Today I made all my sites ‘Https Everywhere’, that is, every URL on these sites enforce the HTTPS (SSL) protocol. Non-secure HTTP requests get redirected to HTTPS. Here’s some notes on that journey.
A big thanks to the folks @ Let’s Encrypt for providing the necessary certificates and support, all for free. I also owe a big thanks to my hosting provider DreamHost for making the entire process hassle free.
I had to make small changes to my wordpress installations in order to get the browsers display green Secure text in the address bar (mixed content was the culprit). In my case the mixed content was primarily because of the form url and the http references to images.

By Default all the built in search forms on wordpress have the form tag like this:

<form role="search" method="get" class="search-form" action="<?php echo esc_url( home_url( '/') ); ?>">

you need to add one more parameter to the home_url method i.e ‘relative’, this automatically changes the form submission to whatever protocol the site is served on.

<form role="search" method="get" class="search-form" action="<?php echo esc_url( home_url( '/','relative' ) ); ?>">

I have been blogging for sometime now and many of my blog posts have reference to images that are on http. I had to run a sql update command on my database to make all those url’s to protocol relative url

would now look like


The following needs to be added to the .htaccess file, this will automatically serve the requests on https even though the request is made on unsecure protocol.

# for https start
RewriteEngine On
# If we receive a forwarded http request from a proxy...
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
# ...or just a plain old http request directly from the client
RewriteCond %{HTTP:X-Forwarded-Proto} =""
RewriteCond %{HTTPS} !=on
# Redirect to https version
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# for https end
“Distrust and caution are the parents of security.”
-Benjamin Franklin