Recently I came across a serious issue on a new client website. The unsecured HTTP version of their site was not automatically redirecting to the SSL secured version. This posed a risk in more than one way. Not only did this mean user data went unprotected if someone ended up on the HTTP version of the site, but the overall SEO of the domain was being negatively impacted as well. Its important to force HTTPS on WordPress to provide a secure browsing experience for your visitors.
What is SSL and HTTPS?
Secure Sockets Layer (SSL) is a standardized security technology that creates and encrypted link between a users browser and the web server a site is hosted on.
Hyper Text Transfer Protocol Secure (HTTPS) is the protocol used to secure communication between these two systems (server and browser). HTTP is the same protocol, just unsecured. When the communication between the server and browser is left unsecured, potential vulnerability to data loss and attack is created.
In order for the HTTPS protocol to be enabled on a website, that site must have a valid SSL certificate enabled. Luckily for us, many hosting providers offer a free basic SSL certificate included in their hosting plans.
Why it is important to redirect HTTP to HTTPS on WordPress sites
As I mentioned above, redirecting your WordPress site from the HTTP version to the secure HTTPS version is essential for a few reasons:
- Protect your website visitors – By forcing your website to redirect the unsecured HTTP version to the safe SSL version, you are protecting your website visitors’ data being transferred between their browser and your server.
- A valid SSL provides trust – web browsers indicate when a website has a valid SSL certificate in place or not and will alert visitors if a site is not secured. Recently, Google Chrome has begun completely blocking unsecured websites with a large warning for the visitor asking if they really want to proceed.
- Required for PCI compliance – if you are ever hoping to accept payment on your website, a valid SSL certificate is a requirement of the Payment Card Industry (PCI) standards to do so.
- SEO ranking factor – a secure HTTPS website will always been seen as more trustworthy than an unsecured HTTP site by the major search engines, thus receiving a higher ranking.
How to redirect to https
Luckily, its extremely easy to redirect http to https in WordPress. To do this, we recommend using a stupid easy plugin called Really Simple SSL.
- Login to your WordPress dashboard
- Download the free version of the Really Simple SSL from their website or the WordPress.org repository
- Upload, install and activate the plugin
- Go to the Really Simple SSL settings. Make sure ‘Mixed content fixer’ and ‘Enable WordPress 301 redirection to SSL’ sliders are both set to active. Click save.
- Check the configuration tab to ensure your SSL certificate is detected and enabled on your site
Download the Really Simple SSL plugin for free.
Upload, install and activate the plugin in WordPress.
Configure Really Simple SSL settings. Activate Mixed content fixer and Enable WordPress 301 redirection to SSL
Check the Configuration tab to make sure SSL is detected and enabled.
💪That’s it! Your site will now force your visitors to use your dedicated SSL certificate.