HTTPS for WordPress With a Click
A month ago we made the first step to increase the adoption rate of SSL certificates amongst our customers by starting to issue automatically Let’s Encrypt certificates for all domains hosted on our servers. However, there still remained a manual step to configure all applications to use the certificates we’ve made available. We knew that if we really wanted to see a rise in the HTTPS usage we not only needed to provide the SSLs, but also make it easy for our clients to implement them. Today we are happy to announce that we have achieved this second goal for a large group of our customers — the WordPress users.
What does it normally take to make a WP site run via HTTPS properly?
In order to make your WordPress site run over HTTPS you typically have to do several things: install an SSL on your hosting account, add some lines to your .htaccess file to force the SSL usage and then identify and fix mixed content issues.
What does it take now to make a WP site run HTTPS properly on SiteGround?
The answer is no additional actions needed for newly installed WordPress applications and a single click for already active sites.
New WordPress installs already run via HTTPS out of the box.
All new WordPress installations completed on our servers via Softaculous or via our setup Wizard now use the automatically installed Let’s Encrypt SSL and run through HTTPS by default.
Existing WordPress installs can be switched to HTTPS with a single click
This magical “Force HTTPS” click can be made in our freshly extended WordPress plugin. It was formerly known as SG CachePress and was used to configure our in-house WordPress cache system – the SuperCacher. However, the plugin is now called SiteGround Optimizer and includes the option to force HTTPS on your WordPress application. Switching it on will automatically configure WordPress to use the already installed by us SSL. It also forces all the traffic to go through an encrypted connection to avoid any possible duplicate content issues you may experience because of having both HTTP and https versions of your site available. Furthermore, you don’t have to manually fix all those resources, you’ve included to your posts, pages, widgets, and even the theme through HTTP, as the plugin will automatically detect and fix them.
So, WordPress users, wait no more! Make your site HTTPS ready now! If you already have SG CachePress installed, just update it to the new extended version through your WP-admin and click the HTTPS force button. Otherwise, you can download the plugin from this link.
What’s next?
This is not our last step toward making HTTPS universally used. We are already working on an easy switch on server level that will work for any site hosted on our servers. Stay tuned.
Comments ( 266 )
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
kenny
HI Hristo, saw the plugin update... read the blurb about force to https. This article isn't 100% clear about what situation is re cloudflare which has been set up for https with lets encrypt and regards sites that already have code in htaccess for https. Will the plugin detect this, i.e. we can click force to https or will this cause problems if already https?
Hristo Pandjarov Siteground Team
The plugin does not change the way your site works with CloudFlare. We're still working on making it easy and possible to use Let's Encrypt and other certificates with their service through cPanel and I really hope that this will be fixed very, very soon. However, if you're using the free CF plan, don't enable the https force tool yet.
Brian Prows
It's absolutely critical to find a Siteground solution to the CloudFlare configuration. I know you folks are working on it, but remember that anyone can sign up with a free CloudFlare account and get an encrypted website. Currently, I have one paid CloudFlare account via SiteGround and one free CloudFlare connection on another site. With Google's pressure to encrypt websites, it's critical that SiteGround through its CloudFlare partnership find an easy answer to this issue.
Hristo Pandjarov Siteground Team
It will be available shortly and we're making the process as smooth as possible.
Brian Prows
I'm not quite certain why I got another email about this January post on March 15th. I'm now working on the newly announced SSL integration with CloudFlare. However, one other recommendation regarding Google's Search Console comes to mind. When you change your website or blog from HTTP to HTTPS, you need to add the HTTPS domain URL to Search Console. Otherwise, Google won't index your site's URL's properly. Go to: https://www.google.com/webmasters/tools/home?hl=en&authuser=1 You'll also want to check for any crawl errors within Search Console (Google Webmasters). If you use WordPress and have the premium version of the Yoast SEO plugin, you can re-direct any bad 404 URL's to the correct page or post
Hristo Pandjarov Siteground Team
There's a warning in the SG Optimizer plugin reminding you to edit your Google and other third-party services you may have that rely on your full site url.
Mac
Hi, I use siteground as my website hosting and had been used the SG Optimizer to enable the https. Will I lose my https setup on my website if I want to deactivate SG OptimIzer in future? Thanks
Hristo Pandjarov Siteground Team
No, it will continue to work just fine.
Diane M Cook-Tench
What does this mean for regular people with businesses hosted on your site? What are the benefits? This is totally over my head and doesn't give me a clue about why I should want to do this.
Hristo Pandjarov Siteground Team
I should improve your visitors trust in your site, possibly make it a bit faster and improve your rankings in Google.
Dan
HI, I've installed SSL through 'Let's encrypt', does that mean I don't have to click the 'force https' button on the plugin? The plug-in currently says: Warning: It seems you’ve been using another plugin or manually configured your WordPress application to work over HTTPS. Please, disable all SSL forcing plugins and remove all .htaccess rules regarding SSL before you enable the option in order to avoid potential issues Thanks, Dan.
Hristo Pandjarov Siteground Team
The plugin checks if you have already tried to enable https on your site. Check if you don't have any other plugin or .htaccess rule forcing HTTPS and you can then safely set Force HTTPS to ON.
Paul Coughlin
This is fantastic news! Great work, and thanks.
Matt
I am showing errors on the front end if .htaccess is not writable. It works fine if I leave .htaccess writable. Is it just me? Warning: session_start(): Cannot send session cache limiter. Warning: file_get_contents(): Filename cannot be empty
Hristo Pandjarov Siteground Team
Please, update to version 3.0.4, the issue is fixed in it.
Dan
Thanks for your reply Hristo. Dan.
Jean-Francois Arseneault
Hi Hristo, The article seems to imply that the plugin will ensure "no mixed content warnings" appear. Ok, is this handled in-memory, or does the plugin actually perform a search/rewrite in the database, as well as handle serialized content so we don't lose widget placement? If the content of the DB doesn't get rewritten for HTTPS, doesn't that mean there will be a performance penalty incurred on that site? I'm thinking specifically of large WP sites or WooCommerce installs, where there may be thousands of products/URLs.
Hristo Pandjarov Siteground Team
The plugin rewrites links on the fly without making any DB modifications. It uses regex for that so the performance effect is minimal. Acutally none if you enable the dynamic caching too :)
Brian
Fantastic plugin - I upgraded a site tonight and it took about 2 seconds. Thank you so much for this post! I wanted to ask - if I have W3 Total Cache, is there any chance it will conflict with SG Optimizer?
Hristo Pandjarov Siteground Team
W3TC has a lot of functionality and some of it can double what we're providing on a server level. If you have the Dynamic caching of SuperCacher enabled and working, I would disable all caching options from W3TC since our system is much faster. Rather than that, there should be no conflicts.
Justin Harcrow
So Lets Encryps is installed, plugin is installed. I can get to my site via https but in the plugin I get the error: Warning: You don’t have a certificate issued for https://www.website.com. Please, install an SSL certificate before you force a HTTPS connection. Check out this tutorial for more information on that matter.
Hristo Pandjarov Siteground Team
Please, update to the latest version - 3.0.3 and check again. If the issue persists, check whether you have some custom .htaccess rules that may block the plugin from checking your certificate.
Justin Harcrow
We have 3.0.4 installed. Must be something with W3 Total Cache.
Hristo Pandjarov Siteground Team
Please, check if you have any restrictive .htaccess rules or other security plugins that may block our check.
Steven Hambleton
I just signed up for Wordpress hosting (GoGeek) and the onboarding for activating the Wildcard SSL certificate was missing! I figured it out but it would be good if this step was included in the 'Getting Started' guide or even automatically activated.
Hristo Pandjarov Siteground Team
Thanks for pointing this out to us, documentation will be updated as soon as possible!
Rick Gregory
Note that social share counts will get reset when you move to HTTPS so if those are important to your site it's something you'll need to address.
Hristo Pandjarov Siteground Team
Yes, third party services may need some readjusting/reconfiguring. A warning will be added in the upcoming minor updates.
Nyssa
I had to use a separate plugin for this, but now I get to turn it off. One less plugin! :D
Hristo Pandjarov Siteground Team
Glad it all worked well for you!
