HTTPS for WordPress With a Click

UPDATE: If you're using CloudFlare with your website, make sure you set the SSL Option in our CloudFlare tool in cPanel to Flexible,  then configure WordPress to work through HTTPS and finally, switch the option in CloudFlare to Full Strict. This way, you will not have any downtime during the reconfiguration process. Check out our CloudFlare tutorial for additional information on that matter.

A month ago we made the first step to increase the adoption rate of SSL certificates amongst our customers by starting to issue automatically Let's Encrypt certificates for all domains hosted on our servers. However, there still remained a manual step to configure all applications to use the certificates we've made available. We knew that if we really wanted to see a rise in the HTTPS usage we not only needed to provide the SSLs, but also make it easy for our clients to implement them. Today we are happy to announce that we have achieved this second goal for a large group of our customers -- the WordPress users.

What does it normally take to make a WP site run via HTTPS properly?

In order to make your WordPress site run over HTTPS you typically have to do several things: install an SSL on your hosting account, add some lines to your .htaccess file to force the SSL usage and then identify and fix mixed content issues.

What does it take now to make a WP site run HTTPS properly on SiteGround?

The answer is: no additional actions needed for newly installed WordPress applications, and a single click for already active sites.

New WordPress installs already run via HTTPS out of the box.

All new WordPress installations completed on our servers via Softaculous or via our setup Wizard now use the automatically installed Let’s Encrypt SSL and run through HTTPS by default.

Existing WordPress installs can be switched to HTTPS with a single click

Force HTTPS

This magical “Force HTTPS” click can be made in our freshly extended WordPress plugin. It was formerly known as SG CachePress and was used to configure our in-house WordPress cache system - the SuperCacher. However, the plugin is now called SG Optimizer and includes the option to force HTTPS on your WordPress application. Switching it on will automatically configure WordPress to use the already installed by us SSL. It also forces all the traffic to go through encrypted connection to avoid any possible duplicate content issues you may experience because of having both http and https versions of your site available. Furthermore, you don't have to manually fix all those resources, you've included to your posts, pages, widgets and even the theme through http, as the plugin will automatically detect and fix them.

So, WordPress users, wait no more! Make your site HTTPS ready now! If you already have SG CachePress installed, just update it to the new extended version through your WP-admin and click the HTTPS force button. Otherwise, you can download the plugin from this link.

What’s next?

This is not our last step toward making HTTPS universally used. We are already working on an easy switch on server level that will work for any site hosted on our servers. Stay tuned.

Product Development - Technical

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

238 Comments

  1. Reply February 1, 2017 / 08:20 kennySiteGround Team

    HI Hristo, saw the plugin update... read the blurb about force to https.
    This article isn't 100% clear about what situation is re cloudflare which has been set up for https with lets encrypt and regards sites that already have code in htaccess for https.

    Will the plugin detect this, i.e. we can click force to https or will this cause problems if already https?

    • Reply February 1, 2017 / 09:52 Hristo PandjarovSiteGround Team

      The plugin does not change the way your site works with CloudFlare. We're still working on making it easy and possible to use Let's Encrypt and other certificates with their service through cPanel and I really hope that this will be fixed very, very soon. However, if you're using the free CF plan, don't enable the https force tool yet.

      • February 2, 2017 / 10:08 Brian ProwsSiteGround Team

        It's absolutely critical to find a Siteground solution to the CloudFlare configuration. I know you folks are working on it, but remember that anyone can sign up with a free CloudFlare account and get an encrypted website.

        Currently, I have one paid CloudFlare account via SiteGround and one free CloudFlare connection on another site. With Google's pressure to encrypt websites, it's critical that SiteGround through its CloudFlare partnership find an easy answer to this issue.

      • February 3, 2017 / 01:57 Hristo PandjarovSiteGround Team

        It will be available shortly and we're making the process as smooth as possible.

      • February 16, 2017 / 19:14 Brian ProwsSiteGround Team

        I'm not quite certain why I got another email about this January post on March 15th. I'm now working on the newly announced SSL integration with CloudFlare.

        However, one other recommendation regarding Google's Search Console comes to mind.

        When you change your website or blog from HTTP to HTTPS, you need to add the HTTPS domain URL to Search Console. Otherwise, Google won't index your site's URL's properly.

        Go to: https://www.google.com/webmasters/tools/home?hl=en&authuser=1

        You'll also want to check for any crawl errors within Search Console (Google Webmasters).

        If you use WordPress and have the premium version of the Yoast SEO plugin, you can re-direct any bad 404 URL's to the correct page or post

      • February 17, 2017 / 01:26 Hristo PandjarovSiteGround Team

        There's a warning in the SG Optimizer plugin reminding you to edit your Google and other third-party services you may have that rely on your full site url.

    • Reply February 17, 2017 / 09:54 Diane M Cook-TenchSiteGround Team

      What does this mean for regular people with businesses hosted on your site? What are the benefits? This is totally over my head and doesn't give me a clue about why I should want to do this.

      • February 20, 2017 / 01:31 Hristo PandjarovSiteGround Team

        I should improve your visitors trust in your site, possibly make it a bit faster and improve your rankings in Google.

  2. Reply February 1, 2017 / 08:29 DanSiteGround Team

    HI,

    I've installed SSL through 'Let's encrypt', does that mean I don't have to click the 'force https' button on the plugin?

    The plug-in currently says:

    Warning: It seems you’ve been using another plugin or manually configured your WordPress application to work over HTTPS. Please, disable all SSL forcing plugins and remove all .htaccess rules regarding SSL before you enable the option in order to avoid potential issues

    Thanks,

    Dan.

    • Reply February 1, 2017 / 09:44 Hristo PandjarovSiteGround Team

      The plugin checks if you have already tried to enable https on your site. Check if you don't have any other plugin or .htaccess rule forcing HTTPS and you can then safely set Force HTTPS to ON.

  3. Reply February 1, 2017 / 09:00 Paul CoughlinSiteGround Team

    This is fantastic news! Great work, and thanks.

  4. Reply February 1, 2017 / 13:02 MattSiteGround Team

    I am showing errors on the front end if .htaccess is not writable. It works fine if I leave .htaccess writable. Is it just me?

    Warning: session_start(): Cannot send session cache limiter.
    Warning: file_get_contents(): Filename cannot be empty

    • Reply February 2, 2017 / 03:18 Hristo PandjarovSiteGround Team

      Please, update to version 3.0.4, the issue is fixed in it.

      • February 6, 2017 / 17:28 DanSiteGround Team

        Thanks for your reply Hristo.

        Dan.

  5. Reply February 1, 2017 / 14:35 Jean-Francois ArseneaultSiteGround Team

    Hi Hristo,

    The article seems to imply that the plugin will ensure "no mixed content warnings" appear.

    Ok, is this handled in-memory, or does the plugin actually perform a search/rewrite in the database, as well as handle serialized content so we don't lose widget placement?

    If the content of the DB doesn't get rewritten for HTTPS, doesn't that mean there will be a performance penalty incurred on that site?

    I'm thinking specifically of large WP sites or WooCommerce installs, where there may be thousands of products/URLs.

    • Reply February 2, 2017 / 01:07 Hristo PandjarovSiteGround Team

      The plugin rewrites links on the fly without making any DB modifications. It uses regex for that so the performance effect is minimal. Acutally none if you enable the dynamic caching too 🙂

      • February 18, 2017 / 00:42 BrianSiteGround Team

        Fantastic plugin - I upgraded a site tonight and it took about 2 seconds. Thank you so much for this post! I wanted to ask - if I have W3 Total Cache, is there any chance it will conflict with SG Optimizer?

      • February 18, 2017 / 02:17 Hristo PandjarovSiteGround Team

        W3TC has a lot of functionality and some of it can double what we're providing on a server level. If you have the Dynamic caching of SuperCacher enabled and working, I would disable all caching options from W3TC since our system is much faster. Rather than that, there should be no conflicts.

  6. Reply February 1, 2017 / 14:41 Justin HarcrowSiteGround Team

    So Lets Encryps is installed, plugin is installed. I can get to my site via https but in the plugin I get the error:

    Warning: You don’t have a certificate issued for https://www.website.com. Please, install an SSL certificate before you force a HTTPS connection. Check out this tutorial for more information on that matter.

    • Reply February 2, 2017 / 01:06 Hristo PandjarovSiteGround Team

      Please, update to the latest version - 3.0.3 and check again. If the issue persists, check whether you have some custom .htaccess rules that may block the plugin from checking your certificate.

      • February 3, 2017 / 11:56 Justin HarcrowSiteGround Team

        We have 3.0.4 installed. Must be something with W3 Total Cache.

      • February 7, 2017 / 09:10 Hristo PandjarovSiteGround Team

        Please, check if you have any restrictive .htaccess rules or other security plugins that may block our check.

  7. Reply February 1, 2017 / 17:37 Steven HambletonSiteGround Team

    I just signed up for WordPress hosting (GoGeek) and the onboarding for activating the Wildcard SSL certificate was missing!

    I figured it out but it would be good if this step was included in the 'Getting Started' guide or even automatically activated.

