Remember to backup the site first !!!
Sometime we can leverage the features provided by the hosting provider. In that case, there is no need to perform below steps.
Configuration in WordPress
WordPress general setting
This has to be done before other steps because once it was changed, the website won’t be accessed until the other changes done.
.htaccess
Redirect all HTTP requests to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>wp-config.php
To force admin area and login pages to use HTTPS, add below lines into wp-config.php.
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);Configuration in Aliyun
Deploy SSL certificate in Aliyun Virtual Host
Refer to the knowledge base: https://help.aliyun.com/knowledge_detail/90611.html
Deploy SSL certificate in Aliyun CDN
Replace HTTP links to HTTPS
Till now, the website should be able to be accessed. But some links using HTTP in the posts or pages still cannot work. We need replace them by HTTPS. There are many ways including updating the database directly.
Trouble shooting
After enabled HTTPS, we may encounter below errors while performing the heath check
cURL error 35: SSL connect error
By installing WP Control plugin, we can see wp-cron cannot work normally too. The automatic updates and checking won’t be working.
This is caused by lower version of cURL installed in Aliyun virtual host. The version of cURL is not using TLS 1.2 by default. WordPress is using cURL for running wp-cron, hence it failed.
Option 1
We can leverage TLS 1.2 Compatibility Test plugin to force the usage of TLS 1.2.
Option 2
Use another approach to run wp-cron. Put below line inside wp-config.php
define('ALTERNATE_WP_CRON' , true);Option 3
Of course, it is better to request the hosting company to upgrade cURL version.
Images using HTTP URLs cannot be shown
There is leech protection to check the HTTP Referer. When the website switched to HTTPS, the HTTP service is not able to retrieve Referer. The 403 permissin denied will be shown in the console.
Option 1
Migrate the image host to HTTPS
Option 2
Enable empty Referer access or disable leech protection from the image host or .