One of the most important features which you should have to ensure that your WordPress website is secure and safe for those users who want to exchange their important information on your website while shopping or doing other stuff. Setting up your WordPress website to force use the most secure transaction system is not that difficult to implement, but it needs a lot of decision making when to enforce a secure transaction process for the user.
You would have seen on some websites, their URLs starting with “HTTPS” like Facebook, Google, and many others. An “HTTPS” enabled websites to add a security layer to the data communication between your computer and the server. The data communication is encrypted with an SSL (Secure Sockets Layer) certificate.
The next question in your mind will surely be “Why do you need it?”.
Any sensitive information like your credit card details, your passwords, or anything which could be called sensitive, needs to be safe whenever it is sent towards the server so that nobody between you and the server you are interacting with can get it. That’s why most of the shopping sites don’t use “HTTP”. The next important question is how you can enable SSL on your WordPress site. It is very easy.
Setting up your WordPress site with HTTPS:
First, you have to purchase an SSL certificate for your site and install it on your domain. Then go to the WordPress admin and open the settings page. There you will see these two text fields.
Just change your URLs by putting adding “s” after “HTTP” and save it. The next step is to open your “.htaccess” file which is residing in the root of your WordPress and put this code into that file.
RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Let me explain the above code.
First-line will check whether the URL which has been entered by the user is having “HTTPS” or not and will be true if it is not having “HTTPS”.
In this part “https://%{SERVER_NAME}/$”
{SERVER_NAME} = “domain name”
^/?(.*) = “the slash is representing that slash, which is coming after the domain name and? (.*) means nothing or everything”
$ = “this variable will be having everything user entered after the domain name”
In “[R, L]”, “R” means redirect, and “L” means this was the last rule so stop further processing.
Save your “.htaccess” file and you are all done. Stay safe.