How to redirect HTTP to HTTPS in WordPress

Redirecting HTTP to HTTPS in WordPress is crucial for securing your website and improving user trust. HTTPS encrypts the data transferred between your server and users, providing a secure browsing experience. In addition to enhancing security, using HTTPS is a ranking factor for search engines, making it important for SEO as well.

To enforce HTTPS across your WordPress site, you need to redirect all HTTP traffic to HTTPS. This can be done by modifying your site's configuration files or using a plugin that handles the redirection automatically. Properly setting up the redirect ensures that visitors and search engines only access the secure version of your site.

This guide focuses on manually configuring your WordPress site to redirect HTTP to HTTPS by updating the .htaccess file or the wp-config.php file. This method gives you full control over the redirection process and ensures that all pages on your site are secured with HTTPS.

Steps to redirect HTTP to HTTPS in WordPress:

Ensure that your site has an SSL certificate installed.

An SSL certificate is required to use HTTPS. You can obtain one from your hosting provider or a certificate authority.
Log in to your WordPress dashboard.

Access your WordPress site’s backend by navigating to `yourdomain.com/wp-admin` and entering your credentials.
Update your WordPress Address (URL) and Site Address (URL) to use HTTPS.
```
    Dashboard > Settings > General
```
Change `http://yourdomain.com` to `https://yourdomain.com` in both fields.

Edit your .htaccess file to force HTTPS.

You can find the .htaccess file in the root directory of your WordPress installation.

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    </IfModule>
    # END WordPress

Alternatively, add the HTTPS redirect in your wp-config.php file.

Edit the wp-config.php file located in the root directory of your WordPress installation.
```
    define('FORCE_SSL_ADMIN', true);

    if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'http')
        $_SERVER['HTTPS'] = 'on';
```
Save the changes to your .htaccess or wp-config.php file.

Ensure you have backed up these files before making any changes.
Test your website to confirm that HTTP is redirected to HTTPS.

Visit `http://yourdomain.com` in your browser, and it should automatically redirect to `https://yourdomain.com`.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.