    • Reply February 2, 2017 / 01:05 Hristo PandjarovSiteGround Team

      Thanks for pointing this out to us, documentation will be updated as soon as possible!

  8. Reply February 1, 2017 / 18:37 Rick GregorySiteGround Team

    Note that social share counts will get reset when you move to HTTPS so if those are important to your site it's something you'll need to address.

    • Reply February 2, 2017 / 01:02 Hristo PandjarovSiteGround Team

      Yes, third party services may need some readjusting/reconfiguring. A warning will be added in the upcoming minor updates.

  9. Reply February 1, 2017 / 21:25 NyssaSiteGround Team

    I had to use a separate plugin for this, but now I get to turn it off. One less plugin! 😀

    • Reply February 2, 2017 / 01:01 Hristo PandjarovSiteGround Team

      Glad it all worked well for you!

  10. Reply February 2, 2017 / 00:02 ThompsonPaulSiteGround Team

    "...to avoid any possible duplicate content issues you may experience because of having both http and https versions of your site available."

    Funny, you completely dismissed this as an issue several weeks ago when it was pointed out to you as a major potential SEO issue with installing SSL certs on all sites without approval/preparation.

    The plugin's a great addition, but documentation needs to be updated to warn users to disable the SSL certs unless they are prepared to go fully SSL, otherwise their SEO will be seriously jeopardised.

    • Reply February 2, 2017 / 01:01 Hristo PandjarovSiteGround Team

      It's a potential issue that has been taken into consideration but it's really not a critical one since there shouldn't be links to the https version from the same domain. Of course, we always try to follow best practices and make it easy for our customers to follow them too.

      • February 2, 2017 / 10:17 Brian ProwsSiteGround Team

        I needed to go into Google Webmasters (Search console) and add my site's new URL as "https://www.example.com" Otherwise in Google Analytics you'll see 0 data for HTTP. You don't need to re-verify ownership of the encrypted version of your website, but make sure your sitemap now displays https URL's (Yoast SEO will do this once the https is added under the general WordPress settings).

      • February 3, 2017 / 01:57 Hristo PandjarovSiteGround Team

        Yes, that's why we've added a warning to update all third party services like Search Console, Analytics and so on 🙂

  11. Reply February 2, 2017 / 04:02 SimonSiteGround Team

    Erm... it looks like my comment has been deleted?

    My comment that this plugin took my site offline with a 'too many redirects' error.

    Well, after renaming the sg-cachepress directory, deleting the key from SQL, disabling cloudflare, eventually I got my site working again, and on HTTPS.

    Though thinking about my SEO, and given the site appeared much slower, I decided to back to HTTP. That took another 20 minutes of nightmares and site being offline and behaving erratically.

    I think more caution needs to be placed around enabling HTTPS..

    • Reply February 2, 2017 / 04:08 Hristo PandjarovSiteGround Team

      No, it was simply awayting approval. Anyway, I will answer to this one. If you have existing rules that force HTTP you may get into a redirection loop. That's because the plugin adds rules to force all traffic through HTTPS. As to CloudFlare, we're currently working on making our integration work with your personal certificate (LE or other).

      As to speed, your site should not be slower running through https. Actually, it should be faster because you benefit from all HTTP2 improvements that way. If you want, I can look into it, mail me at hristo.p at siteground.com and I will review it 🙂

      • February 18, 2017 / 07:55 CarlosSiteGround Team

        I'm having the same issue, but i'm not seeing a HTTP force in my htaccess.

      • February 20, 2017 / 01:28 Hristo PandjarovSiteGround Team

        Please, post a ticket in your Help Desk and our support team will assist you further!

  12. Reply February 2, 2017 / 04:12 SimonSiteGround Team

    Apologies - I can see my comment has re-appeared now.

    Great idea adding this to the plugin, though I wonder how many people face issues enabling HTTPS like me.

  13. Reply February 2, 2017 / 04:13 SimonSiteGround Team

    Will do, thank you Hristo 🙂 Support at siteground is fantastic.

  14. Reply February 2, 2017 / 08:34 Phil CSiteGround Team

    Really great to see SiteGround push forward with WordPress plugins/features like this. Keep it up!

  15. Reply February 2, 2017 / 09:23 Jay CollierSiteGround Team

    Simple question. I've activated SG Optimizer network-wide on my WP instance. However, where do the options appear? I've looked a number of places with no luck.

    • Reply February 3, 2017 / 02:01 Hristo PandjarovSiteGround Team

      The new functionality doesn't work for Multisite yet. We're working on an update that will properly support all the features MS users need.

      • April 17, 2017 / 09:04 FalkSiteGround Team

        Hi Hristo,

        any "update on the update" which will allow WP MULTI-SITES to switch to HTTPS easily this way?

        Would be great, since paying customers of ours are now getting warning messages from for example FIREFOX, when they log into our site to access their digital products - since it's still not HTTPS - and when they enter their PASSWORD, Firefox shows them the following message:
        "This connection is not secure. Logins entered here could be compromised."

        Which obviously is an issue, and some customers are now sending me messages about "not taking their privacy seriously"... 🙁

        Thanks!

        Falk

      • April 18, 2017 / 00:44 Hristo PandjarovSiteGround Team

        We're still discussing how to approach this because MS can be set in different ways and certificates depend on the domain name you're using. We will definitelly have a post when there's any development on that matter.

  16. Reply February 2, 2017 / 14:54 EricSiteGround Team

    "Force HTTPS" is grayed out. I can't activate https.
    It seams everything is right configured. Any ideas why this option is grayed out?

    • Reply February 3, 2017 / 01:59 Hristo PandjarovSiteGround Team

      There are number of reasons why it may be grayed out and there's a warning message under in each case. If that doesn't give you the answer, please contact our support team via the Help Desk to get further assistance!

  17. Reply February 3, 2017 / 04:39 JohanSiteGround Team

    I already had configured https on my site via a RewriteRule in .htaccess .
    HTTPS currently is working OK on my site for some time now.

    Is there an advantage in using the plugin's "Force HTTPS" instead of my existing configuration? Or is just better to leave my configuration as it is now?

    • Reply February 4, 2017 / 03:23 Hristo PandjarovSiteGround Team

      If your traffic is already forced throught https and you don't have any mixed content issues, you don't need to use our implementation, just leave it to off. It's the same, the implementation we made is for convenience, but the same result can be achieved manually.

  18. Reply February 3, 2017 / 10:27 Martin CarrionSiteGround Team

    How about Joomla sites? any plugin for Joomla?

    • Reply February 7, 2017 / 09:09 Hristo PandjarovSiteGround Team

      We're working on a tool that will make it really easy to switch completely over HTTPS no matter what application you use.

  19. Reply February 3, 2017 / 13:37 Ouec AdminsSiteGround Team

    You guys are amazing!

  20. Reply February 4, 2017 / 04:58 Stefanie HakulinSiteGround Team

    That is great. Sounds easy to do.
    After doing this, have I still to make a redirektion, or does this go automatic? Many of my reader come from social travic.
    Sorry for my bad English.

    • Reply February 7, 2017 / 09:01 Hristo PandjarovSiteGround Team

      The plugin will make the redirection for you, all you need to do is update your Google Analytics, search console and other third party tools you may use.

      • February 19, 2017 / 10:35 DanieleSiteGround Team

        what's the procedure to update GSConsole? I only see stats on my http://www version. None on http://site and https://www and https://site

        I add the new identity but what then?

        https://postimg.org/image/k94a1t0b7/

      • February 20, 2017 / 00:57 Hristo PandjarovSiteGround Team

        Google Search Console doesn't support changing the protocol part of the URL. They only support changing the domain name. Simply add a new property using https and it should start showing data correctly.

  21. Reply February 4, 2017 / 08:43 BERNICIA OLUWAGBEMIROSiteGround Team

    HI,
    Please what do I do. I installed the S G OPTIMISER in my website and then, my website went off. It's neary 24 hours and the website cannot open.I was told it may be server configuration . So what do I do? I can't even log in to the admin area either. Please help Thanks.

    • Reply February 7, 2017 / 09:01 Hristo PandjarovSiteGround Team

      Please, post a ticket in your Help Desk, my colleagues will look into it and assist you further.

  22. Reply February 4, 2017 / 17:31 markeSiteGround Team

    Not sure what to be on the lookout for with third party plugins once https is activated.

    • Reply February 7, 2017 / 09:17 Hristo PandjarovSiteGround Team

      Just deactivate any plugins that force SSL, everything else should be fine.

  23. Reply February 5, 2017 / 10:17 DainiusSiteGround Team

    Do you recommend SG Optimizer "force https" , really simple ssl (paid version) or both plugins??

    Im really afraid do have a double content with google and trash my rankings - please advice - im also planning to get a Cloudflare + (paid version) - really need your advice on what steps should be taken first to avoid a disaster while moving to ssl !

    Thank you so much

    • Reply February 7, 2017 / 09:05 Hristo PandjarovSiteGround Team

      The SG Optimizer should be enough. We add a 301 redirect, so duplicate content should be of no concern. As to CloudFlare, I would recommend you to wait for approximatelly a week. We will hopefully be able to lunch our updated CF integration that will work out of the box with an encrypted site.

