Your Dedicated Partner for All Things WordPress

How to Force HTTPS on WordPress

Table of Contents

Forcing HTTPS on your website is an important step in ensuring your site’s security. It encrypts the data that passes between your website and its visitors, making it much harder for malicious actors to gain access. Fortunately, forcing HTTPS on WordPress is a relatively simple process that helps take your website’s security to the next level.

Step 1: Purchase an SSL Certificate

The first step in securing your WordPress site with HTTPS is to purchase an SSL certificate. This type of certificate acts as a digital “seal” that proves the authenticity of your domain and provides encryption for all data sent over the internet from your site. Most web hosting companies offer SSL certificates as part of their hosting package, so if you’re already hosting with one of them, you may be able to purchase an SSL certificate at a discounted rate. Otherwise, you can purchase one directly from a third-party provider such as Verisign or DigiCert.

Step 2: Set Up Your Certificate

Once you have purchased an SSL certificate, you will need to go through the process of setting it up with your web host. Depending on which company you purchased the certificate from and which web host you are using, there may be different steps involved here but generally speaking, this should involve uploading the certificate file and installing it on your server. You may also need to modify some settings in order for the certificate to work properly with WordPress. If you are unsure how to do this, most web hosts provide support for setting up SSL certificates and can help walk you through any complicated steps.

Step 3: Update Your Website Settings

Once your SSL certificate has been installed successfully, it’s time to update your website settings in order to force traffic over HTTPS instead of HTTP. This involves editing two files – wp-config.php and .htaccess – both of which can be found in the root directory of your WordPress installation (which is usually located at /public_html). In wp-config.php, add define( ‘FORCE_SSL_ADMIN’, true ); at the bottom of the file and save it; this will ensure that all admin pages are served over HTTPS instead of HTTP. Then open .htaccess and add RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} at the top before saving it; this will redirect all traffic from HTTP pages to their corresponding HTTPS versions automatically.


When done correctly, forcing HTTPS on WordPress significantly improves the security of any website by encrypting sensitive information passed between users and servers so that it cannot be intercepted by malicious actors looking for ways into unsecured sites. Using these three simple steps as outlined above, any website owner should be able to easily force HTTPS on their own WordPress site without needing any additional technical expertise or help from outside sources!

How to get started?

Learn more

WordPress Maintenance

Save 33% with our Annual pricing plan.

Get Started

Looking for help? Chat with us.

Are you in need of assistance or guidance? Look no further! Our dedicated team is here and ready to help. Chat with us today and let’s work together to find the perfect solution for your needs.

Our support team will get you:

I believe every website owner deserves a reliable professional support always by their side.

Alexey Seryapin
Founder of WPServices

Having Troubles With WordPress?

Claim Your Free WordPress Maintenance

In today’s fast-paced digital landscape, every website deserves the care and expertise of a professional maintenance team, ensuring optimal performance, enhanced security, and seamless user experiences, so you can focus on growing your business with peace of mind.

Alexey Seryapin
Founder of WPServices

Coupon Code Applied!

Take your time and continue browsing our services.

Alexey Seryapin
Founder of WPServices