I had cause recently to purchase and install a Secure Cert for this website so I could accept credit card payments securely but since then I’ve seen a few people mention the benefits of fully securing your whole site, not just payment sections. There are benefits for Forms pages and communications with other sites too. Here are some of the steps necessary to switch a whole WordPress site to SSL as I’ve just done successfully with this one.
Purchase an SSL Cert
These have always been expensive but I found an affordable “Domain Validated” RapidSSL one at €7.85 per year that should work for most small to medium sites at NameCheap.com. There’s a bit to purchasing it and installing it on your server but tutorials are available online and it can be done in a matter of minutes if you’re familiar with the process.
Dedicated IP Address
If you are on a shared hosting server you may need a Dedicated IP address for your site. Mine was on a private VPS so I’d nothing to do. Dedicated IPs should be pretty cheap from your hosting company.
There’s a great plugin for WordPress that allows you to make certain posts or pages use HTTPS or turn the whole site HTTPS including the admin section. It’s called WordPress HTTPS. It does a pretty good job of converting any urls it finds, including those in your content, to HTTPS automatically.
A quick way of switching all the internal urls to HTTPS once you have your secure cert installed is to add https:// to the WordPress URLs in Settings – General.
You may need to go into your theme’s code and convert any absolute http:// url references to relative urls. Especially if it’s old or custom made like mine. I found the following WordPress functions very handy here as it kinda future proofs your site if you ever switch urls again:
bloginfo( 'wpurl' ); bloginfo( 'template_url' ); bloginfo( 'stylesheet_url' );
Technically search engines may view your HTTP and HTTPS site as 2 separate sites and cry duplicate content. You could sort this by using a 301 redirect in your .htaccess file and using a “Canonical” tag.
One barrier to switching to HTTPS was that it can slow your site considerably as the encryption processes involved take time and cpu power but I havn’t noticed too much of a slow down. Bigger, busier sites may notice more. Here’s a Response report from Site24x7 for the changeover period (around May 7th). It looks bad but is only a slowdown of about 500ms on the previous weeks report:
You may be required to update your website url with other services providers like Google Analytics and Webmaster Tools but that’s a bit beyond the scope of this article!