For e.g. I use a free hoster like bplaced.net for many years now,
there are many hosters who does not provide a ssl certificat,
if you have a kvm or cloud server it’s easy to setup with let’s encrypt and certbot so i do not understand why they don’t, since this year let’s encrypt also provide ssl cert with domain wildcards.
if you don’t have root access and use a free hoster we can use a trick with cloudflare.
Register on Cloudflare
goto Crypto
change settings:
SSL FLEXIBLE
Always Use HTTPS ON
Automatic HTTPS Rewrites ON
add to your „wp-config.php“ or „index.php“ the following code inside php tags:
define(‚FORCE_SSL_ADMIN‘, true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER[‚HTTP_X_FORWARDED_PROTO‘], ‚https‘) !== false)
$_SERVER[‚HTTPS‘]=’on‘;
?>
go to your wordpress admin panel
https:///wp-admin/options-general.php
Change: WordPress-Adresse (URL) and Website-Adresse (URL)
to https:// instead of http://
you can do this in the web interface or inside the database
Test: https://www.jitbit.com/sslcheck/
To avoid errors you need to change links that point to http:// instead to https://
download your database make a copy and use notepad++ to replace all http://<your-domain> to https://<your-domain>
or use the plugin to redirect all http to https https://de.wordpress.org/plugins/https-redirection/
additional plugins can have security issues so the database update method is recomended
