WordPress adding SSL and HTTPS

Adding an SSL certificate to your site – potential problems

Moving a WordPress website to SSL is something we’ll all have to do at some point for existing sites and it can cause a lot of problems. Here is a list of some of the most common problems you may encounter when moving to SSL and HTTPS and how to deal with them.

Before we start, here is a little about SSL and HTTPS

SSL and HTTPS is a method of encryption that secures the connection between user’s browser and your WordPress server. This makes it much more difficult for anyone to intercept information sent between the two and therefore harder for anyone to eavesdrop on your connection.

Each SSL and HTTPS enabled site has a unique SSL certificate for identification purposes. This is very useful in identifying legitimate websites from spoof sites, meaning for example, your less likely to be caught scams like in phishing attempts.

WordPress site does not have a green padlock

This is the most common problem you’ll encounter after installing an SSL certificate on your WordPress site and is not always so straight forward to fix. The cause of this is non-secure content being called by your site such as external JavaScript files – in other words, your page is trying to include content from HTTP sources as opposed to HTTPS sources. This can usually be fixed by very simply updating the URL your calling to HTTPS. Load the problem web page or website, press CTRL+U to view the source, press CTRL+F and search for ‘http://’ – this will show you the URLs that are not secure. Once you’ve identified the problem URL, edit the template or site content to update them. Alternatively, a faster but riskier option is to do a blanket database search-and-replace ‘HTTP:’ with ‘HTTPS:’ as this normally fixes the majority of the problems.

WordPress site won’t load any more after changing the site URL to HTTPS

Updating the site URL and address via the dashboard settings is pretty straight forward, however, if your site is redirecting to the wrong address, you may no longer be able to log in. Therefore, you may need to change this setting directly in the database. To access the relevant table, log in to the database using PHPMyAdmin via your control panel. The site URL, as specified in the WordPress settings > General Settings > WordPress / site address, can be accessed directly through the database in the table wp_options > siteurl. If you’ve not got experience editing the database you should take a backup first just in case!

Too many redirects WordPress error message after moving to SSL

This can be caused by several configuration errors often within HTACCESS or your hosting control panel. However, If you’re forcing SSL and HTTP via the wp_config.php file, you may need to add an extra line of code to fix this:

The line of code added to the wp_config.php file to force SSL and HTTP is:

define('FORCE_SSL_ADMIN', true);

To fix the redirects error that can be caused by this code, add the following after the above line

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)

       $_SERVER['HTTPS']='on';

Error message NET::ERR_CERT_INVALID Error (Chrome)

Note that this is the Chrome specific error but other browsers will give a similar error. This is to do with the fact that the browser has rejected the site’s SSL certificate. This is usually because the SSL certificate is for a different domain, the certificate has expired, or the browser doesn’t recognise the certificate issuing authority. This may mean reinstalling your certificate or getting he,p directly from the certificate provider.

If you’re having trouble moving your site to an SSL and HTTPS connection and need our help, call us today on 0114 383 0711 or send us a message through our contact page

Christophe