  24. Reply February 5, 2017 / 19:05 John CopeSiteGround Team

    Great article Hristo and you should be congratulated on the way that you have addressed all the questions. I too was concerned about how this would work with Cloudflare and see that you answered that. It’s a shame I can’t take advantage of the update on most of my sites until that is addressed.

    • Reply February 7, 2017 / 09:03 Hristo PandjarovSiteGround Team

      We're doing our best to have this fixed asap! I understand it's not optimal but it takes some development time to fix the tool and the integration.

  25. Reply February 6, 2017 / 07:29 LeonardoSiteGround Team

    Hello HRISTO,
    I switched my first site in https (usatotrinauto.it), I always have to add a few lines in my .htacces?

    • Reply February 7, 2017 / 09:02 Hristo PandjarovSiteGround Team

      You shouldn't actually, the plugin adds them for you.

  26. Reply February 6, 2017 / 22:33 PeterSiteGround Team

    Only today I noticed that some of the sites that I hosted on Siteground USA and Siteground EU are deindexed by google on their http version. I never moved that sites to https but now, thanks to Siteground update, Google has indexed the https version as well deindexed the http version, the one I use all around, on the backlinks, etc.
    This in the end I think will cause me more troubles then benefits. Some of these websites are pbn I use to rank other sites, sites that now get links from deindexed urls.
    Also, some sites have the 2 version (http and https) indexed, so their content now results duplicate.
    Not good at all!

    • Reply February 7, 2017 / 09:50 Hristo PandjarovSiteGround Team

      I'd recommend that you always force one of the versions with an .htaccess file in order to avoid potential duplicate content issues with Google or indexing problems. Although it should take into consideration your setting in the Admin Console (http or https), they still haven't perfected their algorytm to properly detect all cases all the time in this regard.

      • February 7, 2017 / 11:18 PeterSiteGround Team

        But i never changed my htaccess files before, I'm getting this new problem only recently, and, among hundreds of websites I host on several hostings (HawkHost, Just Host, 1&1, Servage, HostGator, Site, ground US, Siteground EU, TrafficPlanet, Aruba), I see this http-deindexing only in the sites hosted on Siteground. On my opinion the new plugin update has affected in some way the preference that now Google is having about my sites

      • February 8, 2017 / 11:50 Hristo PandjarovSiteGround Team

        The plugin solves such issues, it doesn't create them. You have two versions indexed because we automatically install certificates for all new domains that come with us and somewhere you have linked to a https version of the page which then Google has crawled.

  27. Reply February 7, 2017 / 12:03 Matteo RubboliSiteGround Team

    Hi Hristo,
    I Activated the Encrypt, I installed the plugin but it always show me this error:

    Warning: You don’t have a certificate issued for https://www.vanillamagazine.it. Please, install an SSL certificate before you force a HTTPS connection. Check out this tutorial for more information on that matter.

    I Deactivated all the plugins, I've not an HTCACCESS with strange rules...
    Have you any idea?

    • Reply February 8, 2017 / 09:14 Hristo PandjarovSiteGround Team

      Please, open a ticket in your Help Desk, our support team will investigate your particular case and help you out 🙂

  28. Reply February 7, 2017 / 22:54 DainiusSiteGround Team

    Hello Hristo! I recently wrote you :

    "Do you recommend SG Optimizer "force https" , really simple ssl (paid version) or both plugins??
    Im really afraid do have a double content with google and trash my rankings - please advice - im also planning to get a Cloudflare + (paid version) - really need your advice on what steps should be taken first to avoid a disaster while moving to ssl ! "

    A little too late i have noticed that you advice me to wait a week for cloudflare plus integration - so i went ahead and enabled it - my site loads fast (rocket loader - on ) but im having seriuos issues with google - i tried to do a google mobile friendly test - and now i get 25 blocked resources and a message that my site is not mobile friendly - which it is and it was - my layer slider is also not loading on safari / desktop - hope you can help me.

    https://search.google.com/search-console/mobile-friendly - mobile friendly test

    http://www.cyclecentralpark.com - my website

    Thank you so much - you can contact me in private if you like

    • Reply February 8, 2017 / 11:45 Hristo PandjarovSiteGround Team

      The issues you're experiencing have nothing to do with the SG Optimizer latest update or your HTTPS configuration. The problem is caused by the following lines in your robots.txt file which block the access of the Google bot to scripts and css files handling your mobile version:

      Disallow: /wp-includes/
      Disallow: /wp-content/themes/enfold/

      Please, remove them and you will see way better mobile-friendly results 🙂

  29. Reply February 8, 2017 / 03:28 VaneSiteGround Team

    Hi,
    how about WP sites also using iThemes Security plugin, forcing both front and backend to use HTTPS? Is there any known conflict, a specific settings required in either SG Optimizer or iThemes Sec?
    Thanks

    • Reply February 8, 2017 / 11:46 Hristo PandjarovSiteGround Team

      We don't have any reported conflict. It just doesn't make sense to do the same thing from two different plugins. If you've already configured your site to use https and forced all the traffic through https, leave the option in the SG Optimizer to off.

      • February 14, 2017 / 04:26 VaneSiteGround Team

        Pls. note setting iThemes Security to require full, front- and backend access via HTTPS was not enough for the sites to work properly ( I had mixed content warning, yellow lock in FF ), I also had to force usage SSL in SG Optimizer!

  30. Reply February 8, 2017 / 11:03 RoySiteGround Team

    With this plugin, do we still need to change the WordPress and Site URL in WordPress settings?

    • Reply February 8, 2017 / 11:43 Hristo PandjarovSiteGround Team

      No, it will do it for you 🙂

      • February 8, 2017 / 11:54 RoySiteGround Team

        Thanks, right now I have Cloudflare with their dedicated (not shared) certificate in "Full" mode and have not enabled the SG Optimizer. Should I wait til next week, when you folks have an update on the Cloudflare integration, or is it ok to proceed with the SG Optimizer now with Cloudflare "Full"? Thanks

      • February 8, 2017 / 11:58 Hristo PandjarovSiteGround Team

        You can set it to full and activate it right away 🙂

  31. Reply February 8, 2017 / 12:19 RoySiteGround Team

    Wow, thanks for the prompt replies! Great service.

  32. Reply February 9, 2017 / 06:59 MichaelSiteGround Team

    This is amazing guys.

    Just finished the whole process in 5 minutes. It's so simple to redirect everything to HTTPS now:

    https://foxymonkey.com/

    Cheers!

    • Reply February 10, 2017 / 01:06 Hristo PandjarovSiteGround Team

      Glad it worked without glitches!

  33. Reply February 9, 2017 / 10:09 RoySiteGround Team

    Follow up to that, If we want to go with Cloudflare Full (Strict), vs the Full SSL option you shared above, which then requires a Certificate to be installed on the origin site, and that Certificate can be from Cloudflare or a Trusted Authority.

    1. What are the steps with Siteground to do that (install the Certificate) for the Full (Strict).

    2. And do you need to Enable the "Force HTTPS" in the SG Optimizer for Full (Strict).

    • Reply February 10, 2017 / 01:07 Hristo PandjarovSiteGround Team

      Right now you have to manually configure your CloudFlare CDN from their admin panel. Once you set that, just force the connection through https. Hopefully, shortly this will be doable directly from cPanel.

      • February 10, 2017 / 07:34 RoySiteGround Team

        Ok, will just go with the Full for now.

  34. Reply February 9, 2017 / 10:40 KeithSiteGround Team

    Does this plugin for also with third party SSL certs - Im currently waiting on one to validate on my domain

    • Reply February 10, 2017 / 01:06 Hristo PandjarovSiteGround Team

      Yes, it will work just fine with any properly installed certificate on your account.

  35. Reply February 9, 2017 / 23:50 Praney ThapaSiteGround Team

    Does migrating to HTTPS really helps in boosting your website rankings in SERP's.

    • Reply February 10, 2017 / 01:05 Hristo PandjarovSiteGround Team

      Going HTTPS should have a positive effect on your rankings.

    • Reply February 18, 2017 / 11:05 MarkSiteGround Team

      In the short term it's very possible it will hurt your rankings. I tried it a few months ago (not a siteground install) and lost my rankings and I lost in the high hundreds of dollars a day in Adsense. Within a week I reverted it all back, which was also a risky move. After a couple weeks I was back to normal.

      I won't be going https for quite a while, until I really know what the outcome will be. Too expensive.

      Also, my understanding is that staying http will not hurt your rankings if you don't have ecommerce, or are otherwise collecting sensitive information.

      • February 20, 2017 / 01:34 Hristo PandjarovSiteGround Team

        If done correctly, the migration from http to https may have a negative effect on your traffic for less than a day. After that everything should be back to normal and ranking even better. As to commerce sites, they should ALL have a certificate without exception.

  36. Reply February 12, 2017 / 22:47 Gary WicksSiteGround Team

    My rankings are dropping but my impressions are going up in Google, so more impressions but farther down in rank.

    Impressions are now increasing in https and decreasing in http
    But google is still showing http pages which rank lets say 9th and the https new setting is ranking 110 for the same page.

