How to Force HTTPS and SSL in WordPress

What is HTTPS and SSL (Secured Socket Layer)?

SSL stands for Secured Socket Layer. It is a industry security standard enables and encryption between webserver and user’s browser. By encrypting data means all data that passing from and to browser remain private and secured. According the Mozilla statistics last year the web is now approximately 70 percent encrypted.

Why do we need HTTPS or SSL?

In the near future, major browsers most likely to make HTTP or SSL as a basic standard. The internet has been relying on HTTP (Hypertext Transfer Protocol) for the past two decades. The only and biggest flaw that urge everyone to switch is security. Any web content from login credential and online transactions on HTTP is open and stand right in front of everyone.

If you are planning to build an E-Commerce empire, then you have no choice but to install a SSL certificates on your website to encrypt all the data transmitted.

Third-paty payment services such as PayPal, Stripe,, others are required your E-Commerce website to have secure connection before sending users to complete payment.

Where do I get a SSL certificates?

Most hosting provider now offering Free SSL certificate specifically if your web hosting runs on WHM/cPanel. If your web hosting doesn’t come with SSL try to contact them and ask for it. You can also check major SSL provider such as Comodo, RapidSSL, GoDaddy and BlueHost.

How to Setup and Use SSL and HTTPS in WordPress

For New WordPress Site

If you are setting up a brand new website or early stage website, you can do it an easy way.

First go to Settings » General, in WordPress Address (URL) and Site Address (URL) add or replace existing text with

Don’t forget to change “” to your domain name.

For Existing WordPress Site

You can add SSL and HTTPS to your existing WordPress site by using Plugins or Manually. In my experience, if you are familiar with editing .htaccess file and coding I recommend the manual way, so you won’t load your WordPress with bunch of plugin.

However if you have no clue what I’m talking about with .htaccess file then use the plugin method. Unless you want to unleash your programming power.

Enable HTTPS and SSL on WordPress with Plugin

For non-coders, if you already installed a SSL certificate or your web hosting already provided it for you. You can force SSL and HTTPS in WordPress using the WordPress HTTPS (SSL) plugin.

  1. Download and Install WordPress HTTPS (SSL) plugin.
  2. Go to HTTPS page located in the menu on the left.
  3. Make sure Force SSL Exclusively is unchecked.
  4. Check a box that says “Force SSL Administration”.
  5. Save changes and Purge cache with the button below.
  6. Verify your changes and you’re finished.

Apache – Enable HTTPS and SSL on WordPress Manually (.htaccess method)

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$$1 [R,L]

<h3>Nginx – Enable HTTPS and SSL on WordPress Manually</h3>

server {
    listen 80;
    return 301$request_uri;

Enable HTTPS and SSL on Multi-Site Admin Area (Optional)

You can do this simply by open wp-config.php file and go to the line where it says “That’s all, stop editing”. Above that line you will add the code below to force SSL in admin area. This method works for both single and multi-site configuration.

define('FORCE_SSL_ADMIN', true);

Enable HTTPS and SSL on Specific Post or Page

In some cases you may want to enable HTTPs and SSL only on specific post or page. This can be done by using WordPress HTTPS (SSL) plugin again. It is an all-in-one solution SSL fo WordPress. A light-weight plugin is designed and focused on speed and performance.

Once you have installed and activated the plugin in WordPress admin area

Navigate to HTTPS menu on the left hand-side which is automatically added after plugin is active.

Check a box where it says “Force SSL Exclusively” and then click save changes and purge cache.

Go to a post or page that you want to enable HTTPS or SSL and in the sidebar area you will see HTTPS box appears

Check Secure post and Secure child posts and save your changes

That’s it. Now your post or page is specifically secured on the site.

Clean your WordPress Cache

In some cases you might find that HTTPS and SSL may not working properly especially when you have caching plugin installed. Make sure you empty and clear all your caches.

Share this content!
  • 1
  • 1