Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

How to Add SSL and HTTPS in WordPress

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
How to Add SSL and HTTPS in WordPress

Are you looking to move from HTTP to HTTPS and install a SSL certificate on your WordPress site? In this article, we will show you how to add SSL and HTTPS in WordPress.

Don’t worry, if you have no idea what SSL or HTTPS is. We’re going to explain that as well.

What is HTTPS and SSL?

WordPress Security

Every day we share our personal information with different websites whether it’s making a purchase or simply logging in.

In order to protect the data transfer, a secure connection needs to be created.

That’s when SSL and HTTPS come in.

HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.

Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and it’s certificate doesn’t match, then most modern browsers will warn the user from connecting to the site.

Google Chrome showing warning about an unsecure connection

Now you are probably wondering, why would you ever need to move from HTTP to HTTPS and install a SSL certificate?

Why do you need HTTPS and SSL?

If you are running an eCommerce website, then you absolutely need a SSL certificate specially if you are collecting payment information.

Most payment providers like Stripe, PayPal Pro, Authorize.net, etc will require you to have a secure connection using SSL.

Recently, Google also announced that they will be using HTTPS and SSL as a ranking signal in their search results. This means that using HTTPS and SSL will help improve your site’s SEO.

We already use SSL for our eCommerce sites like OptinMonster, Soliloquy, and Envira Gallery. We will also switch all content sites to SSL as well. We just added SSL for Syed Balkhi’s blog (our founder).

A site secured by HTTPs and SSL in WordPress

We’re often asked wouldn’t SSL and HTTPS slow down my WordPress website? In reality, the difference in speed is negligible, so you should not worry about that.

Requirements for using HTTPS/SSL on a WordPress Site

The requirements for using SSL in WordPress is not very high. All you need to do is purchase a SSL certificate.

Some WordPress hosting providers offer free SSL with their plans. Siteground, one of our favorite providers, offer a one year free SSL certificate with their “grow big” plan).

If your hosting provider does not offer a free SSL certificate, then you can ask them if they sell third party SSL Certificates. Most hosting providers like Bluehost sell them around $50-$200.

You can also buy SSL from providers like Godaddy.

Once you have purchased a SSL Certificate, you would need to ask your web hosting provider to install it on your server.

This is a fairly straight forward process.

How to Setup WordPress to Use SSL and HTTPS

If you are starting a new site and/or want to use HTTPS everywhere on your site, then you need to update your site URL.

You can do this by going to Settings » General and updating your WordPress and site URL address fields.

updating-urls

Now if you’re adding SSL to your existing site, then you need to setup WordPress SSL redirect from HTTP to HTTPS.

You can do this by adding the following code in your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
</IfModule>

Don’t forget to replace yoursite.com with your site URL.

If you are on nginx servers (most users are not), you would add the following to redirect from HTTP to HTTPS:

server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}

By following these steps, you will avoid the WordPress HTTPS not working error because all your site URL and content will be on SSL.

If you want to add SSL and HTTPS on your WordPress multi-site admin area or login pages, then you need to configure SSL in wp-config.php file.

Simply add the following code above the “That’s all, stop editing!” line in your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

This wp-config.php SSL trick works for single sites as well as multi-sites.

Setup SSL and WordPress HTTPS on Exclusive Pages

Now if for some reason, you only want to add HTTPS and SSL on specific pages of your site, then you would need the plugin called WordPress HTTPS (SSL).

First thing you need to do is install and activate the WordPress HTTPS (SSL) plugin.

Please note that this plugin hasn’t been updated for a while, but it works fine and is safe to use. See our guide on installing plugins not tested with your WordPress version for more information.

Upon activation the plugin will add a new menu item labeled HTTPS in your WordPress admin. You can click it to visit the plugin’s settings page.

WordPress HTTPs SSL settings

The first option of the settings page asks you to enter your SSL host. Mostly it is your domain name. However, if you are configuring the site on a subdomain and the SSL certificate you got is for your main domain name, then you will enter the root domain. If your using a shared SSL certificate provided by your web host, then you will need to enter the host information they provided instead of your domain name.

In some cases if you are using a non-traditional SSL host and need to use a different port, then you can add it in the port field.

Force SSL Administration setting forces WordPress to use HTTPs on all admin area pages. You need to check this box to make sure that all traffic to your WordPress admin area is secure.

The next option is to use Force SSL Exclusively. Checking this box will only use SSL on pages where you have checked the Force SSL option. All other traffic will go to the normal HTTP url.

This works if you only want to use SSL on specific pages like shopping cart, checkout, user account pages, etc.

Click on the save changes button to store your plugin settings.

If you want to use HTTPS just for specific pages, then you need to edit those pages and check the Force SSL checkbox.

Forcing HTTPs on specific pages and posts

Once done, visit your page to ensure that you have all green light in Chrome and other browsers.

Chrome WordPress HTTPS error

That’s all, we hope this article helped you add HTTPS and SSL in WordPress. You may also want to check out our guide on when do you really need managed WordPress hosting.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Google+.


Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »

Comments

  1. sujith says:

    Hi , after converting to https i am getting error like

    “You do not have sufficient permissions to access this page” in wp-admin

    Not able to access wp-admin.

    When i revert the changes its working fine.

    Can anybody please help

  2. Bruce says:

    My website is redirecting under
    https to a different website and I cannot find where the redirect is.

    Any ideas as to where to look would be appreciated.

    I have tested the plugins by disabling them.
    I have tested the themes by changing themes.
    I have looked at the htaccess.

    All works well except under https where it redirects to one of my other sites.

    Any help appreciated.

  3. Rrich says:

    Hi,

    I changed the wordpress and site address at the General settings tab at wordpress from http to https. And I can’t access my site again.

    I now get your site is insecure when Ii type in he url.

    I can’t even access the admin.

    Please help

  4. Moty says:

    After activation and change force admin ti https can’t login- Page Not found 401
    can you please let me know how can I revert the changes?
    thanks

    • Moty says:

      I have erased the plugin via file manager,
      Now can login to my wp admin but still can’t get into the plugins panel VIA Wp ,
      it is asking for an https address
      Please help
      Thanks

  5. Naeem Hussain says:

    Dear Sir WPbeginner,

    I installed SSL + dedicated IP Certificate to my Wp Website name computerpakistan.com. Now its everything working fine, But problem with my website page speed.

    Before SSL Speed
    1.8 seconds
    After SSL Installation site page Speed
    4.3 Secondes by gtmatrix report

  6. Ritesh says:

    I am not able to access the admin area after I uploaded define(‘FORCE_SSL_ADMIN’, true); to wp-config.php. My site was already using wordpress https plugin with force ssl administration checked in. I removed that plugin using ftp but I am still not able to login. It says incorrect username or password. However neither the password nor the username has been changed. I think this was the problem after I tried adding define(‘FORCE_SSL_ADMIN’, true); to wp-config.php. I can see the login page on https version of the site but not able to login. Please guide further.

    • Ritesh says:

      Its absolutely blank page and nothing else.

      • The Platypus says:

        I’m hopeful you ran a back up before doing any changes to your site.. in either case revert back your site to an earlier state via your database, and whatever back up of your config.php file you have.

  7. Monu says:

    Hello sir I am using wordpress with https and www ……………….. in my site everthing is okay url of posts and pages are also use https but in google search results not show https in my website address only show http://www.example.com/post...

    • WPBeginner Support says:

      You will need to inform Google about change of address from Google Webmaster Tools.

  8. Raivat says:

    Hi, I followed your tutorial. Thanks, Everything works! But I am getting an error when I load the home page saying “Your connection to this site is private, but someone on the network might be able to change the look of the page”. I checked it out and it seems there is a problem in one of my font resources which uses Google Fonts with http instead https, can you show me how can I fix this?

    Thanks :)

    • Sebastian says:

      Try removing the “http://” from the Google Font call. So it’s not being forced across HTTPS. The reference call to the Google Font link should start with the “www.” instead of “http://”

  9. Naval Gupta says:

    Should we use 301 redirect to redirect all http pages to https pages?

  10. Mark Cohen says:

    Everything working fine, except that when on Dashboard > Home I get exclamation mark across padlock in URL bar. Anyone know what content is being served insecurely on this page?

  11. Joel says:

    I made the changes in the site before I set up the certificate and now can not access the back end of my site.

  12. David gillies says:

    Hi followed your example and now cant access the website at all
    if I try

    all I get is jumbled page with no styling

  13. Adrienne says:

    I need to do this soon for my nonprofit site, and I’m scared! :-) Paying for this is going to be extra too, but I have to do it!. Thanks for this info….

  14. Lourdes says:

    So this comes up when I google my Blog Page. Using Bluehost/wordpress – DOES THIS MEAN O need to fix the SSL Cert issue aka buy from bluehost? Thank you!!!!

    [We didn’t find any SSL certificate present on the website which is bad for users privacy. The site has a title but meta description is absent, it will be better for SEO if both are present. Homepage is in English.]

  15. Maxim says:

    Thanks for this post! Helped a lot!

  16. Penny says:

    What if you have Mixed Content going on and were asked to fix that before you proceed with installing SSL?

    My Firewall, Sucuri said that I need to fix the mixed content before they can install the SSL. Now I’m stuck and do not know how to proceed. I’m nervous with installing plugins. They recommended really-simple-ssl plugin. Have you had any experience with this? I try to limit the using plugins…

  17. Milon says:

    Thanks BRO

  18. Jarred says:

    We installed the plugin WordPress HTTPS (SSL). We chose to only use SSL on specific pages option and everything is working great. However we have two important questions that came about after reading the GOOGLE article about migrating to https. Not sure if I can share link on here, so this is the title “Secure your site with HTTPS” on support google.
    Questions.
    1. Does the plugin WordPress HTTPS (SSL) automatically create 301 redirects to help search engines know we moved to https on those specific pages?
    2. If the plugin does not create the 301 redirects, do WE need to go ahead and create the 301 redirects manually for those specific pages that we added SSL on? Thank you in advance

    • WPBeginner Support says:

      See if the plugin is redirecting by checking it with an online redirect checker tool. If it isn’t, then you can setup your own redirects.

