Forcing HTTPS on your WordPress website is essential to ensure a secure connection between your visitors’ browsers and your website. This helps protect sensitive data and improves your site’s performance and SEO. To force HTTPS on your WordPress site, follow these steps:
Obtain an SSL Certificate: Before you can force HTTPS, you need an SSL (Secure Sockets Layer) certificate installed on your web server. Many web hosting providers offer free SSL certificates through Let’s Encrypt. If your hosting provider doesn’t offer free SSL, you can purchase one from a Certificate Authority (CA) like GlobalSign, DigiCert, or Sectigo.
Install the SSL Certificate: After obtaining the SSL certificate, install it on your web server. Your hosting provider may handle this process for you or provide instructions on how to do it yourself.
Update WordPress settings: Once your SSL certificate is installed, update your WordPress settings to use HTTPS:a. Log in to your WordPress dashboard. b. Navigate to Settings > General. c. Change the “WordPress Address (URL)” and “Site Address (URL)” from http://
to https://
. d. Save your changes.
Force HTTPS using .htaccess (for Apache servers): If your website is hosted on an Apache server, you can use the .htaccess file to force HTTPS. Add the following code to your .htaccess file, which is usually located in your website’s root directory:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
Force HTTPS using web.config (for IIS servers): If your website is hosted on an IIS server, you can use the web.config file to force HTTPS. Add the following code to your web.config file, which is usually located in your website’s root directory:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Visit your website and check for the padlock icon in the browser address bar, indicating a secure HTTPS connection. You can also use online tools like SSL Labs’ SSL Server Test or Why No Padlock to check for any issues with your SSL implementation.
Note: Always back up your website before making any changes to files like .htaccess or web.config, as incorrect configurations can lead to site errors or downtime.