WordPress Tutorial

How to Use HTTPS on WordPress


Do you want to secure your WordPress site and start using HTTPS protocol instead of HTTP? It’s about time to switch to HTTPS if you still have not done that. HTTPS or Hyper Text Transfer Protocol Secure is a secure version of HTTP protocol. Basically, it’s HTTP protocol layered on top of SSL / TSL. Information sent via HTTPS is encrypted making it impossible for others to intercept it. This makes HTTPS protocol ideal for e-commerce websites or sites containing user input forms. It can be beneficial for regular websites as well:

  • Sites using HTTPS tend to rank higher. A few years ago Google announced that HTTPS is a ranking factor.
  • Trust. Your visitors will see a green padlock next to your domain name.

By following this tutorial you will learn a few different methods how to add HTTPS on WordPress.

IMPORTANT! You must already have SSL / TSL certificate installed in order to use the HTTPS protocol. You can verify that SSL is working properly by visiting https://yourdomain.com. Some hosting providers offer free SSL from Let’s Encrypt. You can find a step by step guide how to install Let’s Encrypt SSL here.

What you’ll need

Before you begin this guide you’ll need the following:

Option 1 – Using WordPress Plugin to Enable HTTPS

If your WordPress site has a lot of content – posts, pages and media files it’s better to use HTTPS redirection plugin. It’s easier than manually editing .htaccess file. There are numerous different plugins created just for this purpose. One of them is Really Simple SSL. It’s the right choice if you want to enable HTTPS but do not want to mess with different settings. The steps below show how to install the plugin and enable HTTPS redirection:

  1. Access WordPress Dashboard and install Really Simple SSL plugin. You can find a great guide how to install WordPress plugins here.
    WordPress Really Simple SSL
  2. Access Plugin’s settings page.
    WordPress Really Simple SSL Settings
  3. At the top of the page you will see a message indicating that redirection to HTTPS is not yet enabled. Press Go ahead, activate SSL! button.
    WordPress Really Simple SSL Button
  4. Once the page refreshes you will see a success message indicating that SSL has been successfully activated.
    Wordpress Really Simple SSL Activated
  5. Make sure everything is working properly by visiting some posts and pages.

Congratulations, you successfully enabled HTTPS redirect on your WordPress blog. If everything has been done correctly, you should see a green padlock next to your domain name.
WordPress HTTPS Padlock

Option 2 – Manually Enabling SSL on WordPress

It’s recommended to use this method on a fresh WordPress installation only as manually enabling HTTPS on the already established website can break its link structure. Be aware that some knowledge how to use an FTP client or File Manager is required as you will have to edit .htaccess file. First of all, make sure HTTPS is working correctly by visiting https://yourdomain.com (change yourdomain.com to actual domain name). If website loads without issues, follow steps below:

  1. Access WordPress Administrator dashboard and navigate to General page with is located under Settings section.
    WordPress Adding SSL General
  2. Change http://yourdomain.com to https://yourdomain.com in WordPress Address (URL) and Site Address (URL) fields. Remember that you need to use your real domain name instead of yourdomain.com.
    WordPress Adding SSL URLs Change
  3. Press Save Changes button.
    WordPress Save Changes Button
  4. You have successfully enabled HTTPS, but the site is still reachable via HTTP. In order to fix this, you will have to create a redirect from HTTP to HTTPS in your .htaccess. We will use File Manager to edit .htaccess, but the same can be achieved using an FTP client. Access your hosting control panel and click on File Manager icon. It can be different depending on your hosting provider.
    cPanel File Manager
  5. Navigate to the WordPress installation folder, in this case WordPress is installed on public_html folder and open .htaccess file with an editor.
    File Manager Edit .htaccess
  6. As you can see .htaccess already contains some rules. They are required for WordPress to work properly. Paste the following redirect rule bellow # END WordPress line and save changes:
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

IMPORTANT! You need to replace www.yourdomain.com with your real domain name.

WordPress htaccess file with https redirect

That’s all you need in order to create a redirect and use HTTPS on WordPress. If you followed steps thoroughly redirect from HTTP to HTTPS should work just fine. However, if you get any errors, simply delete the redirect rule from .htaccess file and contact your hosting support staff for assistance.
WordPress HTTPS Padlock


HTTPS protocol is more secure than HTTP. Besides this, websites using HTTPS are treated better by Google search algorithm and look more trustworthy for visitors. This tutorial showed you 2 different ways how to enable HTTPS on WordPress blog. You can now take advantages of HTTPS and enable it for new and established WordPress blogs.


Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More in WordPress Tutorial
How to Migrate WordPress