ThompsonPaul
"...to avoid any possible duplicate content issues you may experience because of having both http and https versions of your site available." Funny, you completely dismissed this as an issue several weeks ago when it was pointed out to you as a major potential SEO issue with installing SSL certs on all sites without approval/preparation. The plugin's a great addition, but documentation needs to be updated to warn users to disable the SSL certs unless they are prepared to go fully SSL, otherwise their SEO will be seriously jeopardised.
Hristo Pandjarov Siteground Team
It's a potential issue that has been taken into consideration but it's really not a critical one since there shouldn't be links to the https version from the same domain. Of course, we always try to follow best practices and make it easy for our customers to follow them too.
Brian Prows
I needed to go into Google Webmasters (Search console) and add my site's new URL as "https://www.example.com" Otherwise in Google Analytics you'll see 0 data for HTTP. You don't need to re-verify ownership of the encrypted version of your website, but make sure your sitemap now displays https URL's (Yoast SEO will do this once the https is added under the general WordPress settings).
Hristo Pandjarov Siteground Team
Yes, that's why we've added a warning to update all third party services like Search Console, Analytics and so on :)
Simon
Erm... it looks like my comment has been deleted? My comment that this plugin took my site offline with a 'too many redirects' error. Well, after renaming the sg-cachepress directory, deleting the key from SQL, disabling cloudflare, eventually I got my site working again, and on HTTPS. Though thinking about my SEO, and given the site appeared much slower, I decided to back to HTTP. That took another 20 minutes of nightmares and site being offline and behaving erratically. I think more caution needs to be placed around enabling HTTPS..
Hristo Pandjarov Siteground Team
No, it was simply awayting approval. Anyway, I will answer to this one. If you have existing rules that force HTTP you may get into a redirection loop. That's because the plugin adds rules to force all traffic through HTTPS. As to CloudFlare, we're currently working on making our integration work with your personal certificate (LE or other). As to speed, your site should not be slower running through https. Actually, it should be faster because you benefit from all HTTP2 improvements that way. If you want, I can look into it, mail me at hristo.p at siteground.com and I will review it :)
Carlos
I'm having the same issue, but i'm not seeing a HTTP force in my htaccess.
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk and our support team will assist you further!
Simon
Apologies - I can see my comment has re-appeared now. Great idea adding this to the plugin, though I wonder how many people face issues enabling HTTPS like me.
Simon
Will do, thank you Hristo :) Support at siteground is fantastic.
Phil C
Really great to see SiteGround push forward with WordPress plugins/features like this. Keep it up!
Jay Collier
Simple question. I've activated SG Optimizer network-wide on my WP instance. However, where do the options appear? I've looked a number of places with no luck.
Hristo Pandjarov Siteground Team
The new functionality doesn't work for Multisite yet. We're working on an update that will properly support all the features MS users need.
Falk
Hi Hristo, any "update on the update" which will allow WP MULTI-SITES to switch to HTTPS easily this way? Would be great, since paying customers of ours are now getting warning messages from for example FIREFOX, when they log into our site to access their digital products - since it's still not HTTPS - and when they enter their PASSWORD, Firefox shows them the following message: "This connection is not secure. Logins entered here could be compromised." Which obviously is an issue, and some customers are now sending me messages about "not taking their privacy seriously"... :( Thanks! Falk
Hristo Pandjarov Siteground Team
We're still discussing how to approach this because MS can be set in different ways and certificates depend on the domain name you're using. We will definitelly have a post when there's any development on that matter.
Andy
I'm definitely interested in this update for multisite as well. The main reason my company moved to Siteground was for better multisite performance, so this would be much appreciated.
Falk
Hi Hristo, any "update on the update" re WP MULTI-SITES to switch to HTTPS easily this way? Thanks!
Hristo Pandjarov Siteground Team
That update is in its final stage and should be released very, very soon!
Eric
"Force HTTPS" is grayed out. I can't activate https. It seams everything is right configured. Any ideas why this option is grayed out?
Hristo Pandjarov Siteground Team
There are number of reasons why it may be grayed out and there's a warning message under in each case. If that doesn't give you the answer, please contact our support team via the Help Desk to get further assistance!
Johan
I already had configured https on my site via a RewriteRule in .htaccess . HTTPS currently is working OK on my site for some time now. Is there an advantage in using the plugin's "Force HTTPS" instead of my existing configuration? Or is just better to leave my configuration as it is now?
Hristo Pandjarov Siteground Team
If your traffic is already forced throught https and you don't have any mixed content issues, you don't need to use our implementation, just leave it to off. It's the same, the implementation we made is for convenience, but the same result can be achieved manually.
Martin Carrion
How about Joomla sites? any plugin for Joomla?
Hristo Pandjarov Siteground Team
We're working on a tool that will make it really easy to switch completely over HTTPS no matter what application you use.
Ouec Admins
You guys are amazing!
Stefanie Hakulin
That is great. Sounds easy to do. After doing this, have I still to make a redirektion, or does this go automatic? Many of my reader come from social travic. Sorry for my bad English.
Hristo Pandjarov Siteground Team
The plugin will make the redirection for you, all you need to do is update your Google Analytics, search console and other third party tools you may use.
Daniele
what's the procedure to update GSConsole? I only see stats on my http://www version. None on http://site and https://www and https://site I add the new identity but what then? https://postimg.org/image/k94a1t0b7/
Hristo Pandjarov Siteground Team
Google Search Console doesn't support changing the protocol part of the URL. They only support changing the domain name. Simply add a new property using https and it should start showing data correctly.
BERNICIA OLUWAGBEMIRO
HI, Please what do I do. I installed the S G OPTIMISER in my website and then, my website went off. It's neary 24 hours and the website cannot open.I was told it may be server configuration . So what do I do? I can't even log in to the admin area either. Please help Thanks.
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk, my colleagues will look into it and assist you further.
marke
Not sure what to be on the lookout for with third party plugins once https is activated.
Hristo Pandjarov Siteground Team
Just deactivate any plugins that force SSL, everything else should be fine.
Dainius
Do you recommend SG Optimizer "force https" , really simple ssl (paid version) or both plugins?? Im really afraid do have a double content with google and trash my rankings - please advice - im also planning to get a Cloudflare + (paid version) - really need your advice on what steps should be taken first to avoid a disaster while moving to ssl ! Thank you so much
Hristo Pandjarov Siteground Team
The SG Optimizer should be enough. We add a 301 redirect, so duplicate content should be of no concern. As to CloudFlare, I would recommend you to wait for approximatelly a week. We will hopefully be able to lunch our updated CF integration that will work out of the box with an encrypted site.
John Cope
Great article Hristo and you should be congratulated on the way that you have addressed all the questions. I too was concerned about how this would work with Cloudflare and see that you answered that. It’s a shame I can’t take advantage of the update on most of my sites until that is addressed.
Hristo Pandjarov Siteground Team
We're doing our best to have this fixed asap! I understand it's not optimal but it takes some development time to fix the tool and the integration.
Leonardo
Hello HRISTO, I switched my first site in https (usatotrinauto.it), I always have to add a few lines in my .htacces?
Hristo Pandjarov Siteground Team
You shouldn't actually, the plugin adds them for you.
Peter
Only today I noticed that some of the sites that I hosted on Siteground USA and Siteground EU are deindexed by google on their http version. I never moved that sites to https but now, thanks to Siteground update, Google has indexed the https version as well deindexed the http version, the one I use all around, on the backlinks, etc. This in the end I think will cause me more troubles then benefits. Some of these websites are pbn I use to rank other sites, sites that now get links from deindexed urls. Also, some sites have the 2 version (http and https) indexed, so their content now results duplicate. Not good at all!
Hristo Pandjarov Siteground Team
I'd recommend that you always force one of the versions with an .htaccess file in order to avoid potential duplicate content issues with Google or indexing problems. Although it should take into consideration your setting in the Admin Console (http or https), they still haven't perfected their algorytm to properly detect all cases all the time in this regard.
