- Wordpress

Switch http to https for WordPress

Abstract

This article aims to record how to switch http to https on WordPress.

Attention: Please make sure the WordPress service can be accessed by http protocol, or you may not access to the service after you switch to https with following steps.

Step 1. Open the wp-config.php file

Open the wp-config.php file. Assume the root dir of the wordpress is “wordpress”. 

# If the dir required root permission, add sudo at the beginning.
vim /wordpress/wp-config.php

Step 2. Edit the file

Add the code below the first <?php in the file:

$_SERVER['HTTPS'] = 'on';
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

Step 3. Change the website address

Change the website to the correct https address in the admin page, which is in the Settings/General page.

Step 4. Config Apache Virtualhost file

Create a apache config file for the wordpress service, assume the apache installed in /etc/httpd, and the file named blog.conf:

sudo vim /etc/httpd/conf.d/blog.conf
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:!RC4:

<VirtualHost _default_:80>
    # Use the correct website instead
    Servername www.example.com
    ErrorLog logs/error_log
    TransferLog logs/access_log
    LogLevel warn

    # 301 jump
    RewriteEngine on
    RewriteCond   %{HTTPS} !=on
    RewriteRule   ^(.*)  https://%{SERVER_NAME}$1 [L,R] 
</VirtualHost>

<VirtualHost _default_:443>
    # Use the correct website instead
    Servername www.example.com
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn
    SSLEngine on
    # Use the real path of certificate file instead
    SSLCertificateFile path_of_cert_file
    SSLCertificateKeyFile path_of_cert_key_file
    RewriteEngine On

    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    ProxyPass / http://www.example.com/
    ProxyPassReverse / http://www.example.com/
</VirtualHost>

In the listen of port 80, we use 301 jump to force use https instead of http.

Step 5. Reload Apache service and access the WordPress with https website

Reload the apache service:

sudo systemctl reload httpd

Access the service with https address, it is ok now.

Related Posts

Remove FTP login in WordPress

November 1, 2019

Solution of redirection of WordPress

October 31, 2019

Recover “links” option in WordPress

October 31, 2019

About Ziqi.Yang394

Read All Posts By Ziqi.Yang394

Leave a Reply

Your email address will not be published. Required fields are marked *