askdesign
3/23/2017 - 8:18 PM

HTTPS setup on Siteground

HTTPS setup on Siteground

https://www.siteground.com/blog/https-2017/#more-9577
https://www.siteground.com/kb/how-to-force-ssl-with-htaccess/

If you want to use https, every resource has to be loaded securely in order for you to see the green padlock. That's straight forward for new sites, but existing ones require some reconfiguration, thus the difference. Check out this plugin, it will do the trick and your existing sites will look exactly the same as the new ones in your browser: https://wordpress.org/plugins/ssl-insecure-content-fixer/
There's a warning in the SG Optimizer plugin reminding you to edit your Google and other third-party services you may have that rely on your full site url.

Go into Google Webmasters (Search console) and add my site's new URL as "https://www.example.com" Otherwise in Google Analytics you'll see 0 data for HTTP. You don't need to re-verify ownership of the encrypted version of your website, but make sure your sitemap now displays https URL's (Yoast SEO will do this once the https is added under the general WordPress settings).
UPDATE: If you're using CloudFlare with your website, make sure you set the SSL Option in our CloudFlare tool in cPanel to Flexible,  then configure WordPress to work through HTTPS and finally, switch the option in CloudFlare to Full Strict. This way, you will not have any downtime during the reconfiguration process. Check out our CloudFlare tutorial for additional information on that matter.

Existing WordPress installs can be switched to HTTPS with a single click

Force HTTPS

This magical “Force HTTPS” click can be made in our freshly extended WordPress plugin. It was formerly known as SG CachePress and was used to configure our in-house WordPress cache system - the SuperCacher. However, the plugin is now called SG Optimizer and includes the option to force HTTPS on your WordPress application. Switching it on will automatically configure WordPress to use the already installed by us SSL. It also forces all the traffic to go through encrypted connection to avoid any possible duplicate content issues you may experience because of having both http and https versions of your site available. Furthermore, you don't have to manually fix all those resources, you've included to your posts, pages, widgets and even the theme through http, as the plugin will automatically detect and fix them.

So, WordPress users, wait no more! Make your site HTTPS ready now! If you already have SG CachePress installed, just update it to the new extended version through your WP-admin and click the HTTPS force button. Otherwise, you can download the plugin from this link.
https://www.siteground.com/kb/how-to-force-ssl-with-htaccess/

How to force SSL with .htaccess

If you want to force your entire website to go through https, you can add these rules to your .htaccess file:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

--- for askdesign.biz ---
RewriteEngine On
RewriteCond %{HTTP_HOST} ^askdesign\.biz$ [NC]
RewriteRule ^(.*)$ https://www.askdesign.biz/$1 [R=301,L]

If your site is in a subfolder, use this code:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://yourdomain.com/folder/$1 [R=301,L]

- Simply keep line 2 (SERVER_PORT) as is in your current .htaccess file
- Simply replace yourdomain.com with your actual domain name.
Leave the subdomain without CF and simply force the HTTPS on it with the plugin. That should work right away. Then, check if the CF SSL option is set to Flexible in your CF panel, switch manually your non-WP application and test everything out. Once you make sure everything works, switch the SSL option to Full Strict. No need to install the SG-cachepress plugin on the WordPress blog when I've forced HTTPS for the non-WordPress primary domain manually in the htaccess file via ftp.


* * * * NOTES * * * *

It just doesn't make sense to do the same thing from two different plugins. If you've already configured your site to use https and forced all the traffic through https, leave the option in the SG Optimizer to off.

* * * * NOTES * * * *

Just configure your site to go through HTTPS by enabling the Force HTTPS option in WordPress. Then, set CloudFlare to flexible or full mode.
I've got 2 situations:
(1) My primary domain site is built with Bootstrap and has a WordPress blog. This primary domain also uses Cloudflare.
(2) My subdomain site is WordPress, without Cloudflare.
What are your recommendations for how I should transition to HTTPS on both the primary domain and on the subdomain?
Should I force the HTTPS for the non-WordPress area via htaccess?
After that, go through the steps you've outlined for WordPress sites using Cloudflare?