    I was told that they my sites were set to https, but I was not told to redirect this button you talk about. That is not very good?

    Or is it? Maybe I do not have to toggle the button because you forced my sites manually to https what ever that entailed? I am getting mixed messages from support now you say to get cloudfare plus?

    I do not care about cloudfare plus until I figure out if the config is proper and google is not going to hammer me.

    Is it working in google because impressions are dropping in http pages but increasing in https and the ranking decline is a natural reaction because I read in google developers that essentially google bot reads it as a new site now.

    SO is my site set up properly and now I have to wait for rankings to come back? or do I toggle this switch? getting confused here now. Especially since support says now that cloudfare will be affected?

    So what do I do, toggle not toggle or toggle and get rid of cloudfare what?

    • Reply February 13, 2017 / 00:33 Hristo PandjarovSiteGround Team

      Having an SSL certificate properly configured is just one of the thousands criteria Google uses to rank your site. I would recommend that you force all your traffic through HTTPS since that's the best practice. Of course, there are always other elements affecting your rankings. As to CloudFlare, I answered in your other comment.

  37. Reply February 12, 2017 / 23:41 Gary WicksSiteGround Team

    Right now I have free cloudfare
    Siteground set my sites to https
    I was not told to toggle the switch
    Now I am told to toggle the switch but should get paid cloudfare

    My questions are can I just leave the free cloudfare and toggle the switch for now? Will I have problems?
    Are you setting up the https to work with the free cloudfare?
    Do I need to get paid cloudfare before toggling and thentoggle and then switch back to free cloudfare after you make the two compatible?

    AM I getting hammered by google right now? Waiting for the right answers here?

    • Reply February 13, 2017 / 00:30 Hristo PandjarovSiteGround Team

      You can use the free CloudFlare version and have your site using https. You just need to manually set your Crypto settings to Full and then force your traffic through HTTPS. We're currently working on making that process seamless by using our cPanel tool and it should be ready soon. Meanwhile, you can do it manually.

  38. Reply February 13, 2017 / 00:45 Gary WicksSiteGround Team

    Ok sorry you just answered that I see, yes it will work now by setting the settings to full which I did at the cloudfare site a few weeks ago. I wonder why the support did not tell me to togle the switch then too? I would have been done with this as everything was correct except for this toggle swithch.

    Ok then why is support suggesting I should get paid cloudfare then? If the free version can be configured by the setting of Full in the cloudfare site which I did?

    • Reply February 14, 2017 / 01:16 Hristo PandjarovSiteGround Team

      There are multiple ways to configure your website to use a CDN like CloudFlare through a regular unsecure connection and through HTTPS. There is no one right way to do this since different customers have different workflows and eventually structures of their website that they want to achieve. The switch just fores all your WordPress links to HTTPS. You can use it without a CDN account at all. Now, if you want to use CloudFlare, things become a bit more difficult since there are two connections that you need to take care of - between the SG server and the CDN server and between the end points and your visitors, thus the different configuration options. That configuration can be a bit confusing and it's not straight forward at all. That's why we're working on updating our systems, so we can make that process seamless for our customers. We've made this possible during the weekend and hopefully by the end of this week everyone should be able to use their SSL certificate with CloudFlare with a click.

  39. Reply February 14, 2017 / 10:00 Gary WicksSiteGround Team

    Ok Now I'm confused now, how do I know if my sites are set up properly or not?
    I did the cloudfare manual switch to force FULL a few weeks ago this stopped the looping and brought my sites back online which had completely disappeared. But was fixed quickly by support.

    Then I put the new version into google console and switched to https://www preferred version

    Now I toggled this switch a couple days ago, but sad that support did not tell me to do this.
    Now its toggled.

    Am I done? Or not?

    Will I have to do something else now?

    This statement you made is confusing and alarming to me now.

    "Now, if you want to use CloudFlare, things become a bit more difficult since there are two connections that you need to take care of - between the SG server and the CDN server and between the end points and your visitors, thus the different configuration options."

    Where am I right now? In Limbo?

    No one told me about what you said above.
    No one told me to toggle this switch.
    My sites have pages that used to rank 7 8th and 9th which is 1st and second page of google and now down to 10th and 12 pages deep in no where land.

    So you see my concern, I need to know plain and simple if I am set up and running properly now
    So I can move on with confidence that my rankings will come back and there is something else you haven't told me yet going on.

    I need assurance that I am done and ready to pick up the pieces now.

  40. Reply February 16, 2017 / 10:13 GlenSiteGround Team

    For WP sites that are not currently https, will the switch also alter the database to make all http associated with the domain to be https? If not, on our end wouldn't that be the best thing to do? I.e. once we make the switch, change the database to reflect https throughout the website?

    • Reply February 17, 2017 / 01:06 Hristo PandjarovSiteGround Team

      The only database modification the switch does is changing the siteurl and home url options. The insecure content fixer works by dynamically rewriting the http urls to https. If you can configure your site manually, that would be the best thing of course. You can use a plugin like this one: https://wordpress.org/plugins/better-search-replace/ to change all http://yoursite.com strings to https://yoursite.com in your database and then add the appropriate rules in the .htaccess file to force all requests through https.

  41. Reply February 16, 2017 / 11:28 Michael GSiteGround Team

    Hello - I recently configured my WordPress site to use https manually following your instructions from a month or two ago. The site works fine using https after I fixed the various links I had that were using http. So it sounds like I do not need to install SG Optimizer, is that correct? Also, when I am in the WordPress Dahboard and I click on the "Visit Site" link in the upper left hand corner the page loads under http instead of https. Is there a way to correct that so that it always loads under https?
    Thanks!

    • Reply February 17, 2017 / 01:32 Hristo PandjarovSiteGround Team

      The SG Optimizer plugin takes care of your SuperCacher too, so if you're using it, you still need it. As to your other question, if you have manually configured WordPress to work through https and forced all the traffic through https with an .htaccess rule, you don't need to enable the feature. Simply leave ot to Off. As to the incorrect link, go to Settings - General and look at the home url and site url values making sure they're both https.

  42. Reply February 16, 2017 / 12:06 PatrickSiteGround Team

    Any idea on how this would interact with Sucuri's CloudProxy?

    • Reply February 17, 2017 / 01:55 Hristo PandjarovSiteGround Team

      If you're using Sucuri's CloudProxy, they install a LE certificate by default so your site will work just fine after you reconfigure it to work through HTTPS. However, take a look at your SSL settings in their panel and set SSL Mode to Full.

      • February 24, 2017 / 08:32 GeorgeSiteGround Team

        Hi.I have Sucuri's Basic plan. Now their CloudProxy is not working after I did the force https from your plugin.

        Sucuri support said this,I don't really understand what they want:

        I also noticed that your domain has a valid SSL certificate: https://www.sslshopper.com/ssl-checker.html#hostname=clarvazatoareamarinescu.com. CloudProxy also issues a SSL certificate for your domain, however on the Basic plan is not possible to configure the SSL before update the DNS records. In this case, you have the following options:

        * Do nothing and wait CloudProxy to issue the new SSL certificate, website will be unreachable for some time
        * Disable the SSL redirection for your domain and only enable it once CloudProxy issue the new SSL certificate
        * Upgrade your plant to Professional which allows to configure the SSL certificate before update the DNS records

        What's the difference between LE ssl free certificate and the force https from your plugin?
        What should I do with Sucuri beacause my firewall doesn't work.

      • February 27, 2017 / 00:59 Hristo PandjarovSiteGround Team

        They need some propagation time to update their records. Usually it's a good idea to open a support ticket to your CDN provider before you make the switch to HTTPS just so you're aware of such issues.

  43. Reply February 16, 2017 / 16:25 VojkanSiteGround Team

    I installed plugin and turned on "Force HTTPS" and now i can not open my own website, i can not even access wp admin page. How i can get rid of it? I tried to delete plugin with FilaZilla but still problem is there, now i returned it back. This is a message what i receive when i try to access website or wp admin panel:

    The page isn’t redirecting properly

    Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    This problem can sometimes be caused by disabling or refusing to accept cookies.

    • Reply February 16, 2017 / 16:39 VojkanSiteGround Team

      Ok, i fixed it, i set in cloud flare from flexible to full mode. In a moment i was so worried.

      • February 17, 2017 / 01:08 Hristo PandjarovSiteGround Team

        Glad to hear you had that solved 🙂

  44. Reply February 16, 2017 / 17:35 JoeSiteGround Team

    "This magical “Force HTTPS” click can be made in our freshly extended WordPress plugin. "

    I used this yesterday and it truly was magical! Very easy and painless. I'll be applying it to more sites.

    @Hristo - one thing I'd like to get more information on. You stated:

    "By starting to issue automatically Let's Encrypt certificates for all domains hosted on our servers. However, there still remained a manual step to configure all applications to use the certificates we've made available."

    I ran into an interesting problem though, and SG support was helpful but I feel the issue was not fully resolved.

    The issue is that my site greenflagdigital.com was shown as HTTPS and indexed as HTTPS before I made any changes.

