How to Force and use HTTPS WordPress

Posted by: Alex on October 18, 2014

Editors Note: You will first need to purchase/install an SSL certificate and configure it with your server/hosting before any of the following will work or be of any use.

If you’ve recently purchased a HTTPS/SSL certificate for your WordPress site you’ll undoubtedly be looking for an easy way to get the whole site using HTTPS:// domain structure.

It’s pretty simple.

  • Visit your WordPress settings (/wp-admin/options-general.php) and add change the HTTP:// to HTTPS:// in both of the WordPress Address (URL) and Site Address (URL) fields.
  • Add/update your wordpress .htaccess file to look like the following, ensuring you comment/un-comment the appropriate rule, depending on whether you use www. or not.

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on [NC]

# Make sure only one of the following Rewrite rules is un-commented, choose the one that is appropriate for you (Either www, or none).
# For Non WWW:
RewriteRule ^/?(wp-admin/|wp-login\.php) https://%{HTTP_HOST}{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]
# For www:
# RewriteRule ^/?(wp-admin/|wp-login\.php) https://www.%{HTTP_HOST}{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

And now all of your WordPress site will automatically direct users to the HTTPS version of your site. Don’t forget to add the HTTPS version to your Google webmasters/analytics and ensure you update any scripts etc that you can think of. Any questions just give me a shout on Twitter.