How do I enable HTTPS for WooCommerce?

Overview

HostingDuty enables HTTPS for WooCommerce by ensuring your SSL certificate is active and your site configuration forces secure connections. We prioritize security to protect customer data during checkout.

Step 1: SSL Certificate Installation

Before WooCommerce can use HTTPS, you need a valid SSL certificate. HostingDuty provides free Let's Encrypt certificates for all hosting plans. You can install these via cPanel or our custom dashboard.

If you have a custom certificate, upload it to your server's SSL directory. Ensure the certificate chain is complete. Missing intermediate certificates cause browser warnings.

For detailed instructions, see our SSL installation guide and Let's Encrypt setup.

Step 2: Update WordPress URLs

WordPress must know it is running over HTTPS. Log in to your WordPress admin and navigate to Settings > General. Update both WordPress Address (URL) and Site Address (URL) to use https:// instead of http://.

If you cannot access the admin panel due to redirect loops, update these values directly in your wp-config.php file:

``php define('WP_HOME', 'https://yourdomain.com'); define('WP_SITEURL', 'https://yourdomain.com'); ``

This ensures all internal links and assets load securely. For troubleshooting redirect loops, check our SSL redirect troubleshooting.

Step 3: WooCommerce SSL Configuration

WooCommerce has built-in settings to enforce HTTPS on checkout pages. Go to WooCommerce > Settings > General and check the box labeled Force secure checkout.

This setting ensures customers cannot place orders over an unencrypted connection. It also updates all product URLs to use HTTPS.

Additionally, verify that your payment gateway plugins support SSL. Some older gateways may require additional configuration.

Step 4: Mixed Content Resolution

After enabling HTTPS, you may encounter mixed content errors where some resources (images, scripts, stylesheets) still load over HTTP. Browsers block these resources, breaking your site layout.

Use a plugin like Really Simple SSL to automatically detect and fix mixed content issues. Alternatively, update hardcoded URLs in your theme files and database.

For a comprehensive list of common mixed content sources, refer to our mixed content checklist.

Step 5: Testing and Verification

Once configured, test your site thoroughly. Use tools like SSL Labs to verify certificate validity and configuration strength. Check WooCommerce checkout pages to ensure the padlock icon appears.

Monitor your site logs for SSL-related errors. HostingDuty's monitoring tools alert you if your certificate expires or if SSL handshake failures occur.

For ongoing security, review our SSL best practices and WooCommerce security hardening.

Caveats and Considerations

• Redirect Loops: Incorrect SSL configuration can cause infinite redirect loops. Always test in incognito mode after changes.
• CDN Compatibility: If using a CDN, ensure it supports SSL and forwards requests securely.
• Third-Party Scripts: External scripts must also load over HTTPS. Update any hardcoded HTTP URLs.

HostingDuty supports all major SSL providers and offers 24/7 technical assistance for SSL-related issues. Contact our support team if you encounter configuration problems.

For more details on WooCommerce security, see our WooCommerce hardening guide and SSL vs TLS comparison.