Tutorial: How to fix some final WordPress SSL settings

garryneville

New member
Registered
Joined
Oct 27, 2018
Messages
10
Points
3
After installing an SSL certificate and having the plugin Really Simple SSL on WordPress, there are still some errors (some things stay "disabled"). To fix them all, do this:

1. Enable HTTP Strict Transport Security (HSTS)

Open your .htaccess file in your root directory and add this:
Code:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

2. Set Secure Cookies

Add in the wp-config.php file in your root directory and add this:
Code:
//Begin Really Simple SSL session cookie settings
@ini_set(‘session.cookie_httponly’, true);
@ini_set(‘session.cookie_secure’, true);
@ini_set(‘session.use_only_cookies’, true);
//END Really Simple SSL cookie settings
 
Last edited:

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
After installing an SSL certificate and having the plugin Really Simple SSL on WordPress, there are still some errors (some things stay "disabled"). To fix them all, do this:

1. Enable HTTP Strict Transport Security (HSTS)

Open your .htaccess file in your root directory and add this:
Code:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

2. Set Secure Cookies

Add in the wp-config.php file in your root directory and add this:
Code:
//Begin Really Simple SSL session cookie settings
@ini_set(‘session.cookie_httponly’, true);
@ini_set(‘session.cookie_secure’, true);
@ini_set(‘session.use_only_cookies’, true);
//END Really Simple SSL cookie settings
Hello,
HSTS header should not be enabled without understanding what is it, because when you enable HSTS, your site must continue to support HTTPS until the expiry time (max-age) has been reached.
Additional informations are available on https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security
 

Elliot Martin

Member
Registered
Joined
Jan 6, 2023
Messages
17
Points
1
If you have already installed an SSL certificate on your WordPress website and want to ensure that all final SSL settings are configured properly, here are a few steps you can follow:

Update the WordPress Address and Site Address: Go to your WordPress dashboard, navigate to Settings > General and update the WordPress Address and Site Address to use "https" instead of "http". This will ensure that your site is accessible over a secure connection.

Install and configure a security plugin: There are several security plugins available for WordPress, such as Wordfence, iThemes Security, and Sucuri. Install one of these plugins and configure it to enforce SSL on your site, as well as scan your site for any potential security vulnerabilities.

Redirect all HTTP traffic to HTTPS: To ensure that all visitors to your site are using a secure connection, you should redirect all HTTP traffic to HTTPS. This can be done by adding the following code to your website's .htaccess file:

Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Update your website's sitemap and Google Analytics: If you have a sitemap or Google Analytics set up for your website, make sure that you update them to use the new "https" URL. This will ensure that all traffic to your site is tracked properly and that search engines can index your site correctly.
By following these steps, you can ensure that your WordPress website is fully configured to use SSL and that all traffic to your site is secure.
 
Newer Threads
Latest Threads
Replies
0
Views
32
Replies
1
Views
40
Replies
0
Views
235
Replies
1
Views
51
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top