Peter
But i never changed my htaccess files before, I'm getting this new problem only recently, and, among hundreds of websites I host on several hostings (HawkHost, Just Host, 1&1, Servage, HostGator, Site, ground US, Siteground EU, TrafficPlanet, Aruba), I see this http-deindexing only in the sites hosted on Siteground. On my opinion the new plugin update has affected in some way the preference that now Google is having about my sites
Hristo Pandjarov Siteground Team
The plugin solves such issues, it doesn't create them. You have two versions indexed because we automatically install certificates for all new domains that come with us and somewhere you have linked to a https version of the page which then Google has crawled.
Matteo Rubboli
Hi Hristo, I Activated the Encrypt, I installed the plugin but it always show me this error: Warning: You don’t have a certificate issued for https://www.vanillamagazine.it. Please, install an SSL certificate before you force a HTTPS connection. Check out this tutorial for more information on that matter. I Deactivated all the plugins, I've not an HTCACCESS with strange rules... Have you any idea?
Hristo Pandjarov Siteground Team
Please, open a ticket in your Help Desk, our support team will investigate your particular case and help you out :)
Dainius
Hello Hristo! I recently wrote you : "Do you recommend SG Optimizer "force https" , really simple ssl (paid version) or both plugins?? Im really afraid do have a double content with google and trash my rankings - please advice - im also planning to get a Cloudflare + (paid version) - really need your advice on what steps should be taken first to avoid a disaster while moving to ssl ! " A little too late i have noticed that you advice me to wait a week for cloudflare plus integration - so i went ahead and enabled it - my site loads fast (rocket loader - on ) but im having seriuos issues with google - i tried to do a google mobile friendly test - and now i get 25 blocked resources and a message that my site is not mobile friendly - which it is and it was - my layer slider is also not loading on safari / desktop - hope you can help me. https://search.google.com/search-console/mobile-friendly - mobile friendly test www.cyclecentralpark.com - my website Thank you so much - you can contact me in private if you like
Hristo Pandjarov Siteground Team
The issues you're experiencing have nothing to do with the SG Optimizer latest update or your HTTPS configuration. The problem is caused by the following lines in your robots.txt file which block the access of the Google bot to scripts and css files handling your mobile version: Disallow: /wp-includes/ Disallow: /wp-content/themes/enfold/ Please, remove them and you will see way better mobile-friendly results :)
Vane
Hi, how about WP sites also using iThemes Security plugin, forcing both front and backend to use HTTPS? Is there any known conflict, a specific settings required in either SG Optimizer or iThemes Sec? Thanks
Hristo Pandjarov Siteground Team
We don't have any reported conflict. It just doesn't make sense to do the same thing from two different plugins. If you've already configured your site to use https and forced all the traffic through https, leave the option in the SG Optimizer to off.
Vane
Pls. note setting iThemes Security to require full, front- and backend access via HTTPS was not enough for the sites to work properly ( I had mixed content warning, yellow lock in FF ), I also had to force usage SSL in SG Optimizer!
Roy
With this plugin, do we still need to change the Wordpress and Site URL in Wordpress settings?
Hristo Pandjarov Siteground Team
No, it will do it for you :)
Roy
Thanks, right now I have Cloudflare with their dedicated (not shared) certificate in "Full" mode and have not enabled the SG Optimizer. Should I wait til next week, when you folks have an update on the Cloudflare integration, or is it ok to proceed with the SG Optimizer now with Cloudflare "Full"? Thanks
Hristo Pandjarov Siteground Team
You can set it to full and activate it right away :)
Roy
Wow, thanks for the prompt replies! Great service.
Michael
This is amazing guys. Just finished the whole process in 5 minutes. It's so simple to redirect everything to HTTPS now: https://foxymonkey.com/ Cheers!
Hristo Pandjarov Siteground Team
Glad it worked without glitches!
Roy
Follow up to that, If we want to go with Cloudflare Full (Strict), vs the Full SSL option you shared above, which then requires a Certificate to be installed on the origin site, and that Certificate can be from Cloudflare or a Trusted Authority. 1. What are the steps with Siteground to do that (install the Certificate) for the Full (Strict). 2. And do you need to Enable the "Force HTTPS" in the SG Optimizer for Full (Strict).
Hristo Pandjarov Siteground Team
Right now you have to manually configure your CloudFlare CDN from their admin panel. Once you set that, just force the connection through https. Hopefully, shortly this will be doable directly from cPanel.
Roy
Ok, will just go with the Full for now.
Keith
Does this plugin for also with third party SSL certs - Im currently waiting on one to validate on my domain
Hristo Pandjarov Siteground Team
Yes, it will work just fine with any properly installed certificate on your account.
Praney Thapa
Does migrating to HTTPS really helps in boosting your website rankings in SERP's.
Hristo Pandjarov Siteground Team
Going HTTPS should have a positive effect on your rankings.
Mark
In the short term it's very possible it will hurt your rankings. I tried it a few months ago (not a siteground install) and lost my rankings and I lost in the high hundreds of dollars a day in Adsense. Within a week I reverted it all back, which was also a risky move. After a couple weeks I was back to normal. I won't be going https for quite a while, until I really know what the outcome will be. Too expensive. Also, my understanding is that staying http will not hurt your rankings if you don't have ecommerce, or are otherwise collecting sensitive information.
Hristo Pandjarov Siteground Team
If done correctly, the migration from http to https may have a negative effect on your traffic for less than a day. After that everything should be back to normal and ranking even better. As to commerce sites, they should ALL have a certificate without exception.
Gary Wicks
My rankings are dropping but my impressions are going up in Google, so more impressions but farther down in rank. Impressions are now increasing in https and decreasing in http But google is still showing http pages which rank lets say 9th and the https new setting is ranking 110 for the same page. I was told that they my sites were set to https, but I was not told to redirect this button you talk about. That is not very good? Or is it? Maybe I do not have to toggle the button because you forced my sites manually to https what ever that entailed? I am getting mixed messages from support now you say to get cloudfare plus? I do not care about cloudfare plus until I figure out if the config is proper and google is not going to hammer me. Is it working in google because impressions are dropping in http pages but increasing in https and the ranking decline is a natural reaction because I read in google developers that essentially google bot reads it as a new site now. SO is my site set up properly and now I have to wait for rankings to come back? or do I toggle this switch? getting confused here now. Especially since support says now that cloudfare will be affected? So what do I do, toggle not toggle or toggle and get rid of cloudfare what?
Hristo Pandjarov Siteground Team
Having an SSL certificate properly configured is just one of the thousands criteria Google uses to rank your site. I would recommend that you force all your traffic through HTTPS since that's the best practice. Of course, there are always other elements affecting your rankings. As to CloudFlare, I answered in your other comment.
Gary Wicks
Right now I have free cloudfare Siteground set my sites to https I was not told to toggle the switch Now I am told to toggle the switch but should get paid cloudfare My questions are can I just leave the free cloudfare and toggle the switch for now? Will I have problems? Are you setting up the https to work with the free cloudfare? Do I need to get paid cloudfare before toggling and thentoggle and then switch back to free cloudfare after you make the two compatible? AM I getting hammered by google right now? Waiting for the right answers here?
Hristo Pandjarov Siteground Team
You can use the free CloudFlare version and have your site using https. You just need to manually set your Crypto settings to Full and then force your traffic through HTTPS. We're currently working on making that process seamless by using our cPanel tool and it should be ready soon. Meanwhile, you can do it manually.
Gary Wicks
Ok sorry you just answered that I see, yes it will work now by setting the settings to full which I did at the cloudfare site a few weeks ago. I wonder why the support did not tell me to togle the switch then too? I would have been done with this as everything was correct except for this toggle swithch. Ok then why is support suggesting I should get paid cloudfare then? If the free version can be configured by the setting of Full in the cloudfare site which I did?