    1. Before you automatically issued Let's Encrypt on all servers, I didn't take any manual action to make my site HTTPS
    2. I noticed in January the HTTPS version of my site start to appear
    3. Both versions of my site were indexing (not ideal) - HTTP and HTTPS - as verified by Screaming Frog SEO spider. And they were not 301'ing to each other
    4. HTTPS was forced on Chrome, but not Safari. Not sure if there is something that Chrome was picking up that Safari wasn't from the server. Not sure if that's possible.
    5. For my smaller site, the issue isn't severe, but larger sites that could have huge problems with their URLs indexing as both HTTP and HTTPS should take a closer look and beware
    6. I think SiteGround should take a deep look at the indexing and SEO ramifications of adding SSL by default and cross-checking this on Chrome vs Safari and Google indexing vs Bing and others. For huge sites, could be a problem. A full technical and written public report on problems or no problems would go a long way.

    Love SiteGround and their support of SSL - it makes the web better. But a few of these issues should be addressed!

    • Reply February 17, 2017 / 06:03 Hristo PandjarovSiteGround Team

      Thank you for reporting your case. The appearance of duplicated content is exactly the issue we are addressing with the launch of the HTTPS force option in our WordPress plugin. Although we have very few reported cases in which both http and https versions of website were indexed after the issuance of the certificates, we are taking steps to further minimize the possibility of this to happen. The WordPress plugin is just the first action.

  45. Reply February 16, 2017 / 20:17 Mary LičaninSiteGround Team

    ...and this is why I love you, SiteGround! You guys are the best hosting company I have *EVER* worked with, and I've been doing this for almost 15 years. Stay awesome!!!

  46. Reply February 16, 2017 / 21:21 PhilipSiteGround Team

    OK, so seemed like a good idea. I installed and activated this plugin. Found the https switch and turned it on. Went to check my website and all my photos (hundreds of them all hosted on Smug Mug which is completely https) were no longer displayed. Switched it back off and now everything is fine again. A total waste of time.

    • Reply February 17, 2017 / 01:24 Hristo PandjarovSiteGround Team

      If you want, I can take a look into it, you've probably hit some edge case scenario that I would love to troubleshoot. Just give me your domain name and I will have it working in no time 🙂

  47. Reply February 16, 2017 / 21:58 Terri HorsmannSiteGround Team

    Installed SG Optimizer but it didn't work for my WP site. It 'crashed' the layout so that all page headers weren't displaying, changed some content layout, and bits of text content were converted to hyperlinks. Interesting!

    Had to delete the plug-in for my site layout to display properly. Wondering if this could possibly be a theme issue? I use GeneratePress theme. All PlugIns, theme, and WP were updated prior to installing SG Optimizer and flipping the https switch.

    Guess I'll have to wait until the server level change is made and hope all is cohesive.

    Thanks!

    • Reply February 17, 2017 / 01:23 Hristo PandjarovSiteGround Team

      Could you give me your domain name so I take a look into it? It's probably some edge case or certain rule in the .htaccess file that misbehaves.

      • February 19, 2017 / 09:07 ChrisSiteGround Team

        I'm in the exact same situations. Siteground support manually switched website dazzlingphotobooth.com to https. That broke my header/links menu/hyperlinks.

        If I disable w3tc plugin (which give me fast loading as I have lots of images/slideshows, and 91% faster loading over all tested website, website works again BUT then my pingdom score is way lower and 71% slower. I have not much checked in w3tc plugin to be on but somehow https is breaking/conflicting with a plugin that is Very Very helpful and spent a month getting it right and great with my picture loaded website.

        Been dealing with support all yesterday but that just confirm what I already know that it is w3tc and they said to just disable it. NO No No. That is not a solution to me and all the hard work getting my site fast for clients.

        Would LOVE your help Hristo!! Thanks in advance!!!! Chris

      • February 19, 2017 / 10:48 ChrisSiteGround Team

        Fixed it....:-) It was MaxCDN and needed to enable SSL on my Pull Zones (under manger tab), then click on the green enabled dot and the new link with ssl included to copy that link and paste into w3tc plugin in the CDN area and replace the older link. It worked immediately! Yeah!!

      • February 19, 2017 / 10:54 Hristo PandjarovSiteGround Team

        Glad you fixed it!

  48. Reply February 16, 2017 / 23:17 John DobbynsSiteGround Team

    I toggled the switch in SG Optimizer "force https" and all the images stopped displaying on my WordPress site. had to switch it off to see the images.

    • Reply February 17, 2017 / 01:22 Hristo PandjarovSiteGround Team

      Are you using a CDN? If you give me your domain name I can take a look what went wrong and get back to you 🙂

  49. Reply February 17, 2017 / 00:42 DavidSiteGround Team

    Can this be trialled and tested on a staging site first?

    • Reply February 17, 2017 / 01:11 Hristo PandjarovSiteGround Team

      Yes, it's actually recommended to do it this way in order to avoid any issues with your live site 🙂

      • February 17, 2017 / 06:18 MarkSiteGround Team

        Just to make sure I understand on this:

        I have a staging site at http://staging11.domain.com. I should be able to throw the "Force HTTPS" switch on the staging site and test to make sure all is OK there. Then, I would simply stage that site to my live site (http://domain.com) via the cPanel and, from there, assume that all will be OK on the live site. Am I missing anything? This seems almost too simple 😎

      • February 17, 2017 / 07:07 Hristo PandjarovSiteGround Team

        It is that simple 🙂

  50. Reply February 17, 2017 / 04:45 RichardSiteGround Team

    Maybe I am asking this because I don't know too much about this tech stuff. However, is this going to be paid for?

    • Reply February 17, 2017 / 07:03 Hristo PandjarovSiteGround Team

      No, it's a free service 🙂

  51. Reply February 17, 2017 / 04:50 AngeloSiteGround Team

    Nice feature! Just wondering one thing; Three days ago I renewed an existing SSL certificate for a domain that I have. That costed me around $80,- Now I see that I can get SSL for free on all domains in my hostingpackage.
    What should I do? Now I get the same result (even more), but it costed me 80,- Do you have any suggestions? Thanks!

    • Reply February 17, 2017 / 07:04 Hristo PandjarovSiteGround Team

      The paid certificate has its benefits. It's wildcard for example. I would recommend you to contact us via the live chat once the certificate reaches expiration date to have it replaced with a free one if you want.

  52. Reply February 17, 2017 / 05:05 chrisSiteGround Team

    Hi
    I am still unsure about taking the plunge as I am afraid that switching to the HTTPS version would make me lose my current rankings as Google would see the https version as a totally new website. Is that correct?
    Thanks hristo for the great help here 🙂

    cheers

    chris

    • Reply February 17, 2017 / 07:07 Hristo PandjarovSiteGround Team

      Go for it 🙂 If something breaks, you can always contact our tech team!

  53. Reply February 17, 2017 / 07:11 Malcolm RuthvenSiteGround Team

    When I try to go to https sites using Firefox, I often/usually get an error message "Secure Connection Failed" and have to "Try again" to get it to work. I don't want that to happen to my site visitors.

    • Reply February 18, 2017 / 02:35 Hristo PandjarovSiteGround Team

      I would recommend clearing all caches you may have. If the issue persists, please post a ticket in your Help Desk and our support team will take a look into it.

  54. Reply February 17, 2017 / 07:27 C PHILLIPSSiteGround Team

    Hi, I haven't attempted this yet, but am confusedby an earlier comment you made to someone else:

    The only database modification the switch does is changing the siteurl and home url options. The insecure content fixer works by dynamically rewriting the http urls to https. If you can configure your site manually, that would be the best thing of course. You can use a plugin like this one: https://wordpress.org/plugins/better-search-replace/ to change all http://yoursite.com strings to https://yoursite.com in your database and then add the appropriate rules in the .htaccess file to force all requests through https.

    Are you saying that it is better to move to HTTPS manually and not use the plugin?

    • Reply February 20, 2017 / 01:00 Hristo PandjarovSiteGround Team

      If you can make the configurations yourself, I would always recommend doing it manually - full database replacement of the URLs, 301 redirect in the .htaccess and manual fix of all resources included in your template and plugin files if any. Since we don't want to interfere with your data and possibly cause issues, we rewrite the URLs on the fly and don't do any modifications to your database but the home url and site url options which adds minimal but still existing overhead to the site loading process.

  55. Reply February 17, 2017 / 07:39 Sebastiaan BeteramsSiteGround Team

    Is it possible to use the SSL-feature in a shared hosting environment / GoGeek account?

    • Reply February 17, 2017 / 07:40 Sebastiaan BeteramsSiteGround Team

      So with more then 1 website within the same shared hosting GoGeek account?

      • February 18, 2017 / 02:36 Hristo PandjarovSiteGround Team

        Yes 🙂

    • Reply February 18, 2017 / 02:36 Hristo PandjarovSiteGround Team

      Yes, we use the SNI technology which means that you can get free certificates for each Addon domain you have in your GoGeek or GrowBig accounts.

  56. Reply February 17, 2017 / 08:39 John OSiteGround Team

    Maybe it's the Friday morning fog, but nowhere can I see where I get the "Force HTTPS" button, having just manually installed the plug-in. Where do I go to flip the HTTPS bit?

