Adding a SSL Certificate

This is the first time I am moving any website to SSL.

I am working on a pretty heavy website. It is using CloudFlare and W3TC to maintain the page load speed.

Now I came to know having an SSL certificate is good and google recommends it. And also CloudFlare already has an SSL certificate installed on all its websites. After a research, I came to know that all I had to do is run my website on HTTPS.

I followed the following 3 steps to do so:

  1. Changed site URL to https://sitename.com in WP general settings.
  2. Added the following code in HTACCESS file to redirect all HTTP URLs to HTTPS.

RewriteEngine On
RewriteCond %{HTTPS} !on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  1. Add the following line in wp-config.php
    define(‘FORCE_SSL_ADMIN’, true);

After all this, I am facing 2 different problems.

  1. I am getting an error message in my browser that the page is redirection too many times. I suppose this may be due to the already existing redirect code in the HTACCESS file but I can’t tell for sure.

  2. The “Secure” icon, that appears in the address bar whenever the site loads in HTTPS is appearing only for my backend (https://sitename.com/wp-login.php) & not for any frontend page.

I tried to do some changes but any of them didn’t work. Also, I didn’t feel safe to do all this work on live site so I built an exact replica on my local. But the thing is, all these steps are working just fine on my XAMPP.

I am really out of ideas on this one. Any help will be appreciated.

Thanks in advance.

Solutions Collecting From Web of "Adding a SSL Certificate"

As I’m running my WordPress on Nginx, so I can’t help on the .htaccess one. But I can comment on the padlock issues. There are a few things need to be done at WordPress:

  1. Login into WordPress Admin Dashboard, and go to WordPress
    Settings and change the WordPress Address (URL) and the Site Address
    (URL) from HTTP to HTTPS, and flush the cache if necessary. This
    should fix most of the no padlock issue.
  2. Check your html head
    section to see if you have any hardcoded links, scripts or
    css(potentially from some plugins, e.g. like
    http://fonts.googleapis.com/css?family=Lato:100,400,700
  3. The images links that uploaded before implementation may have the http:,
    i found it is easier to use an online service such as
    whynopadlock to scan the site. and then go to your posts and
    open the post that has mixed http/https and fix it (likely images
    links that uploaded before the ssl implementation).