Security in online stores: how to install SSL certificates in wordpress

In many web portals where security is paramount we can see that next to the name of the web, in the address bar, a small green padlock appears. If we look a little further we will see that the URL begins with the letters https, instead of the classic http, that means that this web page uses an SSL security certificate and therefore it is a secure web page.

What is the SSL certificate?

The SSL certificate (Secure Sockets Layer, in Spanish Capa de Puertos Seguros) is a cryptographic method that ensures the privacy of data sent and received online. It works with two keys, one public and one private, and any information that is sent needs the two keys to be decrypted, so some hacker will intercept communications without those keys could not access the information.

Where to get the certificate.

There are several companies that issue SSL security certificates. An easy solution is to request the certificate from your hosting provider and have it installed and activated. The price of the SSL certificate varies from one company to another and can be between € 25 to € 50 per year, there are even hosting providers that include it among their hosting plans for free. The maintenance of the web page with SSL security, once the certificate is paid, is the same as an insecure page.

Once the certificate is requested and activated we can check its correct installation on this web page https://www.digicert.com/es/ayuda/ where we only have to enter the domain and it will tell us if it has an active ssl certificate.

Configure wordpress to work with SSL

Once the SSL has been installed and activated from the hosting, we see that nothing has changed on our page and the green lock or the https protocol still does not appear, so that our page works in a secure mode, the entire website must be redirected. http to https. Next I will explain how to do it on a page in wordpress.

Domain redirection in WordPress.

A redirection of the domain means that all the pages of our website that were previously opened with the normal http protocol, http://mydomain.com, now have to be opened with the security protocol https, https: // mydomain. com, for this there are several ways: by hand changing the .htaccess file or using a plugin.

The modification of the htaccess file can be somewhat tedious and complicated, for this reason we recommend that those who are not experts leave the redirection task in the hands of a pluggin. If you want to modify the file by hand on this page anyway, you have the answer.

Redirection through plugins

There are several wordpress plugins that redirect the domain, if you type https redirection in the search box to install a new wordpress plugin that you see several plugins. We will use the Easy HTTPS Redirection plugin that has more than 20,000 active installations and 4 reputation stars.

Once the plugin is installed and activated we can open its configuration in Settings -> Https Redirection. In the plugins screen we must activate the two boxes that appear. When we activate the first one, Activate automatic redirects to HTTPS, a selection appears, we must choose the first option, The whole domain, The entire domain. We must leave everything as it appears in the photo and press the Save Changes button.

At the bottom of the page there is a red warning that warns us that once the redirection is activated if the website stops working we must access the .htaccess file and delete all the lines that the plugin has added that will be among the comments # BEGIN HTTPS Redirection Plugin and # END HTTPS Redirection Plugin.

Redirect all internal links and directions to images.

Once we have redirected from http to https we go to the home page of our website and see that a yellow warning triangle appears next to the address. That is because although we have changed the site redirection within the web there are still old links to internal pages with the http protocol and images with http addresses. For this we need to search all references in our database at http://mydomain.com and change them to https://mydomain.com. There are several plugins capable of searching and replacing words within the database, such as Better Search Replace, but I prefer WP Migrate DB.

Before making changes to the database we must make a backup in case we are wrong in any step. Once the database is backed up we go to Tools -> Migrate DB, on the screen we select Find & Replace, as it appears in the following image. In the Find text box we must put the address of our domain preceded by http with both the three double uve, www, and without them. In the Replace text boxes we will put the address of our domain preceded by hhtps. The rest of the options can be left as is. Before pressing the Find & Replace button we must make sure that in the Replace text boxes our domain appears correctly written, once checked we can proceed. Once the process is finished, it will show us a dialog box with the number of matches found and replaced.

Now we go to the main page of our site and verify that the green lock next to our address already appears, and if we click on it it informs us that the connection with this website is private.

Added value to your online store.

Although the most sensitive data such as customer bank card data is normally done through a tpv on an external website owned by the bank and totally secure, it should be almost mandatory to offer this secure and private connection through the SSL protocol, in our online store for the customer to enter their data with complete confidence. As we have seen the price of the certificate, from € 25 / year, the adequacy of our wordpress, or the cost of maintenance are no excuse for not having an online store that offers total security to our customers.

Leave a comment