There are multiple ways to force your WordPress website to use a free or paid SSL certificate (HTTPS) for a secure connection. However, sometimes a WordPress website refuses to display images and instead reports mixed content errors (not to be confused with Self-Signed SSL Certificate Warning) using browser developer tools or web apps like WhyNoPadlock.com.
This is why we recommend the Really Simple SSL plugin to remedy the issue with no special configuration needed.
Starting with version 3.1.6, the plugin developers improved ease of use with WP-CLI commands which allow WordPress web designers to handle important tasks via SSH. Below we cover how to enable Really Simple SSL with WP-CLI.
Psst! Once you secure your site, consider improving the speed with our Nginx-powered WordPress Hosting.
Enable Really Simple SSL with WP-CLI
- Log into SSH.
- Install Really Simple SSL using the command:
wp plugin install really-simple-ssl --activate
wp rsssl activate_ssl. Once complete, you should see:
Success: SSL activated
- Clear your browser cache or start a private browsing session. Visit your website without HTTPS. It should redirect to HTTPS.
- Configure your website to ensure FreeSSL updates with Really Simple SSL enabled (if applicable).
Psst! Sorry, last time. If you want to strengthen your HTTPS redirect, you can enable HTTP Strict Transport Security (HSTS) to force the redirect from the browser application layer.
If you have an issue after activating the plugin, you can undo the changes with wp rsssl deactivate_ssl. Check for more WP-CLi commands with wp help rsssl
There are more ways to further secure your WordPress site:
- Follow security and performance recommendations from the newly implemented Site Health feature
- Security plugins such as WordFence Security for in-depth protection you can customize within your dashboard
- Sucuri web application firewall for additional resources to fight hacking attempts
- Backup plugins to automatically schedule and verify backups
- Read our article “I think my website has been hacked”