If your web site has a login for end-users or takes credit cards including PayPal, you should convert your site to full HTTPS. Another good reason is that Google is now offering ranking boost if your site runs on HTTPS (Source: http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html). After converting some of my client web sites including my own company website to HTTPS and fine-tuning the process each time, I realized how EASY this process is.
Obviously, BACK UP YOUR SITE BEFORE MAKING ANY CHANGES INCLUDING CONVERTING YOUR SITE TO SSL.
Here are the 3 steps….
1. Call your web hosting provider to let them know you want your web site to be full HTTPS. They will let you know the steps and they will also let you know of any setup fees and increased monthly fees. The first step from your hosting provider is to create a “Certificate Signing Request” (or CSR). In order to do this step, you need to let your web hosting vendor know the answers to the following questions:
IMPORTANT: You can not use abbreviations like CA or TX.
They will take your answers and create the CSR which is an encrypted text file that looks something like……..
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
2. Once you get the CSR text file from our web hosting vendor, you need to purchase an SSL certificate from a SSL vendor. Some web hosts sell these certs themselves or you may have to go a 3rd-party vendor like GoDaddy to purchase it. GoDaddy charges around $69.00 per year for their certificates. The price varies depending on the vendor. When you purchase the SSL Certificate, you need to send them the CSR you received from your web host including the “BEGIN” AND “END” lines. After your SSL vendor has your payment and your CSR, it will take about 24-48 hours to get your SSL certificate package (zip file). Sometimes it could be within 1-2 hours. You send this zip file to your web hosting provider and they will move your site to a SSL web server, change the appropriate DNS entries and then install the SSL files to your new HTTPS hosting account. You can test if the SSL certificate is installed correctly here.
3. Finally, you need to install the WordPress HTTPS (SSL) plugin from https://wordpress.org/plugins/wordpress-https. After it’s installed, you go into the settings of this plugin and add a slash “/” near the bottom of the settings page in the “Secure Filters” section here….
and click on the “Save Changes” button. That’s it. You do not need to change any other settings including the URL settings in the “General Settings” in the WordPress admin. This has worked for me on 4 client web sites. Over the past couple of years, I’ve tried many combinations/settings/plugins and these steps seem to work really well without any issues.