Last Updated 2021.02.06
How to make WordPress site SSL at all times CORESERVER (core server)
WordPress sites are a complex system, so constantly converting to SSL can reduce the risk of attacks on sites and hacking, improving security. It also has the advantage that users can browse the site with peace of mind.
Google has announced that sites that are constantly ssl will dominate the search ranking, and it is considered to be effective in SEO.
There are four steps to sslizing a WordPress site all the time.
- Get an SSL server certificate
- Install SSL server certificates on the server side
- Make the URL HTTPS in the overall settings of WordPress
- Replace internal links such as images from http to https
This time, I will introduce the procedure to make SSL with CORESERVER (core server) used on this site.
Since the core server can also introduce ssl server certificates of other companies in support of SNI SSL, you can make the site SSL for free when used with Let'sEncrypt.
Get an SSL server certificate
For SSL server certificates, it is recommended to obtain ssl server certificates with Let's Encrypt.
Please refer to the following article for obtaining ssl server certificates.
Let's Encrypt certificates have a short expiration date of 90 days.
I think that it is also good to purchase a cheap SSL server certificate in SSL BOX on a long-term contract and save the trouble of renewing the SSL certificate if you get used to the site operation by SSL at all times.
Cheap SSL Certificate Service, SSL Box
Take a backup of your WordPress site
Before you always sslize your WordPress site, make a backup just in case.
To back up your WordPress site, we recommend backing up with the UpdraftPlus plugin.
The above-mentioned UpdraftPlus is a convenient plug-in that can be backed up on the spot, has a schedule backup and retention management function, and once set up, you can leave it alone. You can also restore with one click, so if you are running a site with WordPress, we recommend that you introduce it.
Configure SSL settings with CORESERVER (core server)
- Register a domain that sslizes domain web settings
Click "Domain Web" from the top of the core server management screen
- Register a domain in the domain field for SSL in the domain information entry field
- Main items should remain blank. Coreserver's unique settings allow you to operate a multi-domain site by making this a blank.
- Enter the domain you want to ssl in the domain information input field for SSL. The domain enters the root domain that does not have www etc.
- After entering the domain to be SSL entered into the domain information input for SSL, press the "Domain settings" button to save
- Select the domain to enable SSL in ssl settings
- Select "SSL settings" from the left menu to go to the selection screen of the domain to be SSLed
- Domain name to enable SSL: Select the domain you want to ssl set in the domain web
- Click certificate settings to go to the certificate installation screen
- Install ssl server certificates
- Enter the private key, certificate, and intermediate certificate in the ssl certificate installation field. Open the file of the certificate obtained by Let's Encrypt with a text editor (sakura editor, etc.) and copy and paste the contents.
- Private key (no passphrase): Enter the private key. Copy and paste .key the contents of the file with letsencrypt numbers
- Issued certificate: Enter the certificate. Copy and paste the contents of the LETSENCRYPT number.cert file
- Issued intermediate certificate: Enter the intermediate certificate. Copy and paste the contents of the LETSENCRYPT number Int.cert file
- After confirming the private key (private key), certificate, intermediate certificate, click the "SSL certificate/ intermediate certificate installation" button
- Click here to return
- Set up the domain web again
Click "Domain Web" from the left menu.- Domain settings need to be updated to reflect certificates correctly
- Press the "Domain Settings" button to reflect your certificate settings without changing the contents of the domain web
The installation of the SSL server certificate for roadbikelife.net is now complete on the core server.
It will take some time to reflect the SSL certificate.
After a few minutes, check https://roadbikelife.net/.
Verify ssl server certificates
Check your SSL server certificate in Chrome.
- With the web page open, right-click the mouse and click Validate
- When the verification window opens on the right side of the browser, select the item "Security" and click
- From Security Overview, press the View certificate button to verify the certificate
Verify the validity period of the certificate.
Ssl server certificates obtained with Let's Encrypt are valid for 90 days.
Change wordpress's overall settings to HTTPS
Change the site URL of the entire WordPress in the WordPress management screen.