    • Reply February 20, 2017 / 01:01 Hristo PandjarovSiteGround Team

      It's in the HTTPS Settings sub-page of the plugin 🙂

  57. Reply February 17, 2017 / 10:10 grantSiteGround Team

    sweet, just updated my site, took like 10 seconds.

  58. Reply February 17, 2017 / 10:15 JessicaSiteGround Team

    So this plugin provides both caching and it forces https? Isn't there an easier way to automatically have https without needing a specific plugin installed? Will installing this plugin break all of my existing links and social redirects (pins, tweets, etc.)?`

    • Reply February 18, 2017 / 02:46 Hristo PandjarovSiteGround Team

      We're about to lunch a solution that will force all the traffic through https without any regards to the application you're using. The best way is always to have your site manually configured and working only via https though since everything adds minimal but still existing overhead in the loading process.

  59. Reply February 17, 2017 / 11:10 MamdouhSiteGround Team

    Does switching my sites to https affect my Google indexing or ranking in any way?
    And do I need to take any steps if I plan to do the switch regarding SEO and Google ranking?

    Many thanks,
    Mamdouh

    • Reply February 18, 2017 / 02:45 Hristo PandjarovSiteGround Team

      Going HTTPS should improve your Google rankings since it's one of the best practice recommendations by Google. However, make sure you update your site URL in your Google Analytics property to get the correct data.

      • February 19, 2017 / 06:10 MamdouhSiteGround Team

        Thank you for your follow-up.
        I did that and things seems to be working nicely now with the HTTPS, except for one thing which is the Social counters have all been reset to Zero.

        Is that supposed to happen or is there a way to fix that and be able to regain my previous social sharing stats?

        Many thanks.

      • February 20, 2017 / 01:17 Hristo PandjarovSiteGround Team

        Please, check the configuration of all social plugins you have and update them to go through https, that should do the trick.

  60. Reply February 17, 2017 / 11:34 PeterSiteGround Team

    When I activated SG CachePress, it told me my "site is not cached! Make sure the Dynamic Cache is enabled in the SuperCacher tool in cPanel."

    The problem is, I have a Startup plan and I can't therefore enable that option.

    I then left unchecked the Dynamic Cache, AutoFDlush, and Memcached option in SG CachePress, and reactivated my caching plugin (WP Fastest Cache).

    In any case, my site's loading time went from 2.5 secs to 5 and more. What can I do? Shouldn't you have told beforehand that your SG CachePress requires the activation of an option I can activate only upgrading my present plan?

    • Reply February 18, 2017 / 02:44 Hristo PandjarovSiteGround Team

      The Dynamic Caching option is available on the GrowBig and above accounts. If you don't want to ugprade to a higher plan, you can try using caching plugins like WP Super Cache for example.

  61. Reply February 17, 2017 / 11:36 David SalahiSiteGround Team

    Thanks for this! It couldn't be easier!

  62. Reply February 17, 2017 / 12:04 Tom NeveselySiteGround Team

    Hello,
    I followed the information above to enable HTTPS and now I can't access my website at all. Instead, I get a "The page isn’t redirecting properly" error message. What can I do now?
    My site is http://www.tnphoto.ca

  63. Reply February 17, 2017 / 12:54 Tom NeveselySiteGround Team

    Ok, I got it fixed the same way Vojkan mentioned above.

    • Reply February 18, 2017 / 02:37 Hristo PandjarovSiteGround Team

      Glad it worked for you 🙂

  64. Reply February 17, 2017 / 16:46 John AndersonSiteGround Team

    I had Siteground help me with making two of my sites https. I can navigate to both sites with that in the url and the siteground rep said I"m good. However if I use the plugin SG Optimizer it shows the following Warning: You don’t have a certificate issued for https://consultantbookkeeper.com. Please, install an SSL certificate before you force a HTTPS connection. And "Force HTTPS" is grayed out. Should I be worried or am I good?

    • Reply February 18, 2017 / 06:41 Hristo PandjarovSiteGround Team

      There's something preventing our checks from detecting your certificate, please post a ticket in your Help Desk and my colleagues will help you out!

  65. Reply February 17, 2017 / 16:50 DarrenSiteGround Team

    Worked flawlessly EXCEPT Chrome threw up a non secure resources warning. I had to purge SG cache to get new ssl image links to update and archive full ssl padlock.

    • Reply February 18, 2017 / 02:41 Hristo PandjarovSiteGround Team

      Yes, all caching you have in place must be cleared when making such change although we're clearing the SiteGround cache, some browsers, incuding Chrome will keep their own for few requests to the same site.

  66. Reply February 17, 2017 / 17:37 JodiSiteGround Team

    I'm using the most updated version of the plugin (3.0.5) but getting the message:"Warning: You don’t have a certificate issued for https://www.flemingagencyonline.com. Please, install an SSL certificate before you force a HTTPS connection."

    I disabled my security plugin (iThemes) but that didn't help. Before doing that, I also noticed that they have what appears to be a similar functionality. If I try theirs instead, it says "WARNING: Your server does appear to support SSL. Using these features without SSL support on your server or host will cause some or all of your site to become unavailable."

    Am I missing a step?

    • Reply February 20, 2017 / 01:33 Hristo PandjarovSiteGround Team

      Please, post a ticket in your Help Desk and my colleagues from the support team will help you out in no time 🙂

  67. Reply February 17, 2017 / 19:02 Anne KatzeffSiteGround Team

    Hi,
    I have a few questions.

    (1) I've followed the thread and see that it was recommended we delay switching to HTTPS if we're using the free Cloudflare. When will we know that it's ok to make the switch?

    (2) What about sites that don't use Cloudflare: can we switch those now to HTTPS?

    (3) How iIs the certificate installed?

    thank you

    • Reply February 20, 2017 / 00:50 Hristo PandjarovSiteGround Team

      Hello,

      We were in a process of patching our CloudFlare integration. It's now updated and you can safely enable HTTPS on your site and the on the CloudFlare panel without having to upgrade to plus. As to your other question, we install automatically free Let's Encrypt certificates to all our customers. Check out the Let's Encrypt tool in cPanel to see the certificates we've installed.

  68. Reply February 17, 2017 / 19:16 Anne KatzeffSiteGround Team

    Hi,
    A couple more questions 🙂 !
    (1) It looks like a certificate is already installed on my main domain (which uses Cloudflare), but I didn't install it. Did SG install it? How do I know if this is the Let's Encrypt certificate?

    (2) My subdomain does not use Cloudflare. It looks like a certificate has not been installed yet for that, so should I go ahead and install it?

    Sorry, there are many technical details involved and I want to be sure I do everything correctly!

    • Reply February 20, 2017 / 00:51 Hristo PandjarovSiteGround Team

      We install Let's Encrypt certificates automatically for both the www and non-www version of your domains. If I were you, I would first configure the site through HTTPS, make sure it works fine and after I am sure it's all good, enable CloudFlare, switching the SSL options to Full strict.

  69. Reply February 17, 2017 / 21:23 rogerSiteGround Team

    I am a techie Virgin and understand about 50% of the comments, I was http then changed to http so the ssl certificate's I bought from go daddy when they hosted my sires would show the green padlock, I then ran into redirect and speed loading problems, I switched hosting to site ground which helped the loading speed, but still had 404 problems and could not get indexed on se even though the sites have been up for six months,

    • Reply February 18, 2017 / 02:34 Hristo PandjarovSiteGround Team

      If you give me your domain name I can take a look at the site and make sure it's configured properly 🙂

  70. Reply February 17, 2017 / 21:29 VikramSiteGround Team

    Hi Siteground and Hristo!

    Great!

    It just takes few seconds to get a normal website http: into https: I have done for https://ayurvedamentor.net

    Thanks..

  71. Reply February 18, 2017 / 02:06 RichardSiteGround Team

    I installed the SG plugin and forced HTTPS and my site immediately shows https:// but I want to make sure I do not disadvantage myself for search rankings etc.

    I'm not sure how to find out all the 3rd party services I need to check.
    I have added 2 new properties - https (with and without www.) to Google Search Console and updated sitemaps and requested indexing in Fetch as Google.
    Google analytics only seems to show my domain without http or do I have to dig deeper?
    I will be checking bing and yahoo similarly.
    My site is only a dozen static pages for a small business. Is there a list somewhere of the other likely 3rd parties I may need to check and all the details I need to update? I can't recall who else I may have incorporated when i first set up my site several years ago.

    • Reply February 18, 2017 / 02:30 Hristo PandjarovSiteGround Team

      Just fix your Google Analytics profiles, they are the most important in the process. Other services *may* rely on a full URL configuration but if you can't recall any such, this means you're most probably not using them 🙂 Check out this article for more info on how to configure Google Analytics to work through https: https://www.siteground.com/kb/configure-google-analytics-profile-load-site-via-https/

  72. Reply February 18, 2017 / 07:51 Dan F. RinaldiSiteGround Team

    Just installed at https://dfrweb.com everything seems ok. So good, thanks.

  73. Reply February 18, 2017 / 13:15 EveSiteGround Team

    Does the Force HTTPS change external links?

