Tutorial: How to fix some final WordPress SSL settings

garryneville · Oct 27, 2018

After installing an SSL certificate and having the plugin Really Simple SSL on WordPress, there are still some errors (some things stay "disabled"). To fix them all, do this:

1. Enable HTTP Strict Transport Security (HSTS)

Open your .htaccess file in your root directory and add this:

Code:

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

2. Set Secure Cookies

Add in the wp-config.php file in your root directory and add this:

Code:

//Begin Really Simple SSL session cookie settings
@ini_set(‘session.cookie_httponly’, true);
@ini_set(‘session.cookie_secure’, true);
@ini_set(‘session.use_only_cookies’, true);
//END Really Simple SSL cookie settings

VirtuBox · Oct 30, 2018

garryneville said:
After installing an SSL certificate and having the plugin Really Simple SSL on WordPress, there are still some errors (some things stay "disabled"). To fix them all, do this:

1. Enable HTTP Strict Transport Security (HSTS)

Open your .htaccess file in your root directory and add this:

Code:

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

2. Set Secure Cookies

Add in the wp-config.php file in your root directory and add this:

Code:

//Begin Really Simple SSL session cookie settings @ini_set(‘session.cookie_httponly’, true); @ini_set(‘session.cookie_secure’, true); @ini_set(‘session.use_only_cookies’, true); //END Really Simple SSL cookie settings

Hello,
HSTS header should not be enabled without understanding what is it, because when you enable HSTS, your site must continue to support HTTPS until the expiry time (max-age) has been reached.
Additional informations are available on https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security

Elliot Martin · Feb 21, 2023

If you have already installed an SSL certificate on your WordPress website and want to ensure that all final SSL settings are configured properly, here are a few steps you can follow:

Update the WordPress Address and Site Address: Go to your WordPress dashboard, navigate to Settings > General and update the WordPress Address and Site Address to use "https" instead of "http". This will ensure that your site is accessible over a secure connection.

Install and configure a security plugin: There are several security plugins available for WordPress, such as Wordfence, iThemes Security, and Sucuri. Install one of these plugins and configure it to enforce SSL on your site, as well as scan your site for any potential security vulnerabilities.

Redirect all HTTP traffic to HTTPS: To ensure that all visitors to your site are using a secure connection, you should redirect all HTTP traffic to HTTPS. This can be done by adding the following code to your website's .htaccess file:

Code:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Update your website's sitemap and Google Analytics: If you have a sitemap or Google Analytics set up for your website, make sure that you update them to use the new "https" URL. This will ensure that all traffic to your site is tracked properly and that search engines can index your site correctly.
By following these steps, you can ensure that your WordPress website is fully configured to use SSL and that all traffic to your site is secure.

Tutorial: How to fix some final WordPress SSL settings

garryneville

New member

VirtuBox

Well-known member

Elliot Martin

Member

Latest posts New threads

Latest posts

New threads

Latest Hosting Offers New Reviews

Latest hosting offers

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud