How to force HTTPS on site with Let’s Encrypt SSL?

How to force HTTPS

photo found on Unsplash

HTTPS is hot.

HTTPS (or Secure HTTP) is an encryption method that secures the connection between the browser of your site visitor and your site, or more precisely the server where your site is hosted.
Making a server secure is done with a so-called SSL certificate.

Back in the days, it was recommended that eCommerce sites would have an SSL certificate, because those type of sites are collecting privacy-sensitive payment information (think credit card number, combined with full name and address). Nowadays it is recommend that every site has a certificate. Google now says that it gives a higher ranking to sites that are running on HTTPS; whether you believe that or not, adding a security layer to your site doesn’t hurt!

Getting an SSL certificate was a complicate process where you needed to hand over money, generate keys, contact your host and jump through a few other hoops before your site would be able to show the green lock.

How to force HTTPS screenshot

That was until Let’s Encrypt arrived.

Let’s Encrypt is a free, automated, and open Certificate Authority.

And since Let’s Encrypt has been added to cPanel, it literally takes no more than 1 click on a button, waiting a few seconds and voilà, your site is running via HTTPS.

Siteground is one of the hosts that added Let’s Encrypt to cPanel almost instantly and that probably also has to do with the fact that they are one of the many major sponsors.

If your host has not added it to cPanel yet, you should ask for it and explain to them it is really simple.

Once the new SSL certificate has been installed on your server, you need to make sure that HTTPS is added to the site’s URL. In your WP Dashboard you can go to the General Settings where you can adjust the WordPress Address (URL) as well as the Site Address (URL).

But with that your site visitor doesn’t know (of) the change yet and your site can still be visited via HTTP too.

To force HTTPS, which means that all traffic to your site automatically is pointed to the secure version of the site, you will need to add a few lines to your site’s .htaccess file. This file usually sites in the root of your WordPress install.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

Of course you need to change the yourdomain.com part for your own domain and if your URL has the www. too, you will need to add that here too. Also if you have installed WordPress in a sub folder, you will need to add that to the snippet too.

Over to you, is your site running HTTPS already?