Hristo Pandjarov Siteground Team
There are multiple ways to configure your website to use a CDN like CloudFlare through a regular unsecure connection and through HTTPS. There is no one right way to do this since different customers have different workflows and eventually structures of their website that they want to achieve. The switch just fores all your WordPress links to HTTPS. You can use it without a CDN account at all. Now, if you want to use CloudFlare, things become a bit more difficult since there are two connections that you need to take care of - between the SG server and the CDN server and between the end points and your visitors, thus the different configuration options. That configuration can be a bit confusing and it's not straight forward at all. That's why we're working on updating our systems, so we can make that process seamless for our customers. We've made this possible during the weekend and hopefully by the end of this week everyone should be able to use their SSL certificate with CloudFlare with a click.
Gary Wicks
Ok Now I'm confused now, how do I know if my sites are set up properly or not? I did the cloudfare manual switch to force FULL a few weeks ago this stopped the looping and brought my sites back online which had completely disappeared. But was fixed quickly by support. Then I put the new version into google console and switched to https://www preferred version Now I toggled this switch a couple days ago, but sad that support did not tell me to do this. Now its toggled. Am I done? Or not? Will I have to do something else now? This statement you made is confusing and alarming to me now. "Now, if you want to use CloudFlare, things become a bit more difficult since there are two connections that you need to take care of - between the SG server and the CDN server and between the end points and your visitors, thus the different configuration options." Where am I right now? In Limbo? No one told me about what you said above. No one told me to toggle this switch. My sites have pages that used to rank 7 8th and 9th which is 1st and second page of google and now down to 10th and 12 pages deep in no where land. So you see my concern, I need to know plain and simple if I am set up and running properly now So I can move on with confidence that my rankings will come back and there is something else you haven't told me yet going on. I need assurance that I am done and ready to pick up the pieces now.
Hristo Pandjarov Siteground Team
You're not in a limbo. Just configure your site to go through HTTPS by enabling the Force HTTPS option in WordPress. Then, set CloudFlare to flexible or full mode. That's all. Check out this page for additional information about the difference between the different options you have on CloudFlare: https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-
Glen
For WP sites that are not currently https, will the switch also alter the database to make all http associated with the domain to be https? If not, on our end wouldn't that be the best thing to do? I.e. once we make the switch, change the database to reflect https throughout the website?
Hristo Pandjarov Siteground Team
The only database modification the switch does is changing the siteurl and home url options. The insecure content fixer works by dynamically rewriting the http urls to https. If you can configure your site manually, that would be the best thing of course. You can use a plugin like this one: https://wordpress.org/plugins/better-search-replace/ to change all http://yoursite.com strings to https://yoursite.com in your database and then add the appropriate rules in the .htaccess file to force all requests through https.
Michael G
Hello - I recently configured my Wordpress site to use https manually following your instructions from a month or two ago. The site works fine using https after I fixed the various links I had that were using http. So it sounds like I do not need to install SG Optimizer, is that correct? Also, when I am in the Wordpress Dahboard and I click on the "Visit Site" link in the upper left hand corner the page loads under http instead of https. Is there a way to correct that so that it always loads under https? Thanks!
Hristo Pandjarov Siteground Team
The SG Optimizer plugin takes care of your SuperCacher too, so if you're using it, you still need it. As to your other question, if you have manually configured WordPress to work through https and forced all the traffic through https with an .htaccess rule, you don't need to enable the feature. Simply leave ot to Off. As to the incorrect link, go to Settings - General and look at the home url and site url values making sure they're both https.
Patrick
Any idea on how this would interact with Sucuri's CloudProxy?
Hristo Pandjarov Siteground Team
If you're using Sucuri's CloudProxy, they install a LE certificate by default so your site will work just fine after you reconfigure it to work through HTTPS. However, take a look at your SSL settings in their panel and set SSL Mode to Full.
George
Hi.I have Sucuri's Basic plan. Now their CloudProxy is not working after I did the force https from your plugin. Sucuri support said this,I don't really understand what they want: I also noticed that your domain has a valid SSL certificate: https://www.sslshopper.com/ssl-checker.html#hostname=clarvazatoareamarinescu.com. CloudProxy also issues a SSL certificate for your domain, however on the Basic plan is not possible to configure the SSL before update the DNS records. In this case, you have the following options: * Do nothing and wait CloudProxy to issue the new SSL certificate, website will be unreachable for some time * Disable the SSL redirection for your domain and only enable it once CloudProxy issue the new SSL certificate * Upgrade your plant to Professional which allows to configure the SSL certificate before update the DNS records What's the difference between LE ssl free certificate and the force https from your plugin? What should I do with Sucuri beacause my firewall doesn't work.
Hristo Pandjarov Siteground Team
They need some propagation time to update their records. Usually it's a good idea to open a support ticket to your CDN provider before you make the switch to HTTPS just so you're aware of such issues.
Vojkan
I installed plugin and turned on "Force HTTPS" and now i can not open my own website, i can not even access wp admin page. How i can get rid of it? I tried to delete plugin with FilaZilla but still problem is there, now i returned it back. This is a message what i receive when i try to access website or wp admin panel: The page isn’t redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies.
Vojkan
Ok, i fixed it, i set in cloud flare from flexible to full mode. In a moment i was so worried.
Hristo Pandjarov Siteground Team
Glad to hear you had that solved :)
Joe
"This magical “Force HTTPS” click can be made in our freshly extended WordPress plugin. " I used this yesterday and it truly was magical! Very easy and painless. I'll be applying it to more sites. @Hristo - one thing I'd like to get more information on. You stated: "By starting to issue automatically Let's Encrypt certificates for all domains hosted on our servers. However, there still remained a manual step to configure all applications to use the certificates we've made available." I ran into an interesting problem though, and SG support was helpful but I feel the issue was not fully resolved. The issue is that my site greenflagdigital.com was shown as HTTPS and indexed as HTTPS before I made any changes. 1. Before you automatically issued Let's Encrypt on all servers, I didn't take any manual action to make my site HTTPS 2. I noticed in January the HTTPS version of my site start to appear 3. Both versions of my site were indexing (not ideal) - HTTP and HTTPS - as verified by Screaming Frog SEO spider. And they were not 301'ing to each other 4. HTTPS was forced on Chrome, but not Safari. Not sure if there is something that Chrome was picking up that Safari wasn't from the server. Not sure if that's possible. 5. For my smaller site, the issue isn't severe, but larger sites that could have huge problems with their URLs indexing as both HTTP and HTTPS should take a closer look and beware 6. I think SiteGround should take a deep look at the indexing and SEO ramifications of adding SSL by default and cross-checking this on Chrome vs Safari and Google indexing vs Bing and others. For huge sites, could be a problem. A full technical and written public report on problems or no problems would go a long way. Love SiteGround and their support of SSL - it makes the web better. But a few of these issues should be addressed!
Hristo Pandjarov Siteground Team
Thank you for reporting your case. The appearance of duplicated content is exactly the issue we are addressing with the launch of the HTTPS force option in our WordPress plugin. Although we have very few reported cases in which both http and https versions of website were indexed after the issuance of the certificates, we are taking steps to further minimize the possibility of this to happen. The WordPress plugin is just the first action.
Mary Ličanin
...and this is why I love you, SiteGround! You guys are the best hosting company I have *EVER* worked with, and I've been doing this for almost 15 years. Stay awesome!!!
Philip
OK, so seemed like a good idea. I installed and activated this plugin. Found the https switch and turned it on. Went to check my website and all my photos (hundreds of them all hosted on Smug Mug which is completely https) were no longer displayed. Switched it back off and now everything is fine again. A total waste of time.
Hristo Pandjarov Siteground Team
If you want, I can take a look into it, you've probably hit some edge case scenario that I would love to troubleshoot. Just give me your domain name and I will have it working in no time :)
Terri Horsmann
Installed SG Optimizer but it didn't work for my WP site. It 'crashed' the layout so that all page headers weren't displaying, changed some content layout, and bits of text content were converted to hyperlinks. Interesting! Had to delete the plug-in for my site layout to display properly. Wondering if this could possibly be a theme issue? I use GeneratePress theme. All PlugIns, theme, and WP were updated prior to installing SG Optimizer and flipping the https switch. Guess I'll have to wait until the server level change is made and hope all is cohesive. Thanks!
Hristo Pandjarov Siteground Team
Could you give me your domain name so I take a look into it? It's probably some edge case or certain rule in the .htaccess file that misbehaves.
