This is a tutorial for beginners. We are not going to explain how to install a SSL certificate on the server, but we are going to explain the steps to ensure that your WordPress site is configured properly for https.
Verify SSL Installation
After installing the SSL on the server the first step is to verify that it is working properly by going to any page on the site using https:// instead of http://.
https://domain.com/
instead of http://domain.com
If the site loads, but you see the https warnings, yellow or orange lock. That is OK, we’ll fix that on the next steps.
- Login into the WordPress admin area of the site.
- Navigate to Settings > General
- Change the WordPress Address URL and Site Address URL from http:// to https://
- FTP/SSH into the site and add the following code to the wp-config.php file
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS'] = 'on';
- After making the change, you will have to login back in again. If the site loads properly, that is it; you are done!
Force https for admin and login pages
Now that you have SSL in your server, it will be a good idea to secure the login page and admin area by forcing https in those pages. Add the following lines to the wp-config.php file.
define( 'FORCE_SSL_LOGIN', true ); define( 'FORCE_SSL_ADMIN', true );
Fixing https problems
If the site has problems with the SSL or it has expired and you can’t login to the site there are a few steps you can follow to correct the problem.
- Remove the code below from the wp-config.php file.
define( 'FORCE_SSL_LOGIN', false ); define( 'FORCE_SSL_ADMIN', false );
- Add the following lines, make sure you use http:// and not https://
define('WP_SITEURL', 'http://domain.com'); define('WP_HOME', 'http://domain.com/');
- Try to access the site. If that did not work, the only other option is to modify the database.
- Go to the {prefix}_options table, look for the “home” and “siteurl” option_name column.
- Change the value from https:// to http://