Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

How to Add SSL and HTTPS in WordPress

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
How to Add SSL and HTTPS in WordPress

Are you looking to move from HTTP to HTTPS and install a SSL certificate on your WordPress site? In this article, we will show you how to add SSL and HTTPS in WordPress.

Don’t worry, if you have no idea what SSL or HTTPS is. We’re going to explain that as well.

What is HTTPS and SSL?

WordPress Security

Every day we share our personal information with different websites whether it’s making a purchase or simply logging in.

In order to protect the data transfer, a secure connection needs to be created.

That’s when SSL and HTTPS come in.

HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.

Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and it’s certificate doesn’t match, then most modern browsers will warn the user from connecting to the site.

Google Chrome showing warning about an unsecure connection

Now you are probably wondering, why would you ever need to move from HTTP to HTTPS and install a SSL certificate?

Why do you need HTTPS and SSL?

If you are running an eCommerce website, then you absolutely need a SSL certificate specially if you are collecting payment information.

Most payment providers like Stripe, PayPal Pro, Authorize.net, etc will require you to have a secure connection using SSL.

Recently, Google also announced that they will be using HTTPS and SSL as a ranking signal in their search results. This means that using HTTPS and SSL will help improve your site’s SEO.

We already use SSL for our eCommerce sites like OptinMonster, Soliloquy, and Envira Gallery. We will also switch all content sites to SSL as well. We just added SSL for Syed Balkhi’s blog (our founder).

A site secured by HTTPs and SSL in WordPress

We’re often asked wouldn’t SSL and HTTPS slow down my WordPress website? In reality, the difference in speed is negligible, so you should not worry about that.

Requirements for using HTTPS/SSL on a WordPress Site

The requirements for using SSL in WordPress is not very high. All you need to do is purchase a SSL certificate.

Some WordPress hosting providers offer free SSL with their plans. Siteground, one of our favorite providers, offer a one year free SSL certificate with their “grow big” plan).

If your hosting provider does not offer a free SSL certificate, then you can ask them if they sell third party SSL Certificates. Most hosting providers like Bluehost sell them around $50-$200.

You can also buy SSL from providers like Godaddy.

Once you have purchased a SSL Certificate, you would need to ask your web hosting provider to install it on your server.

This is a fairly straight forward process.

How to Setup WordPress to Use SSL and HTTPS

If you are starting a new site and/or want to use HTTPS everywhere on your site, then you need to update your site URL.

You can do this by going to Settings » General and updating your WordPress and site URL address fields.

updating-urls

Now if you’re adding SSL to your existing site, then you need to setup WordPress SSL redirect from HTTP to HTTPS.

You can do this by adding the following code in your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
</IfModule>

Don’t forget to replace yoursite.com with your site URL.

If you are on nginx servers (most users are not), you would add the following to redirect from HTTP to HTTPS:

server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}

By following these steps, you will avoid the WordPress HTTPS not working error because all your site URL and content will be on SSL.

If you want to add SSL and HTTPS on your WordPress multi-site admin area or login pages, then you need to configure SSL in wp-config.php file.

Simply add the following code above the “That’s all, stop editing!” line in your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

This wp-config.php SSL trick works for single sites as well as multi-sites.

Setup SSL and WordPress HTTPS on Exclusive Pages

Now if for some reason, you only want to add HTTPS and SSL on specific pages of your site, then you would need the plugin called WordPress HTTPS (SSL).

First thing you need to do is install and activate the WordPress HTTPS (SSL) plugin.

Please note that this plugin hasn’t been updated for a while, but it works fine and is safe to use. See our guide on installing plugins not tested with your WordPress version for more information.

Upon activation the plugin will add a new menu item labeled HTTPS in your WordPress admin. You can click it to visit the plugin’s settings page.

WordPress HTTPs SSL settings

The first option of the settings page asks you to enter your SSL host. Mostly it is your domain name. However, if you are configuring the site on a subdomain and the SSL certificate you got is for your main domain name, then you will enter the root domain. If your using a shared SSL certificate provided by your web host, then you will need to enter the host information they provided instead of your domain name.

In some cases if you are using a non-traditional SSL host and need to use a different port, then you can add it in the port field.

Force SSL Administration setting forces WordPress to use HTTPs on all admin area pages. You need to check this box to make sure that all traffic to your WordPress admin area is secure.

