Install a TLS/SSL certificate on WordPress

Last Revised: October 2, 2021

When we surf the Internet we want to do it safely. To do this we should browse trusted sites “with the green bar” (or padlock). This system differentiates HTTP [http://] from HTTPS [https://]. Broadly speaking, the difference between one and the other is that the information of users, passwords, forms, etc., in the second case is encrypted from your browser to the server. Thus, if a hacker is able to intercept your data, he would see it encrypted and could not know its contents easily.

To achieve this we have to install a TLS certificate on the web server (Apache HTTPD, nginx…). Keep in mind that usually (badly) all certificates are called “SSL” (although that technology is previous and obsolete).

It is possible that due to compatibility issues your users do not want to offer this by default throughout the site, but at least you should have it configured in the administration panel [/wp-admin/].

The steps are as follows:

  1. Obtain, install, and configure a TLS certificate. You can get one through Let’s Encrypt’s open system (for example, through the SSL for Free website) or by purchasing a certificate from any of the usual providers.
  2. As much as possible, set up your entire website to work only with HTTPS. If it is not possible, at least, that you can browse HTTP and HTTPS indistinctly.
  3. Make sure the certificate is working properly. There are tools to verify them.
  4. When you access the admin panel, force HTTPS to be activated.

To do the latter, add a few lines in the WordPress configuration file [wp-config.php]:

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

Since WordPress 5.7 the Site Health tool has a functionality that facilitates this process.

Seguir con Seguridad para WordPress

About this document

This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.