    • Reply February 20, 2017 / 01:02 Hristo PandjarovSiteGround Team

      It doesn't change links but all the resources the site uses. If you're using external ones, they will be rewritten too.

  74. Reply February 18, 2017 / 17:04 AdrianSiteGround Team

    Hi.
    1.I "lost" all my social shares,like on all sociale media, I know that likes and shares are bound to a link, but how can I get them back or how I can make the social platforms know that it's the same site.
    2.If I use facebook ads and adwords I have to make the changes there also?
    3.In analytics and Google search console I have to keep both sites http and https? If I dellete the http site I'll loose all my data I think,no?
    4.Can you point me to a list or something with a checklist with thins to change(like analytics,etc)after the https migration?

    http://www.clarvazatoareamarinescu.com

    Thank you.

    • Reply February 20, 2017 / 02:01 Hristo PandjarovSiteGround Team

      No information should be lost in the process. Please, check your social networking plugins and update their settings. As to your other questions, only in Google Analytics you should update your property setting to work via https. In Google Search Console, you have to re-create the property anew since they don't support updates yet. We're working on a checklist and will publish it soon!

      • February 20, 2017 / 06:56 AgataSiteGround Team

        Hi,

        I have the same problem! I've lost all my old shares ( from 2016's posts; plugin is updated). They are still visible when I check my website with http. After I passed to https the new shares works well (but are invisible with http). What should I do to see old and new ones with https ?
        Cheers

      • February 21, 2017 / 01:23 Hristo PandjarovSiteGround Team

        That behaviour is caused by the way they count likes. Please, check out this article, it should give you some ideas how to fix it: https://www.mightyminnow.com/2014/05/how-to-make-social-media-shares-counts-and-comments-work-across-http-and-https/

  75. Reply February 18, 2017 / 17:20 RichardSiteGround Team

    Thanks Hristo I'done that now. Should I delete the http properties from 'search console' once I've added the https versions?

    • Reply February 20, 2017 / 01:04 Hristo PandjarovSiteGround Team

      Edit the property in Analytics and add a new one in Search Console since they don't support protocol update yet.

  76. Reply February 18, 2017 / 17:31 RichardSiteGround Team

    Also do I need to edit backlinks from directory sites etc to reflect the https?

    • Reply February 20, 2017 / 01:05 Hristo PandjarovSiteGround Team

      It is generally a good idea to do that but the 301 redirect should take care of any links that still point to the http version of the site.

  77. Reply February 18, 2017 / 19:54 KimSiteGround Team

    If I use the sg optimize plugin to force https does this mean I am indebted to sg optimize? Or can I disable it after potential https "rewrite?" I can't use sg optimize for our website caching because I need a cache that Specializes in caching for logged in users and buddypress.

    • Reply February 20, 2017 / 01:17 Hristo PandjarovSiteGround Team

      In case you're not using the Optimizer plugin for the caching parts, you can safely use a different plugin to fix your insecure items errors if any and do a manual redirect in the .htaccess file. We've built it for convenience so it's easy for everyone to use their site through https but you can always do it manually!

      • February 20, 2017 / 11:10 kimSiteGround Team

        Thank you, but what i am still trying to understand is...

        Does the plugin do a permanent redirect and rewrite or is it required that the plugin stay enabled and active for these settings to continue to work? In other words if I use this optimizer plugin now and configure https...then in a month I want to deactivate SG optimizer and use a new caching plugin, will I lose the https settings?

      • February 21, 2017 / 01:14 Hristo PandjarovSiteGround Team

        The plugin does a permanent 301 redirect via lines in the .htaccess file. If you deactivate the plugin, it will not do anything. If you switch off the Force HTTPS button, it will remove its own lines from the .htaccess and reconfigure WordPress back to http.

  78. Reply February 19, 2017 / 10:35 SaraSiteGround Team

    Hi, I have wordpress and didn't understand. Can I force this switch to https without a plugin, that means from my cpanel? And from where precisely?
    Thank you!

    • Reply February 20, 2017 / 00:57 Hristo PandjarovSiteGround Team

      You don't need to do anything in your cPanel, just enable the HTTPS switch, login again and you should see the green padlock on your site address when you visit it.

  79. Reply February 19, 2017 / 12:14 Anne KatzeffSiteGround Team

    Hi there,
    It looks like my questions were overlooked. Could you please check out my comments above (on Feb. 17) and provide some guidance?

    thanks very much,
    Anne

    • Reply February 20, 2017 / 00:52 Hristo PandjarovSiteGround Team

      Sorry for the late reply, I've answered your comments, it just took a bit more time to answer all the comments that I anticipated 🙂

      • February 20, 2017 / 18:56 Anne KatzeffSiteGround Team

        Great, Hristo, I see your replies, thank you!
        I've begun the process for my client sites... 🙂

  80. Reply February 19, 2017 / 15:27 DELLA TEMPLESiteGround Team

    Thank you! I'm not a programmer. I'm just a non-profit volunteer acting as webmaster for my non-profit. This was super simple and so easy! Made me feel good to be able to do this in 5 minutes and take the step up to https. Cheers!

    • Reply February 20, 2017 / 00:52 Hristo PandjarovSiteGround Team

      Glad it worked flawlessly for you!

  81. Reply February 19, 2017 / 17:31 Tahlia NewlandSiteGround Team

    I'm confused. Why do I have to do this? It also seems that there could be issues like having to change other things eg my http URL to https? Does this mean that all my business cards and my links would be obsolete? I also have the cloud flare free thingy so I'm supposed to wait and then do something else?????? I don't have time to stuff about with my websites. Can I leave them as they are? Would that be a big problem? How is changing this going to help my website?

    • Reply February 20, 2017 / 01:25 Hristo PandjarovSiteGround Team

      The plugin adds a redirect so your links on your cards will be fine. As to CloudFlare, the patch is already applied so you can configure your site to go https right away. Generally, configuring an SSL certificate with your site should help you rank better, there can be a slight performance boost depending on the site and it will make it more secure to your visitors.

      • February 20, 2017 / 16:22 Tahlia NewlandSiteGround Team

        Okay. Thanks. So I just load and activate the plug in, is that all?

      • February 21, 2017 / 01:10 Hristo PandjarovSiteGround Team

        Activate the plugin, test your site and then set the SSL option in CloudFlare to Full Strict.

  82. Reply February 20, 2017 / 11:48 Susan WalkerSiteGround Team

    I have just been speaking to one of your collegues here in Spain and what you don't mention here, I think, is that on the Start Up version of hosting, the SG Optimizer is not available. Nor is SSL on the Cpanel free version of Cloudflare. This might not be a problem at all for many of you guys but for me it would have been good to see this mentioned in the blog posts. Otherwise, I really can't fault your articles (except that I don't understand the really technical stuff!!) or your client support which is excellent.
    Many thanks for these tools you are all working on.

    • Reply February 21, 2017 / 01:12 Hristo PandjarovSiteGround Team

      There must be some sort of a misunderstanding because we have the free SSL Let's Encrypt tool enabled on all plans including StartUp. It's the same for CloudFlare. The only thing that you don't have access on StartUp is the Dynamic Caching part of the SuperCacher system. However, you can still use the plugin. Please, post a ticket in your Help Desk if you need further assistance or you can't see some of the tools.

  83. Reply February 21, 2017 / 17:40 Shawn PurvianceSiteGround Team

    Well the process has not been real easy for me but we are working through it.

    First went through cpanel to install free Let's Encrypt Certificate for my domain. Would not work. Got an error saying to contact support. Support was right on it and they manually installed the certificate.

    Then downloaded the SG Optimizer Plugin and was going to use the force https switch but it says that there is no certificate issued for our domain.

    I have been waiting for a couple hours to hear back from support on this.

    Reading through these posts, Am i understanding correctly that once i get the above issues resolved i can enable cloudfare with the free Let's encrypt certificate?

    • Reply February 22, 2017 / 00:59 Hristo PandjarovSiteGround Team

      That's strange for most of people the tool works right away, probably some DNS issues failed the check. Anyway, once it's solved and you test and make sure everything is working fine, you can enable CloudFlare and the SSL support on it, it should work without problems 🙂

  84. Reply February 22, 2017 / 15:20 IfySiteGround Team

    I can't find the SG Optimizer in the cpanel section

    • Reply February 23, 2017 / 07:06 Hristo PandjarovSiteGround Team

      It's a plugin in your WordPress app 🙂

  85. Reply February 22, 2017 / 15:22 RuthSiteGround Team

    Thanks for this, very easy to use, click one button in your plugins and it's all done, thank you very much for making it so easy!!!!!!

  86. Reply February 22, 2017 / 16:06 Simplebutcreative MediaSiteGround Team

    All my domains hosted through you guys are already running "Let's Encrypt". Is it better for me to switch my domains with this new cloudflare integration?

    • Reply February 23, 2017 / 07:05 Hristo PandjarovSiteGround Team

      Generally, it's a good practice to use a CDN. If you have enough time to configure and test it out, I would totally recommend doing it.

      • February 23, 2017 / 17:09 Simplebutcreative MediaSiteGround Team

        Actually, I've been using Cloudflare for a long while for all my sites. I stopped using it because I couldn't integrate "let's encrypt" with the free cloudflare plan. More than likely it was possible I just didn't know how. I went for the quicker solution. Do you guys have a tutorial in the dashboard for this?

