How to Move a WordPress Site from HTTP to HTTPS

WordPress is one of the most popular CMS platforms in the world. It powers around 25% of all websites on the Internet today.

Whether you’re a novice user or an experienced administrator, learning how to move a WordPress site from HTTP to HTTPS should be one of your top priorities.

Gone are the days when SSL Certificates were just a necessity for e-commerce stores or financial institutions. If you don’t know how to add an SSL Certificate to a WordPress site, now is the perfect time to master this skill.

But before we dive into the main aspects of how to move a WordPress site from HTTP to HTTPS, you need to have a valid SSL Certificate ready for installation. If your certificate is already up and running you may skip the next two-paragraphs, otherwise, continue reading.

We also recorded a video that walks you through the entire process. You can watch the video, read the instructions, or do both. You can watch the video below.

The first thing you should do, before even buying the SSL Certificate, is to check with your hosting provider whether your plan allows you to install third-party SSL Certificates. The majority of WordPress sites are hosted on a shared server, and if that’s your case too, then make sure it supports private SSL Certificates. If it doesn’t, upgrade to a VPS or dedicated server.

Once you’re good with your server, it’s time to install your SSL Certificate. We’ve written over 50 SSL installation guides for all the major servers and email clients. You may want to ask a web developer or a system engineer to take care of the installation.

Change settings in your Dashboard

When the SSL installation is complete, log in to your WordPress Dashboard and navigate to Settings > General. Check the WordPress address URL and the site address URL. If both are HTTP, add an S after HTTP and save the changes. Now, your install URL should start with https, like https://www.yoursite.com.

You’ll obviously want all your login and admins sessions to happen over a secure connection. To achieve this, the constant FORCE_SSL_ADMIN must be set to “true” in your website’s wp-config.php file. Here’s the full code: define (‘FORCE_SSL_ADMIN’, true);

Avoid mixed content

The next step is to make sure that all your content, files, images, videos, and scripts are loading over HTTPS. Also, double-check your databases and source codes for potential HTTP links. Here’s how to fix mixed content and avoid SSL connection errors.

301 redirects

Set 301 redirects from HTTP URLs to new HTTPS URLs. 301 redirects are search engine friendly and can be implemented in different ways.

Force WordPress to use HTTPS

Another essential action is to force your website’s visitors to use the SSL connection. This can be accomplished by adding some code in your .htaccess file. Past the following code:

For Apache users:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]

For Nginx users:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]

Don’t forget to replace yoursite.com with your URL.

If these steps seem overly complicated to you, ask a developer to help you move a WordPress site from HTTP to HTTPS. If you’re completely new to WordPress and SSL Certificates, doing it by yourself is not advisable. But if you have at least intermediate WordPress knowledge, and access to your website files, either via FTP or web hosting control panel, then you can implement all the changes we’ve mentioned in this article.

Monitor and test your HTTPS connection

Don’t forget to always monitor and test your HTTPS setup. To check how well your SSL Certificate is running, simply head to our impressive FAQ page and use the tools we recommend. Also, if you installed your SSL Certificate successfully, and did all the things that we have mentioned above, but browsers continue to show your website as insecure, then we would recommend you check this FAQ item.

We’ve shown you how to move a WordPress site from HTTP to HTTPS. However, every website and server may require custom adjustments that we haven’t touched upon. For specific HTTPS questions, use the help of professional developers.