To home page

Switching to HTTPS in WordPress

Description of translating the site to HTTPS in CMS WordPress

To force HTTPS in the WordPress admin panel, add the following line to your wp-config.php file located in the root directory of your WordPress installation:

define('FORCE\_SSL\_ADMIN', true);

Note

You can test if it’s working by visiting https://mysite.com/wp-admin/, where mysite is your domain.

Migrating the Frontend to HTTPS

Switching the entire site to HTTPS at once can be tricky, so it’s better to do it gradually, starting with individual pages. To simplify the process, you can use the plugin Easy HTTPS Redirection (SSL). The plugin allows you to:

  • Force login to the admin panel over HTTPS
  • Enable HTTPS for specific pages or posts
  • Apply rules using regular expressions to URLs
  • Remove all non-secure content from pages
  • Convert outgoing links from HTTP to HTTPS

file

Fixing Mixed Content Issues

To find mixed content errors, open your browser’s debug mode (right-click → InspectConsole tab).

file file

Errors labeled as Mixed Content will appear:

file

Fix each issue individually.

Updating Database Links to HTTPS

Access your site database via PhpMyAdmin. Select your database and go to the Search section to find all entries using https://.

file file

Use the Find and Replace feature in the table.

file

file

Confirm replacements by clicking Replace.

file

Repeat this process for every table and column containing https://. You can use normal search to check for any remaining entries.

Note

Before making changes, create a database backup. Useful guides:

Editing Site Files

Download your site to your local computer via FTP.

Note

FTP connection guides:

Use a code editor with a “search in files” feature, like Notepad++.

Start from the folder wp-content/themes and use Search → Find in Files.

file file

Replace all http:// links with https:// only within the theme folder. After editing, upload the files back to the server.

Enforcing HTTPS Sitewide

Add the following code to your .htaccess file in the root of your WordPress installation to redirect all traffic to HTTPS:


# Force HTTPS

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.\*) https\://%{HTTP\_HOST}%{REQUEST\_URI} \[R=301,L]

Once this is in place, you can disable the plugin and remove the line from wp-config.php.

Also, make sure to update the WordPress General Settings URLs to use https:// so all links are correctly generated:

file

Need help?Our engineers will help you free of charge with any question in minutesContact us