From the menu on the left side of the →, click "General".
- WordPress address (URL): https://roadbikelife.net (example) and change from http to https
- Site address (URL): https://roadbikelife.net (example) and change from http to https
Be careful not to add /(slash) at the end of the URL.
Now you can change the rough part from http to https.
However, for the image (media) file of the posted content, it remains the URL of http, so it must be corrected.
Change the internal link of a WordPress post to https
Use Search Regex, a plug-in that allows you to replace the content of an article you post with any text.
From the extra-→, search for "Search Regex" by keyword in "Add New" and install and activate it.
Replace http links in posts with https links in Search Regex
- Open Search Regex
Click "Search Regex" in the → menu on the left side of the Extram.
- Set up replacements in Search Regex
- Search pattern:enter http://roadbikelife.net (example)
- Replace pattern:https://roadbikelife.net (example)
- Click the Replace button. http://roadbikelife.net search results for posts that are typed As a result, and the replaced text is also displayed. At this point, it has not been replaced and saved yet, so let's check if there is a problem with the contents to be replaced.
- Replace with Search Regex
- Look at Results to see what will be replaced. Since there is a "view" link on the right of the Results screen, let's check the page that is actually replaced and check whether there is a problem.
- Press replace&Save button to replace and save
- Search Regex does not support fixed pages. The contents in the fixed page must be manually modified
Check if there is a problem by accessing it with HTTPS in your browser
We're trying to do that in the Chrome browser.
- Open the website and click "Validate" from the right click
- Click the Security item from the top of the verification screen to check the security status
- HTTPS in the site is fine if this page is secure (value HTTPS)
- If there is content (images or external ad links) that is partially loaded with HTTP, "protected communication" will not be displayed at the top of the browser. Find and manually modify http-loaded content on the verification screen
- Major ad distributors (A8 Net Value Commerce) are delivering advertisements using HTTPS, so there is no problem, but other ad distributors may be loaded with HTTP. Make sure your ad provider is HTTPS-enabled before you fix it to HTTPS
Do I need a 301 redirect in .htaccess?
Since the URL changes from http to https, will 301 redirection be required in .htaccess?
But if you are able to migrate from http to https properly, you do not need to set up .htaccess.
Tip: You don't need to change the URL of an external link to https:// after https migration: Overseas SEO Information Blog
If it is a complete HTTPS site with a mechanism called HSTS (HTTP Strict Transport Security), it seems to be a mechanism that automatically accesses it with HTTPS from the second time onwards even if it is accessed by HTTP.
When this site also moved from HTTP to HTTPS, I was able to migrate to HTTPS without any problems without installing .htaccess.
Therefore, the description of .htaccess is omitted.
What to do and more from HTTP to HTTPS
Change properties to HTTPS in Google Search Console
Change the URL of the site registered in Google Search Console to HTTPS.
If you have already registered a site URL with HTTP, register a new HTTPS URL with "Add Property".
Reference:
If you are using Google Analytics for access analysis, this will also be corrected.
You can modify it from the "Management" item in Google Analytics with the default URL item in "Property Settings".
Don't forget to save it at the end.
Coreserver (core server) site always SSL summary
It was a procedure to always sslize a WordPress site operated by CORESERVER (core server).
I was accustomed to the management screen of the core server, so I did not care during the work of SSL, but when I made it into an article like this, the core server had a lot of trouble moving around in the management screen and I was impressed that it was difficult to use after all.
If you are an intermediate or higher person on the Internet, it may be recognized as a cost-effective server.
I keep in mind when writing articles so that I can create a site with WordPress even if I do not have knowledge of servers or programming knowledge, but I felt that the core server needed some knowledge of the server.
If you still want to operate the site cheaply on the core server, please try using it only during the trial period.
If you have a CORE A plan or higher, you can use multidomain unlimited, unlimited database, unlimited email address
I think that it is a very cheap and good server for 5,200 yen per year with unlimited.
