How to fix problems with SSL on a WordPress website?

fix SSL WordPress Problem

The majority of websites on the Internet are powered by the WordPress platform, and with the evolution of the global network, data security has become one of the top priorities for any kind of internet presence. This is especially important for eCommerce websites that handle money transactions and that have high visitors count with a lot of personal information being stored on a server. One of the easiest ways to improve your website’s security and user privacy is to implement the Security Socket Layer protocol – SSL.

SSL implementation can be a challenging task, depending on your website and problems that might emerge during and after the integration. But before we dig into possible problems, let’s get to know the nature of SSL, and what it does.

Why do we need an SSL certificate on our WordPress website and what does it do?

The evolution of the Internet brought with it the ever-evolving number of frauds and individuals that want to get a hold of your sensitive data. SSL basically protects your data as it travels from your browser to the website’s server. Data flow from the origin to the destination is almost never direct, and often includes a lot of different routes and computers along the way. Since each of those points can be considered as a risk, and potential liability, SSL makes sure that none of the transferred data is visible to third party users. This way even if hackers and identity thieves intercept your data at any of these points, it would be unusable to them because it is encrypted.

How does the SSL protection work, and what are the advantages?

In simple terms, SSL is a middle layer that stands between the user’s browser and the server that hosts your website. By securing the data flow between browser and server, SSL provides three main benefits: encryption, authentication, and integrity. The encryption is the main point of the SSL certificate. Every information sent from the user to server and back is being encrypted, which makes it virtually impossible for anybody else to use it without the decryption key. Data authentication needs to be met at both ends of the communication, making sure data is going from the user’s browser to the correct server, and vice versa. Data integrity is being checked on both ends, ensuring not a single byte is being modified in the process, thus strengthening the security.

With the implementation of SSL, your URL changes from HTTP to HTTPS – HyperText Transfer Protocol Secure, marking the communication with your website secure. Bear in mind that Google made HTTPS one of the ranking factors and that SSL is one of the easiest ways to improve your SEO.

Save yourself money and trouble

The process of SSL installation in WordPress can be a tricky business, and if you are not an experienced user, you should let someone else take care of it for you. Bear in mind that in most cases SSL is a part of the hosting plan. So before choosing your hosting provider, make sure that SSL is part of the deal, and this can save you a lot of money and trouble in the future. Providers like Hostinger offer advanced security plans, with SSL being a standard part of their offer, so make sure you check it out before you pick your host.

HTTP to HTTPS redirects

Once the SSL implementation is done, there are a couple of things that need to be addressed. Unless you tell WordPress to redirect HTTP requests to HTTPS it will not do it automatically. You can solve this manually or use a plugin like WP Force SSL, Easy HTTPS Redirection, Really Simple SSL… If you like to get your hands dirty, you’ll need to add a couple of lines of code to your .htaccess file.

IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://www.YOURWEBSITENAMEHERE.com/$1 [R,L]

</IfModule>

And make sure to change ‘YOURWEBSITENAMEHERE’ with the URL of your website.

Too many redirects after moving to HTTPS

You can force SSL/HTTPS to WordPress admin and login pages by adding two lines of code in your wp-config.php file.

define(‘FORCE_SSL’, true); 

define(‘FORCE_SSL_ADMIN’,true);

This setting can also cause “Too many redirects” error. This can be resolved by…? You have guessed it – more code! You’ll just need to add this before “That’s all, stop editing! Happy blogging” in the wp-config.php file.

define(‘FORCE_SSL’, true);

define(‘FORCE_SSL_ADMIN’, true);

if (strpos($_SERVER[‘HTTP_X_FORWARDED_PROTO’], ‘https’) !== false)

       $_SERVER[‘HTTPS’]=’on’;

The NET:ERR_CERT_INVALID error

This is the error that appears in browsers when your certificate is not accepted, and your connection is treated as not secure. This can be due to several reasons:

  • The SSL certificate is issued to different domain/subdomain
  • The SSL certificate has expired
  • Your browser can not identify the authority that issued the certificate

If you listened to us and picked a hosting provider with SSL as a part of the plan, you need to contact your provider to solve the problem. If you installed the SSL certificate manually, you should first try to reinstall it, and see if the problem persists. If this doesn’t work, try contacting SSL authority and ask for support.

Outdated SSL certificates

This error can be reported by a browser and basically means that your SSL certificate is no longer valid, and you should renew it. You can contact your SSL authority that issued the certificate to renew it. Some SSL certificates allow you to renew it by simply running a renewal command.

Mixed content errors after SSL implementation

This error is associated with resources like images and scripts still loading using HTTP in the URL. You can identify this error in your browser as the lock icon is not green or there is a message saying, “Your connection to this site is not fully secure”. Like many things in WordPress, this error is fixable by using a plugin or manually. Plugins like Really Simple SSL can take care of this the easy way.

Manual correction requires a bit more time but can give you better results and performance.

  1. Make sure that you are using HTTPS. Go to Settings/General Page and make sure that both “WordPress Address (URL)” and “Site Address (URL)” display HTTPS URLs. If any of them shows HTTP, change it to HTTPS and save changes.
  2. The next step is the database check-up. Basically, you need to find old HTTP URLs in your WordPress database and replace them with HTTPS. To do this you’ll need to use appropriate plugins like Better Search Replace or Search & Replace. In both cases, there are intuitive search and replace fields that just need to be filled with your website’s address, and the rest is done automatically.
  3. There is a possibility that you will see Mixed content error after all this, and this means that you need to check your WordPress theme and plugins. The first step is to use the browser’s Inspect tool and locate the resources that are causing the errors, and their location. If the resource is related to the theme, you’ll need to find them in WordPress theme and replace HTTP with HTTPS. If you can’t find them yourself, you should reach out to the theme developer, and ask them to fix the issue.  It’s a bit tricky with plugins since editing them is not recommended, even for experienced users. This is why we recommend contacting the plugin developer, and notifying them about the problem so that they can fix it with an update. In the meantime, you can simply disable the plugin to temporarily fix the error.
  1. Even after themes and plugins Mixed content error can appear from hot-linked resources or CSS and JS files from other domains. Hot-linking is the process of calling resources from a remote source. If a remote source is using HTTPS, you can just mend hotlink to use HTTPS instead of HTTP. It is similar to CSS and JS files, you should just check if there are HTTPS versions available, and simply change them.

SSL boosts your SEO rankings

Do not forget, SSL is a very important SEO factor that will boost your search rankings. After the SSL implementation, you should update your Google Search Console with a new property containing HTTPS URL, add a newly updated XML sitemap, and update settings to HTTPS in your Google Analytics dashboard (Admin/Property/Property Settings).

Improve your security

As we said at the beginning the Internet is evolving, unfortunately with hackers and malicious users, coming up with new ways to harm you, steal your data, or simply damage your website. This is why installing and maintaining an SSL certificate is just one step towards better WordPress website security, but nonetheless, a very important step. It will bring a higher level of trust to your website, and data flow will be encrypted and protected from falling into the wrong hands.

Get latest updates, deals and more from us!
Deals, Updates
and more...
No Thoughts on How to fix problems with SSL on a WordPress website?

Leave A Comment

Search