The next option is to use Force SSL Exclusively. Checking this box will only use SSL on pages where you have checked the Force SSL option. All other traffic will go to the normal HTTP url.

This works if you only want to use SSL on specific pages like shopping cart, checkout, user account pages, etc.

Click on the save changes button to store your plugin settings.

If you want to use HTTPS just for specific pages, then you need to edit those pages and check the Force SSL checkbox.

Forcing HTTPs on specific pages and posts

Once done, visit your page to ensure that you have all green light in Chrome and other browsers.

Chrome WordPress HTTPS error

That’s all, we hope this article helped you add HTTPS and SSL in WordPress. You may also want to check out our guide on when do you really need managed WordPress hosting.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Google+.


Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »

Comments

  1. turan says:

    Thank you very much everything solved by adding above code to .htaccess file

  2. Joe says:

    Will changing the Site URL in WordPress to “HTTPS” auto redirect any HTTP requests?

    We don’t need htaccess rewrites if the SITE URL is HTTPS?

  3. Cristi Scutaru says:

    Great post, it helped me switch my WordPress site to SSL in just a few minutes!

    Great site as well, congrats for such a valuable content. I found myself often googling for some WordPress related answers for the past few days, and your pages came on top frequently, with clear and concise solutions.

  4. Piet says:

    When only switching the WP backend to SSL, the next challenge is how to show featured images in the backend? These are loaded via http instead of https and as such do not show in the WP backend anymore.

    Is there a way to load them from https for the backend only or do I just have to accept the fact that I will not be able to see them (in the backend)?

  5. Tushar says:

    Good article. Why don’t you use https on WPBegineer?

  6. Yuvraj Khavad says:

    Hi Team wpbeginner,
    Thanks for this post. You save my time.

    Keep Good Work.

    Thanks
    Yuvraj R K.

  7. Logan says:

    Thanks for this great guide to setting up https. Was using the plugin your mentioned for a long time but it caused problems with my site so I only used it to secure my admin panel. Now I can cover my entire site.

  8. Felix Figueroa says:

    The .htaccess edit broke my site with the “ERR_TOO_MANY_REDIRECTS” message. Tried suggestions detailed in this post. After disabling all plugins i get a 500 Server Error. Thanks, my site is completely broken now.

  9. Eivind F Skjellum says:

    Thanks, very helpful. Got my ssl working thanks to you!

    Eivind

  10. beamkiller says:

    Dear wpBeginner,

    I have made the modifications in htaccess and Options too but I got error in Chrome:
    ERR_TOO_MANY_REDIRECTS

    So my page is not secured with SSL, on Checkout and My-Account it is working with WooCommerce. But I cannot get to work it on the whole WP installation.

    • MMPrint says:

      Hope this helps:

      Uncheck the WooCommerce “Un-force HTTPS when leaving the checkout” setting.

      The htaccess if forcing https but then woocommerce forces http so they just go back and forth in a loop.

      • Chetan says:

        Hi MMPrint

        I can give thousand thumbs up to your answer. This has solved my issue which i was living with since the last 10 days. No matter what i tried in the .htaccess file the site wasnt showing up. I also played with deactivating the plugins etc etc. Finally it was woocommerce which was the culprit.

        Thanks a lot man !

        Cheers
        Chetan

  11. Kevin Verlinden says:

    I like this site the information is very useful and comprehensive. It has helped me already a lot of times.

  12. Austin says:

    Hey – any reason SSL is not being used on Optinmonster etc like mentioned in the article?

    • WPBeginner Support says:

      SSL is used on OptinMonster website when users login or signup.

      • Austin says:

        “We already use SSL for our eCommerce sites like OptinMonster, Soliloquy, and Envira Gallery.”

        I took this to mean all of the pages – wondering if that was the case and now for some reason it has been reverted to non-SSL?

        Thanks!

  13. Armando Landois says:

    I followed this guide and now my domain is working at

  14. George says:

    I tried this plugin and it broke my site. Uninstalled in immediately. I still need what this plugin offered, which is https on some pages, but not the whole site. Is there any other plugin (other than this one, which hasn’t been updated in over two years) that can do this?

