https://www.nartac.com/Products/IISCrypto/
- Download the software
- Run the site scan (save for the client)
- Run the SSL best practises
- Reboot
- Run the site scan (save for the client)
https://www.nartac.com/Products/IISCrypto/
https://wpbarista.com/force-wordpress-ssl-https/
http://www.wpbeginner.com/wp-tutorials/how-to-fix-error-too-many-redirects-issue-in-wordpress/
https://managewp.com/blog/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings
The links above are pretty good so follow them but I would use the following amendment to the .htaccessfile…
# HTTP to HTTPS redirect
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://alliance-systems.co.uk/$1 [R=301,L,NE]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Make sure you put the rewrite section ABOVE the default WordPress section.
Some LOBs (Line of Business Applications) suck at sending email and still don’t encrypt email with TLS. This can be overcome but routing the email to an SMTP relay inside the network and using that to encrypt the outbound email heading to Office 365 (or other provider).