This post will show you how to get WordPress running correctly under an SSL certificate or https

What is an SSL Certificate?

An SSL Certificate is the technology that encrypts data. Specifically for website owners, it will encrypt data sent between your visitors web browser and your website. Imagine someone completing your contact form on your website. When the visitor clicks submit, their information is sent to the web server “in the clear” meaning someone with nefarious intent could intercept the personal data that visitor entered into your contact form. With an SSL certificate, that data is sent via an encrypted and secure connection.

You might need an SSL certificate as you are planning on running an e-commerce store, or that you are collecting sensitive information from your users.  Either way, Google has given indications that having an SSL certificate is a boost to your organic rankings so why wait? They’re inexpensive and easy to install…

Purchase an SSL Certificate

The first thing you need is an SSL certificate. These can be bought from almost any decent domain name services provider or web hosting provider. They come in different flavours, ranging from Budget SSL for around £30 all the way to EV certificates costing over £300. The main difference between them all is the amount of warranty issued on the certificate.

EV Certificates are the ones where you can get your company name shown in the browser address bar. This is a great branding technique and trust indicator but the cost is a lot more than your standard SSL certificate. A wildcard certificate is a good choice if you are considering using sub-domains on the same IP address, for example webmail.domain.com.

Update 20 April 2016: The SSL landscape is changing with a new initiative to provide free SSL certificates in an automated fashion.

Static IP or SNI?

There may be an additional cost from your hosting provider in the allocation of a static IP address but you need to check this. SSL certificates require a static IP address to work and these cost, however there is a new technology called SNI which allows an SSL certificate to work on a shared IP address in a similar way to how hosting providers can host multiple websites on the same server using the same IP address.

If your hosting provider has SNI enabled then this might work for you. Be aware however that SNI technology requires the users browser to support it. This will exclude some of the older browsers that are still in existence, see this Wikipedia article for more information https://en.wikipedia.org/wiki/Server_Name_Indication. What you choose really comes down to your requirements and the users you need to support.

Install an SSL Certificate

Once you have an SSL certificate purchased you’ll need to ask your hosting provider to install it for you unless you have root access to the web hosting server. Thereafter getting WordPress is a fairly simple process as follows:

1. Log into your WordPress dashboard and go to Settings > General

2. Update both WordPress Address (URL) and Site Address (URL) to the new https:// protocol

wp-general-settings

3. Log into your cPanel (or similar) and edit the htaccess file in the root of your website directory (where wp-content, wp-config.php etc reside)

4. Add the following three htaccess ModRewrite rule before the WordPress rules, changing domain.co.uk to your domain name. Do not edit the rules after # BEGIN WordPress

 RewriteEngine On
 RewriteCond %{SERVER_PORT} 80
 RewriteRule ^(.*)$ https://www.domain.co.uk/$1 [R,L]

 # BEGIN WordPress
 RewriteEngine On
 RewriteBase /
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]
 # END WordPress

You’ll probably want to update any 301 redirects you have in place as well to take people to the new https:// version