How do I Enable the HTTPS on our Website?
Most of users are surely aware of HTTPS and it's benefits. HTTPS communication protocol enhances the information security of a website and decreases loadtimes. It's also known that Google ranks these secured sites when producing their search results. Using HTTPS serves to build trust especially when used on online stores and other websites that require login. With such websites it is especially crucial, because HTTPS encrypts all traffic between the browser and the server, such as passwords and payments.
We highly encourage the usage of HTTPS. Therefore we provide a complimentary HTTPS-certificate with each of our subscription plans. This also includes that we ensure to our customers that the certificate is installed correctly and that deploying the communication protocol is effortless.
Seravo uses HTTPS-certificates provided by Let's Encrypt. Let's Encrypt is an open source project hosted by the Linux Foundation. With providing free certificates the project is determined to ensure that all websites use HTTPS-encryption.
Deploying the HTTPS-certificate
Because the certificate is pre-installed in a Seravo subscription plan, you can effortlessly set your website to use HTTPS-encryption directly from the WordPress dashboard.
- Navigate to Settings -> General
- Type your web address into the fields 'WordPress Address' and 'Site Address' with the https-prefix, for example 'https://example.com
- Now you are using HTTPS!
If that doesn't work for some reason, you can force all website traffic to https with the help of this guide.
It is recommended to change all addresses in the database as well to avoid so called mixed content warnings in the web browser. You can find the database search and replace tool in WordPress admin panel Tools > Database. Enter your site address in the search and replace fields as shown below. Then click "Do a dry run" and after it is done click "Run wp search-replace" to make the actual changes in the database
Deploying the certificate from the command-line
HTTPS-encryption can also be activated via the command-line with the wp-cli tool
<code>$ wp option get siteurl<br>http://example.com<br><br>$ wp option get home<br>http://example.com<br><br>$ wp option update siteurl https://example.com<br>Success: Updated 'siteurl' option.<br><br>$ wp option update home https://example.com<br>Success: Updated 'home' option.
In addition to specifying the web address it is also recommended to run the command:
wp search-replace 'http://example.com/' 'https://example.com/' --all-tables
This makes the necessary modifications to the database that the website uses only URLs beginning with HTTPS instead of HTTP
Deployment in a network (multisite) environment
Deploying HTTPS in a multisite-envinronment differs slightly from a conventional WordPress installation.
- Navigate to My Sites -> Network Admin -> Sites
- Open the options for the website you want to secure (example.com/subsite)
- Browse into the 'Settings' tag
- Change the values of the 'Siteurl' and 'Home' options into 'https://example.com/subsite'
- Now your site is HTTPS-encrypted
Occasionally deploying HTTPS some problems could arise. This might happen especially with older websites, because some of the elements might be transferred over HTTP as default. The issue can be identified as Mixed Content -warnings, which indicates that some parts of the website are transferred over the unencrypted HTTP. This compromises HTTPS and therefore it is crucial to fix these issues as soon as possible.
You can troubleshoot the issue by identifying the elements responsible for the warnings using the console view of your web browser.
If an image cannot be transferred over HTTPS (you can test this by changing the url for the image from http:// to https:// you should download the image into your website's own media library. This ensures that the image is covered by the same encryption as the website itself.
Sometimes the WordPress theme might have addresses hardcoded to use HTTP and a simple change to the database isn't enough to fix the issue. This means that the changes must be done directly into the theme source code. You can seek any urls beginning with HTTP with the command
grep -RF 'http://example.com' /data/wordpress/htdocs/wp-content/themes/mytheme
With any HTTPS-issues conserning a WordPress theme it is advisable to contact the developer of the theme or website. Our experts here at Seravo can also help with solving any issues regarding your website. Contact our customer service for additional information!