Chris
I'm in the exact same situations. Siteground support manually switched website dazzlingphotobooth.com to https. That broke my header/links menu/hyperlinks. If I disable w3tc plugin (which give me fast loading as I have lots of images/slideshows, and 91% faster loading over all tested website, website works again BUT then my pingdom score is way lower and 71% slower. I have not much checked in w3tc plugin to be on but somehow https is breaking/conflicting with a plugin that is Very Very helpful and spent a month getting it right and great with my picture loaded website. Been dealing with support all yesterday but that just confirm what I already know that it is w3tc and they said to just disable it. NO No No. That is not a solution to me and all the hard work getting my site fast for clients. Would LOVE your help Hristo!! Thanks in advance!!!! Chris
Chris
Fixed it....:-) It was MaxCDN and needed to enable SSL on my Pull Zones (under manger tab), then click on the green enabled dot and the new link with ssl included to copy that link and paste into w3tc plugin in the CDN area and replace the older link. It worked immediately! Yeah!!
Hristo Pandjarov Siteground Team
Glad you fixed it!
John Dobbyns
I toggled the switch in SG Optimizer "force https" and all the images stopped displaying on my Wordpress site. had to switch it off to see the images.
Hristo Pandjarov Siteground Team
Are you using a CDN? If you give me your domain name I can take a look what went wrong and get back to you :)
David
Can this be trialled and tested on a staging site first?
Hristo Pandjarov Siteground Team
Yes, it's actually recommended to do it this way in order to avoid any issues with your live site :)
Mark
Just to make sure I understand on this: I have a staging site at http://staging11.domain.com. I should be able to throw the "Force HTTPS" switch on the staging site and test to make sure all is OK there. Then, I would simply stage that site to my live site (http://domain.com) via the cPanel and, from there, assume that all will be OK on the live site. Am I missing anything? This seems almost too simple 8-)
Hristo Pandjarov Siteground Team
It is that simple :)
Richard
Maybe I am asking this because I don't know too much about this tech stuff. However, is this going to be paid for?
Hristo Pandjarov Siteground Team
No, it's a free service :)
Angelo
Nice feature! Just wondering one thing; Three days ago I renewed an existing SSL certificate for a domain that I have. That costed me around $80,- Now I see that I can get SSL for free on all domains in my hostingpackage. What should I do? Now I get the same result (even more), but it costed me 80,- Do you have any suggestions? Thanks!
Hristo Pandjarov Siteground Team
The paid certificate has its benefits. It's wildcard for example. I would recommend you to contact us via the live chat once the certificate reaches expiration date to have it replaced with a free one if you want.
chris
Hi I am still unsure about taking the plunge as I am afraid that switching to the HTTPS version would make me lose my current rankings as Google would see the https version as a totally new website. Is that correct? Thanks hristo for the great help here :) cheers chris
Hristo Pandjarov Siteground Team
Go for it :) If something breaks, you can always contact our tech team!
Malcolm Ruthven
When I try to go to https sites using Firefox, I often/usually get an error message "Secure Connection Failed" and have to "Try again" to get it to work. I don't want that to happen to my site visitors.
Hristo Pandjarov Siteground Team
I would recommend clearing all caches you may have. If the issue persists, please post a ticket in your Help Desk and our support team will take a look into it.
C PHILLIPS
Hi, I haven't attempted this yet, but am confusedby an earlier comment you made to someone else: The only database modification the switch does is changing the siteurl and home url options. The insecure content fixer works by dynamically rewriting the http urls to https. If you can configure your site manually, that would be the best thing of course. You can use a plugin like this one: https://wordpress.org/plugins/better-search-replace/ to change all http://yoursite.com strings to https://yoursite.com in your database and then add the appropriate rules in the .htaccess file to force all requests through https. Are you saying that it is better to move to HTTPS manually and not use the plugin?
Hristo Pandjarov Siteground Team
If you can make the configurations yourself, I would always recommend doing it manually - full database replacement of the URLs, 301 redirect in the .htaccess and manual fix of all resources included in your template and plugin files if any. Since we don't want to interfere with your data and possibly cause issues, we rewrite the URLs on the fly and don't do any modifications to your database but the home url and site url options which adds minimal but still existing overhead to the site loading process.
Sebastiaan Beterams
Is it possible to use the SSL-feature in a shared hosting environment / GoGeek account?
Sebastiaan Beterams
So with more then 1 website within the same shared hosting GoGeek account?
Hristo Pandjarov Siteground Team
Yes :)
Hristo Pandjarov Siteground Team
Yes, we use the SNI technology which means that you can get free certificates for each Addon domain you have in your GoGeek or GrowBig accounts.
John O
Maybe it's the Friday morning fog, but nowhere can I see where I get the "Force HTTPS" button, having just manually installed the plug-in. Where do I go to flip the HTTPS bit?
Hristo Pandjarov Siteground Team
It's in the HTTPS Settings sub-page of the plugin :)
grant
sweet, just updated my site, took like 10 seconds.
Jessica
So this plugin provides both caching and it forces https? Isn't there an easier way to automatically have https without needing a specific plugin installed? Will installing this plugin break all of my existing links and social redirects (pins, tweets, etc.)?`
Hristo Pandjarov Siteground Team
We're about to lunch a solution that will force all the traffic through https without any regards to the application you're using. The best way is always to have your site manually configured and working only via https though since everything adds minimal but still existing overhead in the loading process.
Mamdouh
Does switching my sites to https affect my Google indexing or ranking in any way? And do I need to take any steps if I plan to do the switch regarding SEO and Google ranking? Many thanks, Mamdouh
Hristo Pandjarov Siteground Team
Going HTTPS should improve your Google rankings since it's one of the best practice recommendations by Google. However, make sure you update your site URL in your Google Analytics property to get the correct data.
Mamdouh
Thank you for your follow-up. I did that and things seems to be working nicely now with the HTTPS, except for one thing which is the Social counters have all been reset to Zero. Is that supposed to happen or is there a way to fix that and be able to regain my previous social sharing stats? Many thanks.
Hristo Pandjarov Siteground Team
Please, check the configuration of all social plugins you have and update them to go through https, that should do the trick.
Peter
When I activated SG CachePress, it told me my "site is not cached! Make sure the Dynamic Cache is enabled in the SuperCacher tool in cPanel." The problem is, I have a Startup plan and I can't therefore enable that option. I then left unchecked the Dynamic Cache, AutoFDlush, and Memcached option in SG CachePress, and reactivated my caching plugin (WP Fastest Cache). In any case, my site's loading time went from 2.5 secs to 5 and more. What can I do? Shouldn't you have told beforehand that your SG CachePress requires the activation of an option I can activate only upgrading my present plan?
Hristo Pandjarov Siteground Team
The Dynamic Caching option is available on the GrowBig and above accounts. If you don't want to ugprade to a higher plan, you can try using caching plugins like WP Super Cache for example.
David Salahi
Thanks for this! It couldn't be easier!
Tom Nevesely
Hello, I followed the information above to enable HTTPS and now I can't access my website at all. Instead, I get a "The page isn’t redirecting properly" error message. What can I do now? My site is www.tnphoto.ca
Tom Nevesely
Ok, I got it fixed the same way Vojkan mentioned above.
Hristo Pandjarov Siteground Team
Glad it worked for you :)
roger
I am a techie Virgin and understand about 50% of the comments, I was http then changed to http so the ssl certificate's I bought from go daddy when they hosted my sires would show the green padlock, I then ran into redirect and speed loading problems, I switched hosting to siteground which helped the loading speed, but still had 404 problems and could not get indexed on se even though the sites have been up for six months,
Hristo Pandjarov Siteground Team
If you give me your domain name I can take a look at the site and make sure it's configured properly :)
John Anderson
I had Siteground help me with making two of my sites https. I can navigate to both sites with that in the url and the siteground rep said I"m good. However if I use the plugin SG Optimizer it shows the following Warning: You don’t have a certificate issued for https://consultantbookkeeper.com. Please, install an SSL certificate before you force a HTTPS connection. And "Force HTTPS" is grayed out. Should I be worried or am I good?
