Redirecting your website from HTTP to HTTPS is an essential step in securing your site and improving user trust. HTTPS encrypts the communication between your website and its visitors, providing a secure experience. One of the easiest ways to implement this redirection in WordPress is by using a plugin also a piece of code for manual without plugin. In this article, we will guide you through the process step-by-step.
Very Important Note: Changing to https may occur too many redirects error in browser, make sure in step 3 you choose redirect method 301 redirect htaccess to prevent this error. we have a full article about too_many_redirects problem in wordpress.
Table Of Contents
Why Redirect HTTP to HTTPS on WordPress (Activate SSL on WordPress Websites)?
- Enhanced Security: HTTPS protects sensitive information like passwords and payment details from hackers. you can also read a full article on WordPress Security in our blog.
- SEO Benefits: Search engines like Google favor HTTPS websites and may rank them higher.
- Trust and Credibility: Visitors are more likely to trust websites with a secure connection (indicated by the padlock symbol in the address bar).
- Compliance: Many regulations and standards (e.g., GDPR, PCI DSS) require secure connections for data protection.
Automatic Redirection via Plugin
Step 1: Install an SSL Certificate
Before redirecting HTTP to HTTPS, ensure that your website has an SSL certificate installed. Most hosting providers offer free SSL certificates through Let’s Encrypt or other providers. Here’s how to install one:
- Log in to your hosting account.
- Locate the SSL/TLS section.
- Install a free SSL certificate or purchase one if needed.
- Verify that your SSL certificate is active by visiting your website using
https://yourwebsite.com. - if you don’t have these options send a ticket to your hosting provider to activate it for you.
Step 2: Install and Activate Really Simple Security
- Log in to your WordPress dashboard.
- Navigate to Plugins > Add New.
- Search for “Really Simple Security”.
- Click Install Now and then Activate.
The plugin will automatically detect your SSL certificate and guide you through the setup process.
Step 3: Enable HTTPS Redirection
- Once the plugin is activated, go to Security Menu
- Follow the on-screen instructions to enable HTTPS for your site.
- go to Settings page and activate SSL by htaccess 301.
- The plugin will handle the necessary changes, including adding redirection rules to ensure all traffic is redirected from HTTP to HTTPS.
Step 4: Verify the Redirection
- Open your website in a browser and type
http://yourwebsite.com. - Ensure it automatically redirects to
https://yourwebsite.com. - Clear your browser cache and test in an incognito window if needed.
Step 5: Fix Mixed Content Issues
Mixed content occurs when some resources (e.g., images, CSS, or JavaScript) are loaded over HTTP instead of HTTPS. This can lead to warnings in the browser. The Really Simple SSL plugin includes a content fixer to handle this:
- In Security > Settings > SSL, enable the “Mixed Content Fixer” option.
- Check your site again to ensure no mixed content warnings appear.
Step 6: Update WordPress Settings
- Go to Settings > General in your WordPress dashboard.
- Update the “WordPress Address (URL)” and “Site Address (URL)” fields to use
https://instead ofhttp://. - Save the changes.
Manual Redirection via .htaccess
Before redirecting HTTP to HTTPS, ensure that your website has an SSL certificate installed. you can send a ticket to your hosting provider to activate it.
If you prefer manual control, you can add redirection rules directly to your .htaccess file. Here’s an example:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
Add it to top of your htaccess file using ftp or hosting file manager, Save the changes and upload the file back to your server.
What to Do If SSL Fails or Causes Problems
If enabling SSL causes issues or your SSL certificate fails, follow these steps to undo the changes:
- Restore .htaccess File:
- Access your website files via FTP or your hosting file manager.
- Open the
.htaccessfile and remove the HTTPS redirection rules added by the plugin. - Replace it with a default WordPress
.htaccessfile:# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress
- Deactivate Really Simple Security:
- If you dont have access to wp-admin page, Access your website files via FTP or your hosting file manager, go to public_html, wp-content, plugins and file really simple security folder and rename it.
- If you do have access to wordpress admin Log in to your WordPress dashboard.
- Go to Plugins and deactivate the Really Simple Securityplugin.
- Update WordPress Settings:
- Go to Settings > General and revert the “WordPress Address (URL)” and “Site Address (URL)” fields to use
http://.
- Go to Settings > General and revert the “WordPress Address (URL)” and “Site Address (URL)” fields to use
- Check Your Site:
- Clear your browser cache and revisit your website to ensure it is accessible via HTTP.
- Contact Your Host:
- If the issue persists, reach out to your hosting provider for support with SSL installation and troubleshooting.
Benefits of Using Really Simple Security to Redirect http to https on WordPress
- Ease of Use: The plugin simplifies the process of enabling HTTPS, requiring no technical expertise.
- Automatic Redirection: Ensures all traffic is securely redirected to HTTPS.
- Mixed Content Fixer: Helps resolve issues with insecure resources.
- Lightweight: The plugin is optimized for performance and won’t slow down your site.
Conclusion
Redirecting HTTP to HTTPS is a crucial step in securing your WordPress website and ensuring a safe browsing experience for your visitors. With the Really Simple Security plugin, the process becomes straightforward and hassle-free. By following the steps outlined above, you can enhance your site’s security, boost its SEO ranking, and build trust with your audience.
If you encounter any problems, you can easily revert to the previous settings and troubleshoot as needed. Ready to secure your website? Install Really Simple Security today and make the switch to HTTPS effortlessly!