How to install SSL and HTTPS on a WordPress site hosted on Godaddy

how to install an ssl certificate or https on wordpress for godaddy

Google has been clear, they are looking to promote secure sites with SSL certificates (also known as being marked as HTTPS sites) ahead of those without.

And you shouldn’t move to SSL just for Google’s sake. SSL protects the information being transferred through your website so it is good for your users too.

Installing an SSL certificate on Godaddy is fairly easy. You will need to:

  1. Purchase an SSL certificate
  2. Authenticate your certificate
  3. Change WordPress URL to https
  4. Change HTA access
  5. Replace old URLs
  6. Double check for old URLs and errors

Here are the details.

1. Purchase SSL certificate

First, purchase your SSL certificate.

If you’re just looking to get any SSL level of security, purchase a standard certificate. I also suggest you buy it from from Godaddy if you are looking for the easiest SSL to setup.

You can purchase your certificate from Godaddy here.

Godaddy SSL price

This will cost you about $60 – $90, depending on which country you are purchasing in.

2. Authenticate your certificate

Once you have the SSL certificate, you will need to activate it by validating your certificate. This is done by entering in information about who is controlling the website and requesting the certificate in the Godaddy product administration area.

The reason why this step is necessary is that point of the certificate is to show that the website and security is owned by a real person.

To authenticate your SSL certificate in Godaddy:

  1. Go to your products page, find your certificate and click manage.

manage SSL certificate

You will be taken to a screen where you can choose the domain main you would like to attach the certificate to.

  1. Choose the domain name you wish to attach the SSL certificate to and click next.

At this point, Godaddy will complete the rest of the validation of your certificate for you.

  1. This takes about 10-30 minutes, so take a short break and refresh your screen.

SSL certificate issued

You will be presented with a new page that shows your certificate has been issued meaning that it has been authenticated and validated.

3. Change WordPress URL to https

Now you will be ready to change your WordPress site’s URL to be https and not http.

To change your WordPress site URL:

  1. Log into your WordPress site’s backend, head to the general settings section.
  2. Change your URL to https:// instead of http:// in both boxes.

change wordpress site URL

  1. Click save changes at the bottom of your screen.
  2. Once you click save, you will be prompted to log into your website again. This is normal.
  3. Visit both https:// and http:// versions of your website to check that they are both working.

4. Change HTA access

Now you have the https:// version of your website working, you will want to change your website so that visitors to your not HTTPS version will be automatically redirected to the correct version of your site.

The easiest way to do this is by changing your HTA access file.

The HTA access file is a file that helps direct users who visit your site and it is hidden in the backend of your website’s files.

manage website hosting godaddy

To access your HTA access file:

  1. Go to your Godaddy account and click manage on your web hosting service.
  2. Click the ‘Cpanel Admin’ button in the top right hand corner.

file manager cpanel

  1. Find your ‘file manager’ and open this in the Web Root section and check to show hidden files. (If you do not select show hidden files, you will not be able to find your HTA access document).
  2. Once the new page is loaded, you should be able to see the .htaaccess file in your main directory.
  3. Download a backup of these file and then click edit. Add this code above the existing content:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  1. Click save.

Now your HTA access file will automatically route users who land on a http version of your site and pages to the new HTTPS site.

5. Replace old URLs

At this point, your site will be setup on HTTPS however your links and files will not yet be secured by SSL because they will likely still be referencing their HTTP versions.

For example: http:///yoursite.com/filename.png

To replace all your old URLs with your new HTTPS versions download and install the WordPress plugin Better Search Replace by Delicious Brains.

better search replace interface

Image credit: WordPress

Once you have the plugin installed, visit your Better Search Replace plugin under tools:

  1. In the Search for box, enter http://www.yourdomain.com
  2. In the replace box, enterย https://www.yourdomain.com
  3. Select all tables
  4. Check dry run
  5. Run Search/Replace
  6. Check to see there are no errors
  7. Then uncheck dry run
  8. Run Search/Replace

This will search all the URLs using your http version and replace them with your https version.

6. Final check for old URLs and errors

At this point, your site should display the green lock on all pages.

https green lock

However, in some cases your SSL will be installed correctly but the green lock will not show.

This is because there are some remaining files or plugins which are still referencing http URLs. This issue is commonly referred to as a ‘Mixed Content Error’.

You can find these by visiting your website and using the inspect tool:

https errors

  1. Load your website and right click anywhere on the page
  2. choose the ‘inspect’ option
  3. Once that is open, click ‘console’
  4. See the errors listed

If you find any errors at this point, you will need to diagnose and fix these manually.

  • For images, it is likely that you will need to find the offending image and replace it either by deleting and uploading it again or changing the URL.

Conclusion

Thankfully, changing a site to HTTPS will only need to be done once. While it does take an investment of time and careful planning, it is relatively straight forward and will bring your site into line with what is becoming standard practice for website security.

Leave a Comment