Installing SSL certificate in WordPress
Learn how to install an SSL certificate in WordPress, ensuring automatic redirection to HTTPS and encryption of transferred data. Follow the simple steps!
Introduction
In this tutorial, we will present the necessary steps for implementing an SSL certificate in the WordPress application, using the settings available in the administration side (wp-admin). After completing these steps:
- Any unsecured access to the site (e.g. https://domain.extension) will be automatically redirected to the secure version (e.g. https://domain.extension).
- All data transferred between users and the server will be encrypted.
As an example, we will use the subdomain demo.hostico.ro.
Requirements
To go through this process, you need the following:
- The login details for the administration panel WordPress (wp-admin).
- An SSL certificate installed on the hosting account for the domain where the WordPress application runs.
Steps
- Log in to the WordPress administration panel by accessing
domain.extension/wp-adminor the preferred address set.
- From the navigation bar, go to Settings and click on General.
- In the general settings page, locate the fields WordPress Address (URL) and Site Address (URL). If SSL is not activated, these fields will contain the site's address in an unsecured format (HTTP).
- Change the respective addresses from
https://demo.hostico.rotohttps://demo.hostico.ro.
- Click on Save Changes to save the changes.
From now on, all unsecured accesses to the site will be redirected to the secure variant, and resources (images, CSS files, JS, etc.) will be loaded via the HTTPS protocol.
Redirects via the .htaccess file
If the redirection to HTTPS does not happen automatically, you need to edit the .htaccess file in the root folder of the domain and add the following lines at the end of the file:
RewriteEngine OnRewriteCond %{HTTPS} !=onThe .htaccess file can be edited using the File Manager in cPanel. If you do not see the .htaccess file, enable the display of hidden files in the File Manager by following this tutorial.
Security errors displayed in the browser
There may be cases where, even after implementing the SSL certificate, the browser displays warning messages (e.g., a yellow padlock in the navigation bar). These are caused by resources that are still loading via HTTP.
- To identify these resources, open the page source (right click → View Page Source) and search for HTTP links using Ctrl + F.
- The identified resources must be manually modified to use the HTTPS protocol. They can be found in the PHP code, in the database, or in the settings of some plugins.