or search the web for further ideas.
- Rather than editing the .htaccess file, which could conceivably be overwritten or mangled by WordPress, we can use a plugin to redirect to HTTPS. I will recommend WP Force SSL.
General Sites, non-WordPress
Actually, I will provide exact directions for editing the .htaccess file, with reluctance: I’ve found in some scenarios this can be problematic, so there is no guarantee that this will work. Please see this discussion on StackOverflow or search the web for further ideas.
However, for future reference, here is some code to add to .htaccess in your top-level public web directory:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
That should do it! If you require further assistance or troubleshooting, please feel free to get in touch.
No Comments Yet