Home / WordPress / WordPress: How to force HTTPS

WordPress: How to force HTTPS

Published On: February 2nd, 2020|Categories: WordPress|Tags: , , |2 min read|

In order to force SSL/HTTPS on WordPress, a SSL certificate is required. Secure Sockets Layer (SSL) makes it possible to encrypt communications between two devices. To use the HTTPS protocol, your website needs to obtain a SSL certificate. Almost all hosting providers now give you a free SSL certificate, but you can always buy whatever certificate you want for different type of protection. Only websites that have SSL installed and configured can use HTTPS.

Forcing WordPress to use SSL means making sure the site loads over HTTPS by default. This way, you increase safety across all pages, even if they don’t have HTTPS typed in the URL bar. So here are three ways to force SSL (HTTPS) on your WordPress website.

#1: Using your .htaccess file to force HTTPS on WordPress

The .htaccess file is a core WordPress file and governs the way your website interacts with the server. It is located in the root of your WordPress installation. To force HTTPS on WordPress through .htaccess go ahead and edit it. Place the following code just before # END WordPress line.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

#2: Using wp-config.php file to Force SSL (HTTPS) in WordPress Admin and Login

Using wp-config.php you can tell WordPress to force SSL throughout the admin dashboard and login pages. Like .htaccess, wp-config.php is also located in the root of your WordPress installation. You just have to add the following two lines of code:

    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);

#3: Using functions.php file to force SSL (HTTPS)

Another way to force HTTPS on your WordPress website is to use template_redirect WordPress action to redirect all HTTP pages to HTTPS. Go ahead and edit your child theme’s functions.php file and add the following code:

add_action('template_redirect', 'webroom_force_ssl');
function webroom_force_ssl(){
	if (!is_ssl()) {
		wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301);
		exit();
	}
}

#4: Using a plugin to force SSL

If you are not sure how to perform the above methods, a more easy approach on forcing SSL to WordPress is by installing a plugin. You can choose from various plugins here in the WordPress Plugins Directory. All you need to have is a SSL certificate and the plugins will do the rest. Consider the number of active installations when choosing a plugin.

Recent Articles




Related Articles

If you enjoyed reading this, then please explore our other articles below:

headless wordpress

What is Headless WordPress

April 17th, 2024
What is cron job

Understanding Cron Jobs: Definitions and Examples

April 10th, 2024
WordPress Security

WordPress Security: Best Practices for Protecting Your Website in 2024

April 2nd, 2024
WordPress Multilingual

A Comprehensive Guide to WordPress Multilingual Websites

March 27th, 2024

The Role of UX Principles in Crafting a Winning WooCommerce Store

March 18th, 2024

Add class to menu item if product category is empty

March 15th, 2024
Different VPN Protocols

Understanding Different VPN Protocols: A Comprehensive Overview

March 6th, 2024
10 Most Common Site Security Threats

Safeguarding Your Website: Understanding and Mitigating the 10 Most Common Site Security Threats

March 4th, 2024

More Articles

If you enjoyed reading this, then please explore our other articles below: