[et_pb_breadcrumbs _builder_version="3.10"][et_pb_breadcrumb title="Home" link="/" /][et_pb_breadcrumb title="Learn" link="//optimusdivi.com/learn/" /][/et_pb_breadcrumbs]

How to apply SSL with Divi

SSL makes your site more secure for users

A security certificate (SSL) means that your site uses the https protocol instead of plain old http. A site with a working SSL installed shows that green padlock in the browser bar, and is great for user confidence. Not just for appearances, it means that any data transferred from a device to a website and back is encrypted. This means that contact forms cannot be intercepted in plain text, which is a great security benefit. E-commerce definitely needs SSL. And if you have WordPress, even if you don't have a contact form or a payment gateway, when you login to wp-admin with your site administrator password - smart hackers can see that password, unless you are using SSL!

I highly recommend SSL, especially now that it is so much easier than it used to be.

First you need SSL applied to your domain name

This used to be difficult, and expensive. You still can purchase SSL certificates, ranging in price from $80 - $500 or more per year. Your website host is usually the easiest provider to purchase from. Though your domain provider will also likely sell them.

Some WordPress hosts now have it built in, like Site Ground. I haven't used them but they do advertise that Lets Encrypt SSL is included.

Lets Encrypt is an open source SSL certificate generator that has changed the game for SSL. Previously it was expensive and misunderstood, now it is easy and free.

I use WHM with cPanel for hosting, and have installed a plugin on WHM that makes it easily available within each cPanel instance. https://letsencrypt-for-cpanel.com/ If you don't run your own server then it is more and more likely that you will have Lets Encrypt anyway, because it is growing in prominence.

I can activate SSL for the domain in question via "Lets Encrypt". Then I am ready to configure it in WordPress.

You can edit .htaccess for SSL, but easier to use a plugin!

Chances are if you know how to manually write it in .htaccess you won't need this tutorial!

The plugin I use and recommend is iThemes Security Pro. (Yep, it is an affiliate link. But it's the only security plugin I use now, the only one I recommend, and I've used it on hundreds and hundreds of websites. SSL is just one side benefit of this plugin.)

Once installed and activated, you can go to Security>Settings. Find the panel that says "SSL". And there you can "Enable". Once enabled, you'll need to configure options. Inside there there is a drop down, from which you will choose "https".

This will immediately log you out, because you were logged in as http and now everything is forced to https. You will need to login again, this time it will be securely. Note: you really must have SSL installed on your server first, or else the plugin will be redirecting to a protocol that does not exist, and it will be difficult to log back in and disable the option!

Checking the site to ensure https is in use everywhere

Okay, so sometimes not all of the http will update to https. If this is the case you will need to go looking for it.

I found that in Divi you need to manually change the site logo and favicon URLs (just add that little "s" after http).

But then once Global Modules and Sections arrived, iThemes does not seem able to dynamically alter those.

So I used to manually find each global module and edit it and add that little s. What a tiresome job!

Now I do a database find and replace! SO. MUCH. EASIER!

For example, I would run a FIND on http://optimusdivi.com

And then run a REPLACE on https://optimusdivi.com

What tool do I use for find and replace? I haven't found a good free one. But iThemes have a tool inside their Backup Buddy suite. Using importbuddy.php, I can upload this to the file manager, then navigate to that address (optimusdivi.com/importbuddy.php) and then select "Database Find and Replace" from the top menu.

Works like an absolute charm!

(Note that Chrome seems to cache like crazy, and so it keeps displaying mixed content for the home page if I had already visited that page. Once you have completed the above then open in a different browser, on a different workstation or on your phone. Then you will see if it has the confidence boosting closed padlock or not.)