Home / WordPress / WordPress: How to force HTTPS

WordPress: How to force HTTPS

Published On: February 2nd, 2020|Categories: WordPress|Tags: , , |2 min read|

In order to force SSL/HTTPS on WordPress, a SSL certificate is required. Secure Sockets Layer (SSL) makes it possible to encrypt communications between two devices. To use the HTTPS protocol, your website needs to obtain a SSL certificate. Almost all hosting providers now give you a free SSL certificate, but you can always buy whatever certificate you want for different type of protection. Only websites that have SSL installed and configured can use HTTPS.

Forcing WordPress to use SSL means making sure the site loads over HTTPS by default. This way, you increase safety across all pages, even if they don’t have HTTPS typed in the URL bar. So here are three ways to force SSL (HTTPS) on your WordPress website.

#1: Using your .htaccess file to force HTTPS on WordPress

The .htaccess file is a core WordPress file and governs the way your website interacts with the server. It is located in the root of your WordPress installation. To force HTTPS on WordPress through .htaccess go ahead and edit it. Place the following code just before # END WordPress line.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

#2: Using wp-config.php file to Force SSL (HTTPS) in WordPress Admin and Login

Using wp-config.php you can tell WordPress to force SSL throughout the admin dashboard and login pages. Like .htaccess, wp-config.php is also located in the root of your WordPress installation. You just have to add the following two lines of code:

    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);

#3: Using functions.php file to force SSL (HTTPS)

Another way to force HTTPS on your WordPress website is to use template_redirect WordPress action to redirect all HTTP pages to HTTPS. Go ahead and edit your child theme’s functions.php file and add the following code:

add_action('template_redirect', 'webroom_force_ssl');
function webroom_force_ssl(){
	if (!is_ssl()) {
		wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301);

#4: Using a plugin to force SSL

If you are not sure how to perform the above methods, a more easy approach on forcing SSL to WordPress is by installing a plugin. You can choose from various plugins here in the WordPress Plugins Directory. All you need to have is a SSL certificate and the plugins will do the rest. Consider the number of active installations when choosing a plugin.

Related Articles

If you enjoyed reading this, then please explore our other articles below:

More Articles

If you enjoyed reading this, then please explore our other articles below: