Once you own a WordPress site, then your next important task will be to make sure its security is unbreachable and uncompromised. You are not just protecting your own data, you also need to secure your customer’s data as well.
You just can’t mess around in this matter. Fortunately, there exists technology such as SSL (Secure Sockets Layer) and HTTPS (Hypertext Transfer Protocol Secure) that makes the task easier and simple. SSL and HTTPS make sure your browser’s data is fully protected when it transfers from one server to another.
But before moving on how to implement these securities to your WordPress site, you first need to know what is SSL and HTTPS?
What are SSL and HTTPS?
Whenever you make your engagement with any website, your data is been transferred from one server to another. But this doesn’t mean that your exchanged data are encrypted or protected by any security. Actually, it can be intercepted any time by anyone.
Thus, SSL and HTTPS are evolved to protect the online data.
However, these two securities have their own distinct roles to play,
SSL: Basically it provides communication security over a network.
HTTPS: This is the advanced form of HTTP which actually provides security for a website and its server.
You must have both for any of your WordPress website. As quickly as you implement them on your website both your server and data transfers became fully protected.
Adding SSL and HTTPS to your WordPress site
Even these protocols are complex and hard to understand, but implementing them in your WordPress site are actually simple and easy.
We will simply follow three basic steps to implement SSL and HTTPS in your site.
Select appropriate SSL certificate
Before moving ahead with any implementation process, first, you need to select the appropriate SSL certificate for your site. It generally takes your time with some research and involvements. Actually, there are so many available in the market but the most common are,
Domain Validation(DV): This certificate means that you are the owner of your domain.
Organization Validation(OV): This certificate means that your organization is legitimate and verify your domain with all security needed.
Extended Validation(EV): This is the most secure certificate where your customers must pass a vetting process in order to exchange data.
Choose the SSL certificate as per the level of security you need for your website. But keep in mind that higher level of security means higher cost in compared to others.That means the more sensitive data you want to protect the more cost it will take.
Creating Certificate Signing Request(CSR)
After choosing the SSL certificate, next, you need to do is validate your website, domain, and server with that certificate.
For this procedure, the steps vary as per the server you are using, but the most basic steps are,
- Connect your server with SSH(Secure Shell).
- After that, you need to run a console command.
- Then, you must submit your website URL and business details.
- At last, you will get a text which you need to copy and paste into your account’s SSL request area.
Even after you perform these steps and hosting provider you need to carry out some modifications and updates in your WordPress dashboard and then you are all ready to go.
Tell WordPress to use SSL and HTTPS
Lastly, the final step would be to tell your WordPress that you are now using SSL and HTTPS for your website.
For that, you need to go to your WordPress dashboard.
Then go to General settings,
There you will see WordPress Address (URL) and Site Address (URL) with http://,
Replace that http with https://
After that, save the changes and you are all set to go.
But, if you are thinking about implementing SSL on one of your existing websites, then you have to make some alteration in your .htaccess file. While carrying out this task make sure you make a backup of your WordPress core files in case something goes wrong.
Once you are done with backing up your core file, go to your FTP and find .htaccess and add the following code there,
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
In above code, I have written www.yoursite.com, please make sure you replace that text with your original WordPress site URL and save the changes. After this, do verify from your side by going to your website and checking all http:// are changed into https:// or not.
Nothing is important than security when it comes to any website. It should always be the top priority and make sure you do it instantly once your site is set up.
Anyway, the steps are not that difficult and are you still need a more easy way to do it then there are so many plugins in WordPress community. But make sure you choose the best and effective one.