You may have noticed that when you look at your website on some devices, or on a PC with Kaspersky, anti-virus software etc, that you get a message warning you that you are entering an insecure website.
How to get an SSL Certificate
It seems that nowadays, well, very recently in fact, and I’m writing this April 2017, you do need to have your website URL (Uniform Resource Locator) begin with https:// (Hypertext Transfer Protocol Secure), instead of http:// .
To get your website to begin https:// you will need to get and install a SSL certificate. On Hostgator using WordPress, this is, thankfully, quite straight forward.
There is some information on http://support.hostgator.com/articles/how-do-i-purchase-an-ssl-and-what-type-is-it
There are different types of SSL certificate, depending on how much money you want to spend. In Hostgator, the cheapest is $39.99 per year. But it is important that you have an SSL for your site now.
I can tell you that I recently cancelled renewal of “SiteLock” which is some form of optional anti-virus that Hostagator provides for your website, and also “CodeGuard”, which is some form of automatic back-up for your site. So I save about $60 per year with these two items. Obviously, it is your own choice if you wish to not have these add-ons. But I will stress that you ought to save all your html code and all your pictures, from your posts, individually, on your own computer AND on a back-up drive. I use Windows 10 “FileHistory”, to do automatic backups. Which I find superb, to be honest.
To get an SSL certificate for your site, from Hostgator, then you actually go to your Billing Portal and not your CPanel. If you search for SSL in CPanel, in Hostgator, then it is under “Special Offers”. Click on it and it takes you to your Billing Portal 😉 .
In the Billing Portal, click on the Hosting tab and select SSL Certificates. You can then follow the on-screen instructions. Hostgator is pretty good in that it will sort it all out for you. I forget how long it takes but certainly within 24 hours, you will find that you can access your site by beginning the URL https:// instead of http://.
Once you have the SSL certificate, it can be viewed, and is seen to consist of two parts, an SSL Signing Request and an SSL Private Key, both of which consist of a huge string of apparently random letters and numbers. As I say, in Hostgator, you don’t need to install it, unless you get it from a third-party, which may be cheaper, I don’t know. If you have any problems getting a certificate then please contact me and maybe I can help sort it for you.
You can also click on the “Renew Now” button to see how much it’s going to cost you next year. You can renew for one, two or three years.
How to configure your website in WordPress for the new https:// URL
You now need for your visitors to access your https:// website by default, and not your http:// website.
In your WordPress Dashboard, go to Settings, General, and change http:// to https:// under both WordPress Address (URL) and Site Addres (URL).
Those are the main things that you need to do to change your website URL from http:// to https:// . A couple of other things may be useful. They can be found at
https://codex.wordpress.org/Administration_Over_SSL
and also
https://uk.godaddy.com/help/using-an-ssl-with-your-wordpress-admin-control-panel-6922.
What you need to do is to enable WordPress administration over SSl. I take this to mean that you may have problems editing your site if you don’t do this.
Go to the files on your website, either use Filezilla or create a link to your sites files from Windows Explorer. Go to the folder public_html, make a back-up copy of wp-config.php. Just leave that there it won’t do any harm. Then edit the original wp-config.php with a text editor. The picture below is in Notepad++. Directly above the line
/* That’s all, stop editing! Happy blogging. */,
add the line
define(‘FORCE_SSL_ADMIN’, true);
Lastly, you need to add a re-write rule, so that visitors who either enter http:// or visitors who have accessed your site before the change, get re-directed to yout https:// site. You do this in the .htaccess file, in the root directory. This is the one in the directory up from public_html. There are two .htaccess files as there is another one actually within public_html. You don’t want that one, you want the one in the root directory. Make a copy of this .htaccess file and then add the following lines to the top of the .htaccess file
RewriteEngine on
RewriteCond %{HTTP_HOST} ^ourlife.co.uk [NC,OR]
RewriteCond %{HTTP_HOST} ^www.ourlife.co.uk [NC]
RewriteRule ^(.*)$ https://www.ourlife.co.uk/$1 [L,R=301,NC]
Obviously, where I have ourlife.co.uk you will have the address of your site.
Other Information
(1) Apparently, http is insecure and is subject to eavesdropping attacks. Also, Google has began using https as a ranking signal
(2) If it truly is more secure, then, providing it is not going to cost much, I’m be happy to make the change over.
A little Caveat though: When it comes up for renewal, of the SSL certificate, next year, I will be looking around for a cheaper provider and then mess around with having to install it on Hostgator. So be sure to come back again April next year for an up-date.
Two very useful web-sites for configuring your new https:// URL:
https://designmodo.com/wordpress-https/
https://uk.godaddy.com/help/redirect-http-to-https-automatically-8828
One other little point is that if you effectively change your website URL, by switching it from http to https, then you may find that some things don’t work. For example, my url is registered with Ordnance Survey (OS), so that I can put maps on my Walking posts. These maps didn’t work anymore after I changed the url as my activation key, with Ordnance Survey, no longer worked. I had to go back to OS and apply for a new one. Once I swapped the old activation key for the new one, in every entry where I have a map 🙄 , then all the maps worked again.
I have tried to be helpful here and if you find any errors or omissions then I would be really grateful if you let me know. However, your website is your business and I take no responsibility for any breakages that may occur. Do double check everything you edit, do back-up any files you edit and do give it a little time for the changes to take effect on your hosts server. My latest post, before I switched from http to https, seemed to work fine on the website but when I tried to edit it I would just get banged out of the WordPress Dashboard. So I thought I’d just delete it and create it from the back-up html and pictures. Anyway, I eventually got around to doing that, after a couple of days and, lo and behold, I could edit it any without being kicked out of WP. So I didn’t need to re-create it.
One Reply to “SSL: Going from http: to https:”