I got a notice recently saying that the SSL certificate for this site would be renewing soon. That reminded me that it was about a year ago that I bought the cert and set things up so my login and admin were under SSL. That’s been working fine, and I decided today to switch the whole site to SSL. There’s nothing on this site that’s really important enough to require SSL, but I wanted to do it as an experiment, if for no other reason.
I did this simply by switching the site URL in WordPress from http to https. This doesn’t force everything to SSL, but it does make all the internal site links go through SSL. If I want to force SSL, I think I can do that with .htaccess / mod_rewrite, or with a WordPress plugin. But it’s fine for now.
I’m using a cert purchased from my host, 1&1. Their prices aren’t bad, but I probably should have switched to a free cert from Let’s Encrypt. Maybe next year.