      • February 24, 2017 / 00:58 Hristo PandjarovSiteGround Team

        Now, the SSL configuration of CloudFlare is easier than ever, you can do it directly from your cPanel. Check out this tutorial for mor einfo https://www.siteground.com/tutorials/cloud_flare_cdn/cloudflare_ssl/

  87. Reply February 23, 2017 / 07:15 chrisSiteGround Team

    HI

    I have a few clients who are afraid to switch to the https url version via this plugin. I handle the design and the basic maintenance of their wordpress website. however, they told me they don't want to switch via your plugin as it would lock them with the siteground hosting.

    what can I tell them to reassure them so they agree to use force https with the sg optmizer plugin? they told me they don't want to keep this plugin forever.

    thanks

    chris

    • Reply February 24, 2017 / 01:00 Hristo PandjarovSiteGround Team

      The easiest way to do it is to copy their site using the Staging Tool if you're on GoGeek or copy the site yourself and show them it works 🙂

  88. Reply February 23, 2017 / 18:50 NancySiteGround Team

    Hello! Today I added the plugin (the most updated version) and made my two main websites secure with http - things were all fine with one site, but on the other my images aren't showing (except for my header and a sidebar image). I've searched this issue here and on the plugin forum, but not seeing what to to do to fix this. I appreciate your assistance with this and especially appreciate siteground has taken this step to allow all of us to easily secure our sites with http.

    • Reply February 24, 2017 / 00:59 Hristo PandjarovSiteGround Team

      Please, post a ticket in your Help Desk and my colleagues will assist you further.

      • February 24, 2017 / 12:12 NancySiteGround Team

        Thank you, will do!

  89. Reply February 24, 2017 / 06:44 AdrianSiteGround Team

    Anyone found a solution for social count reset? I'm not using plug-in for social,I'm using the classic like button from facebook.

    Thanks

  90. Reply February 24, 2017 / 07:18 GeorgeSiteGround Team

    The SSL certificate provided by your plugin will renew automatically?
    Thanks.

    • Reply February 27, 2017 / 00:58 Hristo PandjarovSiteGround Team

      All free Let's Encrypt certificates that we issue are renewed automatically.

  91. Reply February 24, 2017 / 09:24 Eitan GoldinSiteGround Team

    I've some resources inside my site that are loaded externally and don't support https, for example i'm embedding beach cameras streaming from surfline.com and they support only http. So they are not being shown in my site as before. Is there a way to define in the domain subdirectories to not using https and use http?

    • Reply February 27, 2017 / 01:00 Hristo PandjarovSiteGround Team

      On a HTTPS sites all resources loaded must be loaded through a valid HTTPS connection. There are two options:

      1. The page will show insecure content warning
      2. External resources that don't have an ssl certificate will not be loaded.

  92. Reply February 24, 2017 / 12:13 NancySiteGround Team

    Actually never mind. I just checked my website and unlike all day yesterday when there were no photos showing, now there are. Problem solved!

  93. Reply February 24, 2017 / 14:26 DanielleSiteGround Team

    Do you know of a way to retain the counts for social sharing plugins? I'm sure I'm not the only one who relies on social proof, and I do not want to lose all my social share stats. Is there a plugin that will retain these, or something else?

    • Reply February 28, 2017 / 00:41 Hristo PandjarovSiteGround Team

      I would recommend to get in touch with the plugin developers to get additional assistance on that matter, I am sure they've already been asked that question multiple times. There are several approaches but it really depends on the particular implementation.

  94. Reply March 4, 2017 / 14:41 DanieleSiteGround Team

    What about enabling HSTS (Strict Transport Security)?

    • Reply March 6, 2017 / 06:33 Hristo PandjarovSiteGround Team

      At this point, using HSTS is outside the scope of functionality of the plugin. You need to manually send the headers to enable it.

  95. Reply March 10, 2017 / 03:56 NeilSiteGround Team

    Hi there, I can't see it in any of the Posts, so could you just clarify please....

    You say you have
    "started to issue automatically Let's Encrypt certificates for all domains hosted on our servers."

    and then say
    "All new WordPress installations completed on our servers via Softaculous or via our setup Wizard now use the automatically installed Let’s Encrypt SSL and run through HTTPS by default."

    Does this mean it only works by default for domains registered through Siteground - or for all WordPress site installs, regardless of whether the domain is registered through Siteground or another domain host?

    • Reply March 10, 2017 / 05:19 Hristo PandjarovSiteGround Team

      No, you can issue a certificate for every domain pointed correctly to your SiteGround account.

  96. Reply March 12, 2017 / 07:28 ChrisSiteGround Team

    Thanks for the update.

    I tried the old Supercacher plugin a few months back and I have to say I wasn't impressed with the speed results. I had problems running W3TC and the SG plugin simultaneously as they conflict each other, and W3TC alone was speeding up my site far better than the SG plugin. I conducted various speed tests with all the major testers.

    Will the new SG Optimizer work with W3TC? I wouldn't want to make the switch to HTTPS if it would mean pages loading slower.

    • Reply March 13, 2017 / 01:23 Hristo PandjarovSiteGround Team

      The SuperCacher is part of the SG Optimizer functionality. You need to enable the Dynamic caching from cPanel and then from the plugin to make it work. It is drarmatically faster than the W3TC caching system. Probably, you've misconfigured something. I would disable all caching services from W3TC and use the SuperCacher. If you use it for things like minification, etc. you can keep using them but for the caching part, definitelly switch to our system. As to HTTPS, it will enable HTTP2 on your site, so you may even get some performance boost out of it.

  97. Reply March 17, 2017 / 06:39 NishantSiteGround Team

    I contacted the Siteground Support team since all of this was little overwhelming to me. Your support team is amazing. He handled the migration of my WordPress site to SSL as we chatted. Now, I see that all my existing pages and posts all automatically redirect to https. However, I do notice one issue. When I am not loading my homepage but trying to access any specific wordpress post or page, the chrome browser shows a notice that 'the page is trying to load scripts from unauthenticated sources'. how do I handle this issue? The moment I allow the page to load the scripts, the https gets striked out and unsecured gets added next to it.

    • Reply March 20, 2017 / 02:46 Hristo PandjarovSiteGround Team

      Make sure you have the Force HTTPS toggle switched on in the HTTPS Config tab in the SG Optimizer plugin. That should rewrite all sources to be loaded through https. Note, however, that if a resource in your site cannot be loaded through https it will not be loaded if HTTPS is loaded.

  98. Reply March 20, 2017 / 08:58 Kristof DevosSiteGround Team

    Hi, is setting that switch to on the only thing you need to do (next to installing an ssl certificate)? Is there no effect on SEO, should other measures be taken?

    • Reply March 20, 2017 / 09:27 Hristo PandjarovSiteGround Team

      It should have positive effect on your SEO. The only thing to change should be updating your Analytics profile to HTTPS.

  99. Reply March 24, 2017 / 02:07 FredSiteGround Team

    This tool is really amazing!

    However, it also forces all my hyperlinks to external websites to change to https, e.g. we include a list of external resources available on the Internet, but some of the sites do not enable https yet, and so their sites will be shown as "ERR_CONNECTION_REFUSED"

    It would be great if the option of FORCE HTTPS only applies to internal links, but not external links.

    • Reply March 24, 2017 / 08:02 Angelina MichevaSiteGround Team

      Hi Fred,
      Please note that functionality of SG Optimizer to “force https” is meant to help with securing the entire website. In the scenario that you describe that all internal links are configured with https, but the external ones are not secured (meaning, loading through http) the website will produce Mixed Content. This will result in warnings in the browsers your visitors use to load your website.
      Having the HTTPS checks set up only for internal links will not help you optimize the website and completely secure it. That is why, we would recommend checking with the companies maintaining the external resources listed on your website and work with them on a solution. For example, they might be able to offer an alternative - secured URL which you can then use. To achieve full security and guarantee safe browsing to your visitors it is best to use https for all links.

  100. Reply April 17, 2017 / 04:47 NJSiteGround Team

    This is a fantastic tool. Blows my mind how easy (and free) you have made this.

  101. Reply April 20, 2017 / 11:07 PieterSiteGround Team

    Any news on Let's Encrypt certificates for domains with special characters?

    • Reply April 20, 2017 / 23:42 Hristo PandjarovSiteGround Team

      Not yet. If Let's Encrypt start supporting them, they will work with all our tools but so far you can issue a certificate only for A-label form of IDNs.

  102. Reply April 21, 2017 / 15:36 MarcSiteGround Team

    I'm late to the party but have been following this change for quite some time. Today I went into one of my WP blogs and used the "force HTTPS." Worked flawlessly! cPanel already had my CloudFlare settings to Strict and I never even went to CloudFlare to do anything. From all my tests, my domain is going straight to HTTPS no matter what I type and the certificate is valid on any site that has some checker. This is awesome!

    • Reply April 23, 2017 / 23:50 Hristo PandjarovSiteGround Team

      Glad it all worked without any issues 🙂

Reply

* (Required)