One of the most important features is to ensure that your WordPress website is secure and safe for those users who want to exchange their important information on your website while shopping or doing other stuff. Setting up your WordPress website to force the use of the most secure transaction system is not that difficult to implement, but it needs a lot of decision-making to enforce a secure transaction process for the user.
You would have seen on some websites, their URLs starting with “HTTPS” like Facebook, Google, and many others. An “HTTPS” enabled website adds a security layer to the data communication between your computer and the server. The data communication is encrypted with an SSL (Secure Sockets Layer) certificate.
The next question in your mind will surely be “Why do you need it?”
Any sensitive information ,like your credit card details, your passwords, or anything that could be called sensitive, needs to be safe whenever it is sent to the server so that nobody between you and the server you are interacting with can get it. That’s why most of the shopping sites don’t use“HTTP”. The next important question is how you can enable SSL on your WordPress site. It is very easy.
Setting up your WordPress site with HTTPS:
First, you have to purchase an SSL certificate for your site and install it on your domain. Then go to the WordPress admin and open the settings page. There you will see these two text fields.
Just change your URLs by adding “s” after “HTTP” and save it. The next step is to open your “.htaccess” file, which is residing in the root of your WordPress, and put this code into that file.
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Let me explain the above code.
First-line will check whether the URL that has been entered by the user has “HTTPS” or not, and will be true if it does not have “HTTPS”.
In this part “https://%{SERVER_NAME}/$”
{SERVER_NAME} = “domain name”
^/?(.*) = “the slash is representing that slash, which is coming after the domain name and? (.*) means nothing or everything”
$ = “this variable will be having everything user entered after the domain name”
In “[R, L]”, “R” means redirect, and“L” means this was the last rule, so stop further processing.
Save your“.htaccess” file, and you are all done. Stay safe.
Leave a Reply