    • Patrick says:

      The free version of iThemes Security will take care of this for you ;-)

      • Celeste says:

        What do you mean, Patrick, that iThemes Security will take care of this. I just went to their website and it seems like a good plugin for enhanced security. But I didn’t see any reference to SSL or setting up specific pages to use SSL only.

  15. Octavio Cestari says:

    I did the installation of a plugin which forced all the site enter https, now I can no longer access the site or the wordpress dashboard, how do I reverse the process?

  16. Drew says:

    I just added the code using your .htaccess solution. Worked perfectly and exactly as described. A big thank you!

  17. michael s says:

    You say all you need to do is buy a certificate, but my hosting service requires a static IP address also which is WAY more expensive than a basic certificate. My service wants $4/month for static IP.

  18. DJ says:

    HELP!
    I did this change and now I can’t access my site through WP-ADMIN
    It is stating my site is down. I don;t have an .htaccess file in my files. I have set FileZilla to show hidden files and cannot find it. Can you help me get back into my site?

    Thanks.

    • WPBeginner Support says:

      First try to deactivate all your plugins this should resolve your issue, but if it doesn’t then see our guide

    • DJ says:

      OK, added the htaccess file and added the code you have above but I still cannot get in.

      Any ideas? All I’m seeing is a message saying my site does not exist.

      DJ

      • David Coombes says:

        DJ
        Not sure if you are still having an issue but if you google ‘a plugin broke my site’ or something similar then there’s some good answers – basically it involved removing the plugins folder which should get your site back then reactivating the plugins one by one.
        Hope it helps – it’s frustrating when a site goes down.

  19. Sasha says:

    I used the .htaccess method and got this error:

    “The page isn’t redirecting properly

    Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    This problem can sometimes be caused by disabling or refusing to accept cookies.”

    Any one has an idea?

    thanks

  20. Mike S says:

    I added the code into the .htaccess and I got the following issue:

    The page isn’t redirecting properly

    Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    This problem can sometimes be caused by disabling or refusing to accept cookies.

  21. Marych says:

    PLEASE HELP

    I didn t get a certificate but just went to settings > General and replaced http by https .
    after updating I can t access to my wordpress url and the message ‘ Your connection is not private

    Attackers might be trying to steal your information from etlco.com.sa (for example, passwords, messages, or credit cards). ‘ is displayed .

    Any solution , please help me

    • Andron says:

      You need to get a certificate in order for it to work. When you request a page over https, it starts a conversation between your browser and the server in which the server validates its identity as the correct site. That validation occurs by sending a trusted certificate to your browser. If a certificate doesn’t exist, your browser will give you that “connection is not private” warning. It’s done to protect you from sites that aren’t who they claim to be.

      Namecheap offers basic SSL certificates for $9 a year, and there are plenty of other options. If you can wait, look into LetsEncrypt.org — they’ll be offering free ones starting this September, I think.

    • sewe herbert says:

      Hi Marych, just had that same problem, but managed to fix it; here is how

      use an FTP Program, alocate the wp-config.php
      then put this just after (define(‘ABSPATH’, dirname(__FILE__) . ‘/’);)

      define(‘WP_HOME’,’http://yoursite.com’);
      define(‘WP_SITEURL’,’http://yoursite.com’);

      then save and re-upload the wp-config.php file
      Then all is well

  22. Gary Morrison says:

    We have did like you said .. and not we are locked out of the dashboard and any page we go to on front end will not display only home page works.

    Thank you for your time ..

    P.S. and now my images are not showing up…

    • WPBeginner Support says:

      Please retry all the steps in the article again. If the problem persists contact your web hosting service provider.

  23. Tom L says:

    Thank you very much for your support. I was able to install the plugin and have my site with all pages https without any adjustments.
    Perfect instructions.

  24. Tecnologia Geek says:

    nice..is working now..how i make this to show the green bar?

  25. Tecnologia Geek says:

    can i have some help here.. i dit all this step but..the site look diferent and i cant login to admin..

  26. Maarten says:

    It is worth mentioning this technique breaks WooCommerce downloads. It will end in a 403 access denied for forced download or x-sendfile downloadable products.

