WordPress SSL requirements

WordPress does not require too much if we want to add SSL to our website. We just need to buy SSL certificate in our hosting provider site. Some of hosting providers offer free versions of certificates so you can test it with no worries.

Setting up SSL certificate on WordPress website

Once you already have SSL certificate then navigate to Settings -> General Settings and enter an appropriate address with https at the beginning:

Now our website will use HTTPS but still, we can enter the website without it. We can force WordPress to use the only HTTPS by adding code to .htaccess file (it will works on most servers with Apache):

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.website.com/$1 [R,L]
</IfModule>

Remember to change https://www.website.com to your domain. By adding these entries in .htaccess file you will avoid errors because all URLs and content will be on SSL. Now anyone who will visit the website over HTTP will be automatically redirected (301 redirect) to SSL version.

Force SSL Admin on WordPress website

You can also set the option to always use WordPress backend over SSL. You can do that by adding this line to your wp-config.php file (located in your WP main directory):

define('FORCE_SSL_ADMIN', true);

Add it before the line:

/* That's all, stop editing! Happy blogging. */

After these changes, your website will work over SSL. Of course, if you want to disable SSL you need to revert changes.