Hristo Pandjarov Siteground Team
There's something preventing our checks from detecting your certificate, please post a ticket in your Help Desk and my colleagues will help you out!
Darren
Worked flawlessly EXCEPT Chrome threw up a non secure resources warning. I had to purge SG cache to get new ssl image links to update and archive full ssl padlock.
Hristo Pandjarov Siteground Team
Yes, all caching you have in place must be cleared when making such change although we're clearing the SiteGround cache, some browsers, incuding Chrome will keep their own for few requests to the same site.
Jodi
I'm using the most updated version of the plugin (3.0.5) but getting the message:"Warning: You don’t have a certificate issued for https://www.flemingagencyonline.com. Please, install an SSL certificate before you force a HTTPS connection." I disabled my security plugin (iThemes) but that didn't help. Before doing that, I also noticed that they have what appears to be a similar functionality. If I try theirs instead, it says "WARNING: Your server does appear to support SSL. Using these features without SSL support on your server or host will cause some or all of your site to become unavailable." Am I missing a step?
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk and my colleagues from the support team will help you out in no time :)
Anne Katzeff
Hi, I have a few questions. (1) I've followed the thread and see that it was recommended we delay switching to HTTPS if we're using the free Cloudflare. When will we know that it's ok to make the switch? (2) What about sites that don't use Cloudflare: can we switch those now to HTTPS? (3) How iIs the certificate installed? thank you
Hristo Pandjarov Siteground Team
Hello, We were in a process of patching our CloudFlare integration. It's now updated and you can safely enable HTTPS on your site and the on the CloudFlare panel without having to upgrade to plus. As to your other question, we install automatically free Let's Encrypt certificates to all our customers. Check out the Let's Encrypt tool in cPanel to see the certificates we've installed.
Anne Katzeff
Hi, A couple more questions :-) ! (1) It looks like a certificate is already installed on my main domain (which uses Cloudflare), but I didn't install it. Did SG install it? How do I know if this is the Let's Encrypt certificate? (2) My subdomain does not use Cloudflare. It looks like a certificate has not been installed yet for that, so should I go ahead and install it? Sorry, there are many technical details involved and I want to be sure I do everything correctly!
Hristo Pandjarov Siteground Team
We install Let's Encrypt certificates automatically for both the www and non-www version of your domains. If I were you, I would first configure the site through HTTPS, make sure it works fine and after I am sure it's all good, enable CloudFlare, switching the SSL options to Full strict.
Vikram
Hi Siteground and Hristo! Great! It just takes few seconds to get a normal website http: into https: I have done for https://ayurvedamentor.net Thanks..
Richard
I installed the SG plugin and forced HTTPS and my site immediately shows https:// but I want to make sure I do not disadvantage myself for search rankings etc. I'm not sure how to find out all the 3rd party services I need to check. I have added 2 new properties - https (with and without www.) to Google Search Console and updated sitemaps and requested indexing in Fetch as Google. Google analytics only seems to show my domain without http or do I have to dig deeper? I will be checking bing and yahoo similarly. My site is only a dozen static pages for a small business. Is there a list somewhere of the other likely 3rd parties I may need to check and all the details I need to update? I can't recall who else I may have incorporated when i first set up my site several years ago.
Hristo Pandjarov Siteground Team
Just fix your Google Analytics profiles, they are the most important in the process. Other services *may* rely on a full URL configuration but if you can't recall any such, this means you're most probably not using them :) Check out this article for more info on how to configure Google Analytics to work through https: https://www.siteground.com/kb/configure-google-analytics-profile-load-site-via-https/
Dan F. Rinaldi
Just installed at https://dfrweb.com everything seems ok. So good, thanks.
Eve
Does the Force HTTPS change external links?
Hristo Pandjarov Siteground Team
It doesn't change links but all the resources the site uses. If you're using external ones, they will be rewritten too.
Adrian
Hi. 1.I "lost" all my social shares,like on all sociale media, I know that likes and shares are bound to a link, but how can I get them back or how I can make the social platforms know that it's the same site. 2.If I use facebook ads and adwords I have to make the changes there also? 3.In analytics and Google search console I have to keep both sites http and https? If I dellete the http site I'll loose all my data I think,no? 4.Can you point me to a list or something with a checklist with thins to change(like analytics,etc)after the https migration? www.clarvazatoareamarinescu.com Thank you.
Hristo Pandjarov Siteground Team
No information should be lost in the process. Please, check your social networking plugins and update their settings. As to your other questions, only in Google Analytics you should update your property setting to work via https. In Google Search Console, you have to re-create the property anew since they don't support updates yet. We're working on a checklist and will publish it soon!
Agata
Hi, I have the same problem! I've lost all my old shares ( from 2016's posts; plugin is updated). They are still visible when I check my website with http. After I passed to https the new shares works well (but are invisible with http). What should I do to see old and new ones with https ? Cheers
Hristo Pandjarov Siteground Team
That behaviour is caused by the way they count likes. Please, check out this article, it should give you some ideas how to fix it: https://www.mightyminnow.com/2014/05/how-to-make-social-media-shares-counts-and-comments-work-across-http-and-https/
Richard
Thanks Hristo I'done that now. Should I delete the http properties from 'search console' once I've added the https versions?
Hristo Pandjarov Siteground Team
Edit the property in Analytics and add a new one in Search Console since they don't support protocol update yet.
Richard
Also do I need to edit backlinks from directory sites etc to reflect the https?
Hristo Pandjarov Siteground Team
It is generally a good idea to do that but the 301 redirect should take care of any links that still point to the http version of the site.
Kim
If I use the sg optimize plugin to force https does this mean I am indebted to sg optimize? Or can I disable it after potential https "rewrite?" I can't use sg optimize for our website caching because I need a cache that Specializes in caching for logged in users and buddypress.
Hristo Pandjarov Siteground Team
In case you're not using the Optimizer plugin for the caching parts, you can safely use a different plugin to fix your insecure items errors if any and do a manual redirect in the .htaccess file. We've built it for convenience so it's easy for everyone to use their site through https but you can always do it manually!
kim
Thank you, but what i am still trying to understand is... Does the plugin do a permanent redirect and rewrite or is it required that the plugin stay enabled and active for these settings to continue to work? In other words if I use this optimizer plugin now and configure https...then in a month I want to deactivate SG optimizer and use a new caching plugin, will I lose the https settings?
Hristo Pandjarov Siteground Team
The plugin does a permanent 301 redirect via lines in the .htaccess file. If you deactivate the plugin, it will not do anything. If you switch off the Force HTTPS button, it will remove its own lines from the .htaccess and reconfigure WordPress back to http.
Sara
Hi, I have wordpress and didn't understand. Can I force this switch to https without a plugin, that means from my cpanel? And from where precisely? Thank you!
Hristo Pandjarov Siteground Team
You don't need to do anything in your cPanel, just enable the HTTPS switch, login again and you should see the green padlock on your site address when you visit it.
Anne Katzeff
Hi there, It looks like my questions were overlooked. Could you please check out my comments above (on Feb. 17) and provide some guidance? thanks very much, Anne
Hristo Pandjarov Siteground Team
Sorry for the late reply, I've answered your comments, it just took a bit more time to answer all the comments that I anticipated :)
Anne Katzeff
Great, Hristo, I see your replies, thank you! I've begun the process for my client sites... :-)
DELLA TEMPLE
Thank you! I'm not a programmer. I'm just a non-profit volunteer acting as webmaster for my non-profit. This was super simple and so easy! Made me feel good to be able to do this in 5 minutes and take the step up to https. Cheers!
Hristo Pandjarov Siteground Team
Glad it worked flawlessly for you!
Tahlia Newland
I'm confused. Why do I have to do this? It also seems that there could be issues like having to change other things eg my http URL to https? Does this mean that all my business cards and my links would be obsolete? I also have the cloud flare free thingy so I'm supposed to wait and then do something else?????? I don't have time to stuff about with my websites. Can I leave them as they are? Would that be a big problem? How is changing this going to help my website?
