We all know that Google has clearly stated that it has started Secure Sockets Layer (SSL) as a ranking factor. So it clearly means that it is good to have SSL in your website to boost the organic rankings. Before coming to SSL integration in your wordpress website, let us understand what is Secure Sockets Layer(SSL).

SSL (Secure Sockets Layer) creates an encrypted link between a web server and browser. Since this link is encrypted, it ensures that any data passed within the web server and browser is hidden and secure. To have an SSL connection, an SSL certificate is required by the web server.

Difference Between HTTP and HTTPS

How does HTTP and HTTS differ from each other. Below are few points that will help you to understand the major differences between them-

  • URL Structure: HTTPS URLs begin with https:// and use default port 443, whereas HTTP URLs begin with http:// and use default port 80.
  • Security: HTTP is insecure and is more vulnerable to attacks  and data exposure while HTTPS is much safer and protects the data against such attacks.
  • Network layers: HTTP operates at the highest layer of the TCP/IP model which is the Application layer.
    SSL security protocol operates as a lower sub-layer of the same TCP/IP model but it encrypts an HTTP message prior to transmission and decrypts it upon arrival. Thus, HTTPS is not a separate protocol, but refers to use of ordinary HTTP over an encrypted SSL connection.

https://www.youtube.com/watch?v=AkYMkz17zBA

Making your WordPress site HTTP to HTTPS

First step to make your website HTTPS enabled, you need to purchase an SSL certificate. You should buy SSL from reliable companies like Godaddy or Hostgator. Then install it on your web hosting server using the help of your SSL provider. Once your SSL is activated, you will see a SSL icon in the cpanel under security tab.

Now, In your website admin console, under general settings change the WordPress Address (URL) from http to https and Site Address (URL) from http to https.

Moving WordPress from HTTP to HTTPS

To easily enable (and enforce) WordPress administration over SSL, the constant FORCE_SSL_ADMIN should be set to true in your site’s wp-config.php file to force all logins and all admin sessions to happen over SSL.

This will migrate your WordPress from HTTP to HTTPS. There is still somethings you need to do-set up a 301 permanent redirect and resumbit your website in Google.

To setup a 301 permanent redirect, FTP/SFTP to your server and add the code below at the top of WordPress’ .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https:// {SERVER_NAME}/$1 [R,L]

Once it is done, you can login to your Google webmaster account and resubmit the website and site map for changes URLs.