How to Force and use HTTPS WordPress
Editors Note: You will first need to purchase/install an SSL certificate and configure it with your server/hosting before any of the following will work or be of any use.
If you’ve recently purchased a HTTPS/SSL certificate for your WordPress site you’ll undoubtedly be looking for an easy way to get the whole site using HTTPS:// domain structure.
It’s pretty simple.
- Visit your WordPress settings
(/wp-admin/options-general.php)
and add change theHTTP://
toHTTPS://
in both of the WordPress Address (URL) and Site Address (URL) fields. - Add/update your wordpress
.htaccess
file to look like the following, ensuring you comment/un-comment the appropriate rule, depending on whether you use www. or not.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on [NC]
# Make sure only one of the following Rewrite rules is un-commented, choose the one that is appropriate for you (Either www, or none).
# For Non WWW:
RewriteRule ^/?(wp-admin/|wp-login\.php) https://%{HTTP_HOST}.co.uk%{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]
# For www:
# RewriteRule ^/?(wp-admin/|wp-login\.php) https://www.%{HTTP_HOST}.co.uk%{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
And now all of your WordPress site will automatically direct users to the HTTPS version of your site. Don’t forget to add the HTTPS version to your Google webmasters/analytics and ensure you update any scripts etc that you can think of. Any questions just give me a shout on Twitter.