Hristo Pandjarov Siteground Team
The plugin adds a redirect so your links on your cards will be fine. As to CloudFlare, the patch is already applied so you can configure your site to go https right away. Generally, configuring an SSL certificate with your site should help you rank better, there can be a slight performance boost depending on the site and it will make it more secure to your visitors.
Tahlia Newland
Okay. Thanks. So I just load and activate the plug in, is that all?
Hristo Pandjarov Siteground Team
Activate the plugin, test your site and then set the SSL option in CloudFlare to Full Strict.
Susan Walker
I have just been speaking to one of your collegues here in Spain and what you don't mention here, I think, is that on the Start Up version of hosting, the SG Optimizer is not available. Nor is SSL on the Cpanel free version of Cloudflare. This might not be a problem at all for many of you guys but for me it would have been good to see this mentioned in the blog posts. Otherwise, I really can't fault your articles (except that I don't understand the really technical stuff!!) or your client support which is excellent. Many thanks for these tools you are all working on.
Hristo Pandjarov Siteground Team
There must be some sort of a misunderstanding because we have the free SSL Let's Encrypt tool enabled on all plans including StartUp. It's the same for CloudFlare. The only thing that you don't have access on StartUp is the Dynamic Caching part of the SuperCacher system. However, you can still use the plugin. Please, post a ticket in your Help Desk if you need further assistance or you can't see some of the tools.
Shawn Purviance
Well the process has not been real easy for me but we are working through it. First went through cpanel to install free Let's Encrypt Certificate for my domain. Would not work. Got an error saying to contact support. Support was right on it and they manually installed the certificate. Then downloaded the SG Optimizer Plugin and was going to use the force https switch but it says that there is no certificate issued for our domain. I have been waiting for a couple hours to hear back from support on this. Reading through these posts, Am i understanding correctly that once i get the above issues resolved i can enable cloudfare with the free Let's encrypt certificate?
Hristo Pandjarov Siteground Team
That's strange for most of people the tool works right away, probably some DNS issues failed the check. Anyway, once it's solved and you test and make sure everything is working fine, you can enable CloudFlare and the SSL support on it, it should work without problems :)
Ify
I can't find the SG Optimizer in the cpanel section
Hristo Pandjarov Siteground Team
It's a plugin in your WordPress app :)
Ruth
Thanks for this, very easy to use, click one button in your plugins and it's all done, thank you very much for making it so easy!!!!!!
Simplebutcreative Media
All my domains hosted through you guys are already running "Let's Encrypt". Is it better for me to switch my domains with this new cloudflare integration?
Hristo Pandjarov Siteground Team
Generally, it's a good practice to use a CDN. If you have enough time to configure and test it out, I would totally recommend doing it.
Simplebutcreative Media
Actually, I've been using Cloudflare for a long while for all my sites. I stopped using it because I couldn't integrate "let's encrypt" with the free cloudflare plan. More than likely it was possible I just didn't know how. I went for the quicker solution. Do you guys have a tutorial in the dashboard for this?
Hristo Pandjarov Siteground Team
Now, the SSL configuration of CloudFlare is easier than ever, you can do it directly from your cPanel. Check out this tutorial for mor einfo https://www.siteground.com/tutorials/cloud_flare_cdn/cloudflare_ssl/
chris
HI I have a few clients who are afraid to switch to the https url version via this plugin. I handle the design and the basic maintenance of their wordpress website. however, they told me they don't want to switch via your plugin as it would lock them with the siteground hosting. what can I tell them to reassure them so they agree to use force https with the sg optmizer plugin? they told me they don't want to keep this plugin forever. thanks chris
Hristo Pandjarov Siteground Team
The easiest way to do it is to copy their site using the Staging Tool if you're on GoGeek or copy the site yourself and show them it works :)
Nancy
Hello! Today I added the plugin (the most updated version) and made my two main websites secure with http - things were all fine with one site, but on the other my images aren't showing (except for my header and a sidebar image). I've searched this issue here and on the plugin forum, but not seeing what to to do to fix this. I appreciate your assistance with this and especially appreciate siteground has taken this step to allow all of us to easily secure our sites with http.
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk and my colleagues will assist you further.
Nancy
Thank you, will do!
Adrian
Anyone found a solution for social count reset? I'm not using plug-in for social,I'm using the classic like button from facebook. Thanks
Hristo Pandjarov Siteground Team
Check out this post, there are several solutions mentioned: http://stackoverflow.com/questions/10002191/is-it-possible-to-keep-social-share-counts-when-changing-permalink-structure
George
The SSL certificate provided by your plugin will renew automatically? Thanks.
Hristo Pandjarov Siteground Team
All free Let's Encrypt certificates that we issue are renewed automatically.
Eitan Goldin
I've some resources inside my site that are loaded externally and don't support https, for example i'm embedding beach cameras streaming from surfline.com and they support only http. So they are not being shown in my site as before. Is there a way to define in the domain subdirectories to not using https and use http?
Hristo Pandjarov Siteground Team
On a HTTPS sites all resources loaded must be loaded through a valid HTTPS connection. There are two options: 1. The page will show insecure content warning 2. External resources that don't have an ssl certificate will not be loaded.
Nancy
Actually never mind. I just checked my website and unlike all day yesterday when there were no photos showing, now there are. Problem solved!
Danielle
Do you know of a way to retain the counts for social sharing plugins? I'm sure I'm not the only one who relies on social proof, and I do not want to lose all my social share stats. Is there a plugin that will retain these, or something else?
Hristo Pandjarov Siteground Team
I would recommend to get in touch with the plugin developers to get additional assistance on that matter, I am sure they've already been asked that question multiple times. There are several approaches but it really depends on the particular implementation.
Daniele
What about enabling HSTS (Strict Transport Security)?
Hristo Pandjarov Siteground Team
At this point, using HSTS is outside the scope of functionality of the plugin. You need to manually send the headers to enable it.
Neil
Hi there, I can't see it in any of the Posts, so could you just clarify please.... You say you have "started to issue automatically Let's Encrypt certificates for all domains hosted on our servers." and then say "All new WordPress installations completed on our servers via Softaculous or via our setup Wizard now use the automatically installed Let’s Encrypt SSL and run through HTTPS by default." Does this mean it only works by default for domains registered through Siteground - or for all Wordpress site installs, regardless of whether the domain is registered through Siteground or another domain host?
Hristo Pandjarov Siteground Team
No, you can issue a certificate for every domain pointed correctly to your SiteGround account.
Chris
Thanks for the update. I tried the old Supercacher plugin a few months back and I have to say I wasn't impressed with the speed results. I had problems running W3TC and the SG plugin simultaneously as they conflict each other, and W3TC alone was speeding up my site far better than the SG plugin. I conducted various speed tests with all the major testers. Will the new SG Optimizer work with W3TC? I wouldn't want to make the switch to HTTPS if it would mean pages loading slower.
Hristo Pandjarov Siteground Team
The SuperCacher is part of the SG Optimizer functionality. You need to enable the Dynamic caching from cPanel and then from the plugin to make it work. It is drarmatically faster than the W3TC caching system. Probably, you've misconfigured something. I would disable all caching services from W3TC and use the SuperCacher. If you use it for things like minification, etc. you can keep using them but for the caching part, definitelly switch to our system. As to HTTPS, it will enable HTTP2 on your site, so you may even get some performance boost out of it.
Nishant
I contacted the Siteground Support team since all of this was little overwhelming to me. Your support team is amazing. He handled the migration of my Wordpress site to SSL as we chatted. Now, I see that all my existing pages and posts all automatically redirect to https. However, I do notice one issue. When I am not loading my homepage but trying to access any specific wordpress post or page, the chrome browser shows a notice that 'the page is trying to load scripts from unauthenticated sources'. how do I handle this issue? The moment I allow the page to load the scripts, the https gets striked out and unsecured gets added next to it.
Hristo Pandjarov Siteground Team
Make sure you have the Force HTTPS toggle switched on in the HTTPS Config tab in the SG Optimizer plugin. That should rewrite all sources to be loaded through https. Note, however, that if a resource in your site cannot be loaded through https it will not be loaded if HTTPS is loaded.