  27. Matthew says:

    Thanks for the excellent article.
    I was under the impression that installing an SSL certificate was as simple as you have indicated… however, when I installed mine it appears to confused (and completely broken) my site. I am being told that some parts of my wordpress database have changed to https, but others haven’t.
    Now I can’t get in to the wordpress admin area at all – but I can ftp to the hosting.
    Any ideas how I can update my wordpress databases and themes to reflect https rather than http ?
    I am tempted to uninstall the certificate, restore my entire site from a backup and wander off, shaking my head in frustration.
    Thanks,
    Matthew

  28. Shane says:

    Your article made no mention of verifying plugin compatibility with SSL before making the change. Is that because plugin code generally doesn’t go “offsite” and hence result in “insecure” content warnings, or are plugins something that we should be concerned about and carefully review before considering the switch?

  29. Jim R says:

    thank you for this- never used SSL or HTTPS before and suddenly needed a java donations page to be HTTPS. with your instructions I was able to get it working in a matter of minutes.

  30. Jennifer Goddard says:

    Don’t download this plug in. As of late 2014 there are multiple complaints of incompatibility!

  31. GJ says:

    Thanks for the tutorial.

    I wanted to add a few more resources..

    1) Change all the ur’s media/js etc through the Bluevelvet plugin from http to https

    2) if you do not have the green https color you can look for insecure files at whynopadlock.com

    3) Submit your https version to the webmaster tools as well

  32. Ollie says:

    Excellent tips as always.

    I’d like to point out for anyone using the .htaccess redirect, to include that in their htacces file first at the top. I had the usual wordpress htaccess code at the top of the file and it wasn’t working until I pasted the new code before it.

  33. Johny P says:

    Really now a days ssl is moving to a new level . Awesome article. :)

  34. Rael says:

    hi guys,

    I have an http link which cannot be changed using //www.url.com/ because the server it’s on doesn’t have SSL.

    The issue comes when this link appears on a secure page on my site.

    Is there a way to redirect it to http once off the https page?

  35. WPBeginner Staff says:

    Contact W3 Total Cache support.

  36. Muhammad Umer says:

    Hi Syed i really need your help in this, some plugin causing this i added this today more than 5 times after few time it remove automatically from htaccess file, i am using w3 total cache.

  37. Muhammad Umer says:

    Hi, Thank you for the guide i configured everything perfectly with your guide, but when i empty cache or use w3 total cach plugn they removed my .htaccess file and start their own.
    is there any settings in the plugin?
    currently want to use ssl on
    Thanks,

  38. WPBeginner Staff says:

    Yes, we do.

  39. Mark says:

    Hi, the WordPress HTTPS plugin hasn’t been updated in a couple of years. Do you still recommend it?

  40. WPBeginner Staff says:

    Your site is making http requests to resources which are not secure. For example many WordPress themes fetch Google fonts using a non-https url. View your site’s source code to figure out which scripts, images, stylesheets are using non-https URLs.

    • Dustin says:

      Very helpful. SSL works great on my sites now. The main issue I ran into was securing images. Easy to identify, but time-consuming to fix. It seems all I had to do was reload the same image and it fixed the problem. For sites that have hundreds or more images, is there a plugin or an easier way you’d recommend to fix insecure images? Thank you.

      • Gavin says:

        Like Justin, the biggest issue I had was with images. I’m currently running SSL Insecure Content Fixer plugin with the ‘Content’ option checked to resolve this issue, but it’s unsatisfactory to have to have a plugin activated all the time instead of just being able to apply a change from http to https to images across the board (perhaps other media types too? – I haven’t check this). Is there a way to apply a universal permanent change? Thanks.

  41. Travis Pflanz says:

    One of the biggest culprits of elements not being loaded over HTTPS is a theme calling Google Fonts. Unfortunately, many theme developers call the Google font with http://, rather than just //

  42. WPBeginner Staff says:

    Seems like your website has some elements loaded from a non secure URL. Most probably a third party script or stylesheet.

  43. Heri Saputra says:

    Hi.. I have been installed comodo ssl to my site but ssl on my site is not green light, how I can fix it?

  44. Heri Saputra says:

    Hi,,, I have been installed ssl to my website but my ssl is not green light but like this, how I can fix it? Tx

  45. WPBeginner Staff says:

    We will be moving all our sites to SSL and HTTPs very soon.

  46. Matthew Bochnak says:

    Thanks for posting this! I had to go through this process and could not figure out the redirect from http to https.

  47. Techno-Proo.com says:

    why you don’t use SSL and HTTPS ?

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.