      • Jarred says:

        I followed your advice and found a redirect tool. We used it and realized that the WordPress HTTPS (SSL) plugin DID in Fact create 301 redirects automatically. Great review and tutorial on this blog post and everything is working great. Thanks

  19. adam vikar says:

    For a multisite setup, is there a code we can use to force SSL on the main site and NOT a specific subdomain?

  20. Michelle says:

    I put the wrong info in the SSL host box and now I get a 404 error. I cannot get back to any of my pages to disable the plugin or to change the info in the SSL host box. Please advise….

    • Easiest solution - delete the plug-in says:

      The easiest solution is to delete the plug-in.

      Access the files on your server (If you are using cPanel, you can use ‘File Manager’
      Browse to where the plug-ins are kept
      /wp-content/plugins

      Find the plug-in and delete it.

    • Hiep Pro says:

      You can use ftp client to delete plugin folder on web dir.

  21. Jithin Johny George says:

    Hi,

    Awesome step-by-step guide.

    But the plugin you have mentioned,WordPress HTTPS (SSL) has not updated in years.

    Is there any alternative for the plugin ?

    Thank You

    • Penny says:

      I was advised by my firewall company to use Really Simple SSL. I haven’t tried it yet but they highly recommend it.

  22. Kris Gabriel says:

    Fantastic guide, simple and usefull.
    The only thing to worry about is that the redirects causes the page to slow a bit down.

    Is implementing the code listed above into the .access file the first choice or is it better with just a plugin?

    I´ve chosen both options, that means both a wordpress https plugin AND .access code.
    Would you say that is benicial or not?

    Kind regards
    Kris

  23. Mursaleen Kamal says:

    Assalam Alaikum Sir: We Have Been Successfully Implement this Guide on Our Website But We Still Facing Redirect issue,

    Our Website Is Accessing from Both URL

    http and https

    and How to Resolve Mix Content Issue?

  24. Ahmed Muhi says:

    Thank you so much it worked.

  25. Ali says:

    Hello,
    Thank you for your guide. I add this code in my htaccess file
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]

    but now it do not do 301 redirect it is doing 302 redirect.
    Please tell me is it ok to do 302 redirect or not.

    Regards

    • WPBeginner Support says:

      A 301 redirect means that the page has permanently moved to a new location. A 302 redirect means that the move is only temporary. Search engines need to figure out whether to keep the old page, or replace it with the one found at the new location.

  26. Ana says:

    Thanks for the article, but I should definitely have read it before adding the SSL and https to WP. Total newbie but somehow managing a wordpress site..

    Changed WP site address on the settings page from http to https after an update recommendation on my admin panel. But now I can’t access the website or admin page! All I get is a blank page with the message ERR_TIMED_OUT and site can’t be reached.

    I realised I hadn’t activated the free SSL certificate that comes with our web hoster. Now I have done that and I’ve tried adding a WP SSL redirect (http to https) code to the .htaccess file as well. And tried adding define force_SSL_admin to wp-config.php, but nothing has changed and I don’t know how to undo or fix the issue. Any suggestions or experience in this issue would be very helpful!

  27. mirko says:

    sorry, but…I did not understand the part of .htaccess files … Must I add code to my htaccess or mix with my file ?
    my original file is the default wordpress file

    # BEGIN WordPress
    
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    
    # END WordPress
    

    The New file is correct ?

    # BEGIN WordPress
    
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
    
    
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    
    # END WordPress
    

    Thank you, Mirko

  28. g says:

    after changing the url in general settings, all css styles are gone, and the wp-login page to change this setting is not showing because of to many redirects. be aware before using this tut, I have to back up.

  29. Mark C says:

    Hi, what about if we’re using it only for the login.php page, where do we configure it?

  30. christopher says:

    Thank you for your article! I was wondering though, my website recently has suffered some problems with “too many redirects” error. I wonder if adding the .htaccess code you mentioned in the article for ssl redirect will make the problem worse? Some visitors to my website said they often see “this page isn’t redirecting properly” when they come to our website. Could it be that our customers are having trouble visiting our website because I don’t have that code in my .htaccess file?

  31. Melvin says:

    Hi! I was wondering if there’s a reason why you only want SSL on specific pages instead of the whole website? Could this be because of performance?

  32. Ahmed says:

    Hello Syed! Great tutorial. I just want to ask that when ssl error window appears in browsers. Whether its the time to login,shopping or everytime you visit specific websit….For example if I have a blog which don’t offer login or shopping whteher ssl certificate is required or not???

  33. Jaclyn Mamuzich says:

    Hello,

    For some reason our blog is not showing as https even though we have an ssl installed and I thought it was done before the migration but I could be wrong. I followed the steps in the article (greatly appreciated :) but for some reason when I complete all the steps, almost all of my styling disappears, specifically related to layout. Any suggestions?

    thanks!

    • Rob says:

      As with JACLYN MAMUZICH. I have followed all the steps and when the site is viewed in https:// all the CSS has gone. Any suggestions?

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.