Kristof Devos
Hi, is setting that switch to on the only thing you need to do (next to installing an ssl certificate)? Is there no effect on SEO, should other measures be taken?
Hristo Pandjarov Siteground Team
It should have positive effect on your SEO. The only thing to change should be updating your Analytics profile to HTTPS.
Fred
This tool is really amazing! However, it also forces all my hyperlinks to external websites to change to https, e.g. we include a list of external resources available on the Internet, but some of the sites do not enable https yet, and so their sites will be shown as "ERR_CONNECTION_REFUSED" It would be great if the option of FORCE HTTPS only applies to internal links, but not external links.
Angelina Micheva
Hi Fred, Please note that functionality of SG Optimizer to “force https” is meant to help with securing the entire website. In the scenario that you describe that all internal links are configured with https, but the external ones are not secured (meaning, loading through http) the website will produce Mixed Content. This will result in warnings in the browsers your visitors use to load your website. Having the HTTPS checks set up only for internal links will not help you optimize the website and completely secure it. That is why, we would recommend checking with the companies maintaining the external resources listed on your website and work with them on a solution. For example, they might be able to offer an alternative - secured URL which you can then use. To achieve full security and guarantee safe browsing to your visitors it is best to use https for all links.
NJ
This is a fantastic tool. Blows my mind how easy (and free) you have made this.
Pieter
Any news on Let's Encrypt certificates for domains with special characters?
Hristo Pandjarov Siteground Team
Not yet. If Let's Encrypt start supporting them, they will work with all our tools but so far you can issue a certificate only for A-label form of IDNs.
Marc
I'm late to the party but have been following this change for quite some time. Today I went into one of my WP blogs and used the "force HTTPS." Worked flawlessly! cPanel already had my CloudFlare settings to Strict and I never even went to CloudFlare to do anything. From all my tests, my domain is going straight to HTTPS no matter what I type and the certificate is valid on any site that has some checker. This is awesome!
Hristo Pandjarov Siteground Team
Glad it all worked without any issues :)
Mike Quante
I have been trying to get the SG Optimizer option to work through staging sites w/o success. I create a staging site, then create a Let's Encrypt SSL cert for the staging site in cPanel -> Lets Encrypt. When i go to the SG Optimizer -> Force HTTPS option, it is grayed out with a message saying that I don't have a certificate issued (which I have!). I also run our site through the Securi firewall, which also has an LE cert. Current settings for this cert are SSL Mode -> Full HTTPS and Protocol Redirection -> Disabled. Please advise!
Hristo Pandjarov Siteground Team
I would recommend that you configure your staging copies manually since the firewall makes things a bit too complicated for the plugin to work properly.
Mike Quante
Thanks Hristo. I guess I'm not clear what you mean by "configure your staging copies manually." This is of course in prep for me forcing HTTPs on my live site. I learned the hard way that I needed LE certs on both the SiteGround site and the Securi Firewall. :-) With my site running through the Securi firewall, to force HTTPS, is the SG Optimizer plugin the way to go, the SiteGround Let's Encrypt interface options, or should i use Securi HTTPS/SSL Support's SSL Mode -> Full HTTPS and Protocol Redirection -> HTPPS Only Site? Something else? Appreciate your help!
Hristo Pandjarov Siteground Team
I will email you directly with more information about this :)
Martin
My site is also running through the Securi firewall, I am not clear what I need to do as Mike mentioned 'I learned the hard way that I needed LE certs on both the SiteGround site and the Securi Firewall' -> What does this mean? -> I also wanted to test on my staging site first, is this possible when using Securi?
Hristo Pandjarov Siteground Team
When you use CDN, there are two connections that must be secured - between you and the CDN provider and between them and your visitors. If one of the two is not configured properly, you will get errors on the site :) If you want to use LE and Sucuri, please, post a ticket in your Help Desk, specify that you're using Sucuri and provide the login details for your Sucuri account. Our team will assist you with the installation process. Basically, a ticket must be opened to Sucuri and then LE can be issued normally.
Ron Dowd
Hristo, We tried to migrate to HTTPS a couple of days ago with the help of SG. All appeared to be fine, but the redirect from HTTP is not working. (SG Optimiser has added the required redirect lines into htaccess.) Our website is not accessible to people who are trying to view us with our old links .. We rely on our website and are currently getting calls about our website being down and we are losing out on referrals. Could you please assist us in getting the redirect to work properly?
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk, our support team will happily assist you further.
Suzi
THANK You for making this so darn easy.
patrick
Hi Hristo, You say it is better to switch to https manually as this "switch" adds to the loading time. Is there a guide to doing this manually or can tech support do this if I call and request it?
Hristo Pandjarov Siteground Team
Regex is super fast and the amount it adds to the loading time is neglectable. However, if you want to configure it manually, you can force https with .htaccess rules (https://www.siteground.com/kb/how-to-force-ssl-with-htaccess/) and configure WordPress to work via https. Change all settings and all the links with something like the Better Search-Replace Plugin.
Roy
Hey! Great plugin, makes me like siteground more. I'm still getting the 'Parts of this page are not secure (such as images)'. What is the best approach to solve this?
Angelina Micheva
Hi Roy, Thanks for your feedback. Regarding the message you receive when using the SG Optimizer, please provide the full details to our techs via the HelpDesk system. They will review the information and suggest ways to resolve the issues.
Julio
Hi, what would be the appropriate way to enable the let's encrypt certificate to work with WP multisite subdomains registered front end? All the best,
Angelina Micheva
Hi Julio, In case you run a WordPress Multisite application with activated registration for new sites in the multisite network that uses subdomains all new sites that are registered/launched in your WordPress Multisite will be using subdomains. For example: Main site: mymainwebsite.com Registered site within the network: site1.mymainwebsite.com For such setup, we can suggest you use the Let's Encrypt Wildcard certificate which is available for free for our customers. Find more details on how to enable it for your account in our tutorial: https://www.siteground.com/tutorials/cpanel/lets-encrypt/ If you need any further assistance do not hesitate to contact us via our support channels. Regards, Angelina SiteGround Team
chris
Hey there, i love this feature. Quick question. So, i've added all four of my properties to Google Console, and set www, non-www, and both https versions. I've set the force https in sg optimizer. When i visit my site and type in any variation it is defaulting to the https non-www version of my site. In google analytics i've set the default to be https www version. So my question is this: 1) What do i do if i want the www https version to appear? 2) Regarding question #1 is there a reason i wouldn't want to go this? 3) Anything else i need to do in Console or Analytics to align everything properly? Thanks!
Hristo Pandjarov Siteground Team
The plugin only forces https, whether you will use the www subdomain or not it's up to you and the way you've configured WordPress (Options -> General -> Site URL). Just make sure you have one and the same settings for your website and your Google software. There isn't any difference between using www or not, whatever looks better for you is ok, just use only one to avoid duplicate content issues. I think there's only one setting in GA that has to be modified for the property for both https and www usage.
Jian
My images are not displaying if I turned on the Force HTTPS. Any ways I can have the https on yet still displaying my images? Those images in the wordpress admin panel itself is not showing as well. I have currently turn it off. Site is akiraceo.com Let me know if you need me to turn it on to let you see.
Hristo Pandjarov Siteground Team
I would say that you post a ticket in your Help Desk, our plugin should cover 99% of the cases, even badly hardcoded images within theme files so let our technicians look into it. I am sure they will assist you further.
aung
I used SG hosting server for the Singapore region because my client base is in Burma. Should I use CDN, to make my site faster? I feel it does not make sense to use CDN because nearest CDN server is in the same region as SG hosting server on Singapore.
Hristo Pandjarov Siteground Team
I would try CloudFlare free and see how it affects loading times.
Dylan
Hello, I am using a plugin which seems to be determining licence based on the SSL certificate. As I deactivate "Really Simple SSL" and activate the built-in force SSL from the SG-Optimizer the plugin won't open anymore, asking for a licence key.
Hristo Pandjarov Siteground Team
The SG Optimizer plugin is free and does not have any license checks. Maybe you've cached something. Please, post a ticket in your Help Desk so we can look into it.
Start discussion
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through