How To Force HTTPS On Your WordPress Site?

Every click, every visitor matters. Yet, a ‘Not secure’ warning can erode trust swiftly. With Google Chrome and other major browsers waving red flags over missing SSL certificates, it’s time to take action. This guide will illuminate how to embed HTTPS into your WordPress site, securing visitor data and bolstering your online reputation.

Understanding the Importance of HTTPS

Before diving into the methods to force HTTPS on your WordPress site, it’s essential to grasp why this is important. When a website uses HTTP, it lacks encryption, making it vulnerable to data breaches and cyberattacks. In contrast, HTTPS encrypts the data transmitted between a user’s browser and the website, safeguarding sensitive information like passwords and payment details.

Furthermore, popular web browsers like Google Chrome have marked HTTP sites as “Not secure” since January 2017. This labeling aims to protect users while promoting secure browsing. As a website owner, you should prioritize the security and trustworthiness of your site by adopting HTTPS.

Installing an SSL Certificate

The first step in forcing HTTPS on your WordPress site is to install an SSL certificate. Most WordPress hosting providers include an SSL certificate in their hosting plans, so contacting your host to establish it is often straightforward. However, if your hosting plan doesn’t offer this feature, you can obtain a free SSL certificate from a certificate authority like Let’s Encrypt.

Once your SSL certificate is in place, it’s time to configure your WordPress site to use HTTPS. There are two primary methods to achieve this:

Option 1: WordPress Plugin Force HTTPS

For beginners with limited coding experience, a WordPress plugin is a user-friendly way to force your site to load securely over HTTPS. Several plugins are designed for this purpose, with “Really Simple SSL” being a highly-rated and widely-used option. Here’s how to use it:

1. Log into your WordPress dashboard and navigate to “Plugins” > “Add New.”
2. Search for the “Really Simple SSL” plugin and install it.
3. Activate the plugin by clicking the “Install Now” and “Activate” buttons.
4. Click the “Go ahead, activate SSL!” button in the plugin settings.

This process will activate SSL on your site. While this method is quick and straightforward, it’s a temporary solution as it doesn’t update the URLs with HTTP in your WordPress database.

Option 2: Force HTTPS Using .htaccess on WordPress

You can force HTTPS by editing your .htaccess file for a more permanent and effective solution. Although this method is more complex and may require some technical expertise, it offers lasting results. Follow these steps:

Step 1: Update General Settings

1. Log into your WordPress dashboard and navigate to “Settings” > “General.”
2. In the “WordPress Address (URL)” and “Site Address (URL)” fields, replace “HTTP” with “HTTPS.”
3. Click the “Save Changes” button at the bottom of the page. You’ll be automatically logged out and need to log back in.

Read: HTTP Vs. HTTPS: Why Having An SSL Is Important

Step 2: Set Up 301 Redirects in .htaccess

Next, you’ll set up 301 redirects to ensure all HTTP requests are automatically redirected to HTTPS. This prevents the “WordPress HTTP not working” error. Follow these steps:

1. Access your hosting account’s control panel.
2. Open the File Manager and navigate to the “public_html” folder, then the “wordpress” folder.
3. Find the .htaccess file and right-click to edit it.
4. Add the following code before the line that reads “# BEGIN WordPress”:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

Header always set Content-Security-Policy “upgrade-insecure-requests;”

Step 3: Resolve the “Mixed Content” Error

By completing the previous steps, your website will be set up to use HTTPS. However, you must address the “mixed content” error when specific files (e.g., images, scripts) still load over HTTP. Here’s how to resolve it:

1. Install and activate the “Better Search Replace” plugin.
2. Navigate to “Tools” > “Better Search Replace.”
3. In the “Search” field, enter your domain name with HTTP.
4. In the “Replace” field, enter your domain name with HTTPS.
5. Select all your database tables and uncheck the “Run as dry run?” option.
6. Click the “Run Search/Replace” button to initiate the process.

Learn: How To Transfer A Domain?

The plugin will search your WordPress database for HTTP URLs and replace them with HTTPS URLs. The duration of this process depends on your database size.

If you encounter mixed content errors even after completing these steps, the issue may be related to your WordPress theme or plugins. Use your browser’s Inspect Tool to identify and manually replace HTTP URLs within your theme files or contact plugin authors for resolution.

Read: How To Improve Your Website’s Domain Authority?

Add Your HTTPS Website to Google Search Console

Add your domain with HTTPS as a new property in Google Search Console to complete the process of forcing HTTPS on your WordPress site. This step, combined with the 301 redirects set up earlier, ensures that Google transfers your search rankings to the HTTPS version of your site. Follow these steps:

1. Log into your Google Search Console account.
2. Click the “Add a Property” button at the bottom of the menu.
3. Select “Website” from the dropdown menu and enter your domain name with HTTPS.
4. Choose your preferred verification method (e.g., domain name provider or Google Analytics) and follow the instructions.

Once your site is verified, you can access reports for your site’s HTTP and HTTPS versions in your Google Search Console account.

Know: Fastest WordPress Hosting Companies In 2023

Enhancing Online Security and User Trust

As search engines and online consumers increasingly favor HTTPS sites, installing an SSL certificate on your WordPress site is essential. Following either of the methods outlined above to redirect visitors from HTTP to HTTPS enhances your website’s security and contributes to a safer internet for all users. Secure your site, gain user trust, and join the growing encrypted website community.