Ultimate Goal: Have your site run from HTTPS, with green lock, and allowed to accept payments.
Here are some questions I wanted to find answers to:
SiteGround provides SSL certificates for free? Yep. They’re not the only host to do so but let’s encrypt certificates. There is a paid option if you want to give them your money, for a dynamic site seal and a certificate that doesn’t expire for a year instead of 3 months. The free 3-month option has autorenewal so I’m not sure why this is a thing.
Starting from HTTP already on live site? Non-issue, the process is super simple.
Starting from HTTP on local development environment? Non-issue. Deploy to your host then enable HTTPS.
Local by flywheel allows SSL for local? After the conversion on your host you can’t push your local site anymore on basic HTTP because you will be pushing http links to an https site. This is called the mixed-content and causes issues. So configure SSL on local. Here is an article explaining how to do that.
Where does serialized search and replace come into to all this and should I use search-replace-db from interconnectIT or a plugin? This becomes a thing when going from you need to change your domain from localhost to http or http to https. The SG plugin handles this, and many other things for you.
How does the process work?
It couldn’t be easier. Installing it literally takes a few clicks. From the Siteground admin panel select your site and your certificate. There are three Versions of certificates offered by SiteGround. Two of the three are free. I chose the free wildcard because it covered subdomains.
Almost done but not finished just yet. You need to configure the HTTPS. SiteGround recommends their SG Optimizer plugin that’s made for WordPress running on their hosting environment. Seems like a worthwhile plugin. This article makes a strong case for it.
From within the SG Optimizer plugin you click enforce HTTPS and that’s it. You will get a message that says, “In order to force HTTPS on your site, we will automatically update your database replacing all insecure links. In addition to that, we will add a rule in your .htaccess file, forcing all requests to go through encrypted connection.” Successful enabling of HTTPS complete.
How does this affect page speed? HTTPS is not a choice, it’s a requirement so any page speed side effects, if there is any, would have to be stomached. The plugin affecting page speed is a non-issue. If anything, the tools of the plugin should make your site faster. After all, this one is from the host itself and is customized for WordPress. I ran a before and after on gtmetrix and the results were inconclusive, (the first test showed a drop in speed but the second re-test said the page was loading faster).
25 minutes to setup HTTPS with reading and relentless questioning of the process, seeking the why, and playing devil’s advocate
Sources: This ThemeIsle article was helpful