Simple steps to manually set up HTTPS and HTTPS-redirects instead of using plugins (further slowing down your site). This will give you the proper URLS and fast speeds.
STEP 1 – Install (Let’s Encrypt) SSL certificate
Do this from your cPanel:
- SSL certificates are installed automatically for all new domains and sub-domains in cPanel. The daily check runs once everyday. To manually do this yourself, go to cPanel > SSL/TLS status, select the domains/subdomains you want to generate SSL for, and click “Run AutoSSL”. NOTE: these domains need to point to our server IP in order to generate SSL certificates. Make sure your registrar or DNS management (e.g. Cloudflare) has the domains pointed to our server IP.
STEP 2 – Change WordPress URL to HTTPS
Go to your WordPress settings and change the website address and site address to HTTPS. If you can’t get in there for whatever reason, you can edit wp-config.php.
STEP 3 – Update your database URL’s
This is the part where most people either get lazy or don’t know how to do it. They’ll use a plugin like some “Really Simple SSL” that forces HTTPS or enable the feature from their security plugin. I HATE THIS…don’t install another plugin just for this basic function!
The best way is to do it manually from your database so that all your asset URL’s and internal links use native HTTPS instead of wasting server resources to reload the links in HTTPS.
How to update your database URL’s manually:
- Install Better Search Replace (by Delicious Brains)
- Back up your database if you’ve never done this before.
- Enter “http:” in the top field and “https:” in the bottom field. Please write it exactly as I say…otherwise, if you put only “http” and not “http:”, you risk jacking up all the entries that already have “https”.
- Select all tables.
Honestly, editing database URL’s manually is very easy to do but also very easy to completely screw up your site if you don’t know what you’re doing. Please be careful and make backups.
TIP: if you have errors doing all tables, you can do only a couple a time.
STEP 4 – Update Google Search Console
Update your website settings in Google Search Console and also Google Analytics to use your new HTTPS address!
STEP 5 – Apply HTTPS redirect in your htaccess file
This is the last step. Put whichever code fits the address you want your users to redirect to….HTTPS with or without www?
WITHOUT www (all visits go to “https://domain.com”):
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
WITH www (all visits go to “https://www.domain.com”):
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
STEP 6 – Resolve any problems (if needed)
Everything should be working. But just in case, here are a few diagnostic steps you can do if the HTTPS doesn’t show green of you don’t get that padlock.
- www.whynopadlock.com – this should be your first order of business. Check here and it will tell why you’re not getting a full HTTPS status.
- Google Chrome > Developer Tools > Security – another way is to right-click anywhere on the page, then click “Inspect”, then “Security” TAB. Then reload the page.
Most likely, you may still have some assets loading from HTTP instead of HTTPS. Use the search-replace tool again or go through all your theme/plugin settings.
This is an excellent step by step guide to resolve any issues in getting your site secured with a ssl. I have little experience in doing this, so this was huge. Thank you for compiling this info