Get FAST WordPress Support
World’s Fastest WordPress Support Since 2009  

HTTP to HTTPS in WordPress – Complete User Guide

All you need to know about HTTP to HTTPS in WordPress…

The moment Google announced HTTPS as a ranking boost in SEO (Search Engine Optimization), all popular browsers started terming HTTP sites as “Not Secure” (from July 2018). That was the day when HTTPS started becoming a necessity instead of a priority.

The main motto of Google is to provide a secure environment to its users, and as per  SangFroid Web, more than 70% of the users prefer to visit HTTPS sites.

With the rise in the e-commerce industry, sensitive data like credit card information, bank account numbers, passwords, etc. are shared in abundance on the internet daily. The convenience of web shopping sitting at homes or office desks in any part of the world, attracts many visitors.

As per Sleeknote, e-commerce sales are expected to reach $4.2 Trillion at the end of 2020. To protect customer sensitive data of your e-commerce store or any other online transactions, SSL security is a must.

This article will talk about what SSL is, its functioning, and how to move your HTTP site (unsecured site) to an HTTPS site (secured site) in WordPress..

What is SSL & HTTPS? How does it Function?

SSL (Secure Socket Layers) is a digital certificate that uses encryption security to secure your website data and information.

This digital certificate encrypts all communications exchanged between browser and website, keeping it safe from prying eyes.

Installation of this certificate on a website shows a padlock in the URL along with HTTPS in the address bar.

The majority of the sites nowadays start with HTTPS (HyperText Transfer Protocol Secure) instead of HTTP (HyperText Transfer Protocol).

Both these signals state that the site is secured enough and helps maintain the privacy of customer transactions.

The Functioning of SSL:

Exchange of information between browser and web server is encrypted with the help of an SSL certificate. But many visitors have questions on the functioning of the SSL certificate. They are:

  • How does the encryption and decryption process work?
  • How does the plain text get coded into ciphertext and later again converted into plain text on the receiving end?

SSL security algorithms work on encryption and decryption theory. The ciphertext from the encryption process is hard to decode, and only the sender and receiver can decrypt or translate the text. That’s the main reason why cyber-thieves abandon sites with SSL certificates because they are unable to decipher the sensitive information.

HTTP to HTTPS in WordPress

Two keys shown in the above picture are used in the encryption-decryption process. They are the public key and the private key.

The message’s sender replaces the plain text with a coded text (numbers and letters) using the public key. To get the correct information of the coded text, the receiver should have the private key sent by the sender, for the decryption process. Without the correct algorithm key, the message cannot be decrypted.

Even in unfortunate circumstances, when the public key is compromised, the message is still safe, because the unknown hacker does not have the private key to decrypt the information.

The SSL certificate has all information regarding the domain name, company name, address, city, state, and country, including the CA name, and expiry date.

Why is it essential to shift website from HTTP to HTTPS in WordPress:

Secure Sensitive Information: HTTP to HTTPS in WordPress

Your e-commerce store handles thousands of online transactions daily, and hence it becomes all the more essential to secure credit card information, login credentials, passwords, bank account numbers, etc.  

HTTP to HTTPS in WordPress Complete User Guide sent 2

HTTP sites where SSL certificate is not installed are easily susceptible to malware, ransomware, phishing attacks, etc.

Customers trust sites with SSL certificates installed when they make financial dealings, and get an assurance about their data security.

Symbol of Trust: HTTP to HTTPS in WordPress

Trust, Trust & Trust. Since SSL certificates provide robust encryption security and are SHA-2 enabled, they prove to be a trust symbol. Their encryption standards i.e., 256-bit encryption and 2048-bit digital signatures, prevent cyber-criminals from gaining control over customer sensitive data.

Also, browsers like Chrome have started labeling “Not Secure” on Http sites, which is a significant drawback for business.

HTTP to HTTPS in WordPress Complete User Guide sent 3

Another added advantage is that SSL certificates come with trust badges as shown in the above picture. These trust logos are visible on all the pages of your WordPress website.

HTTPS displays Authenticity: HTTP to HTTPS in WordPress

Research indicates that almost 90% of the customers are worried about internet privacy of transactions, and hence the importance of HTTPS cannot be challenged.

Not only does HTTPS prove trustworthy, but its padlock displays the authenticity of your WordPress website and ensures network traffic protection.

Search Engine Visibility: HTTP to HTTPS in WordPress

When Google announced HTTPS as a ranking factor in SEO, it was hellbent of providing a secure web experience to its customers. This move of shifting sites from HTTP to HTTPS by Google, for customer benefit, has led to an increase in the importance of HTTPS.

HTTPS helps boost SEO rankings and makes your site all the more visible to visitors.

Protects your Site, Products, and Data: HTTP to HTTPS in WordPress

HTTP ensures a secured browsing experience and secures your site and products from internet thieves. When encryption security is not enabled on the site, it becomes easy for unauthorized sources to access your information.

Apart from protecting customer data, it also protects online retailers and prevents identity fraud too. Hence HTTPS sites are far safer than HTTP sites because they minimize the risks of online business.

Increase in Website Speed: HTTP to HTTPS in WordPress

HTTPS is undoubtedly faster than HTTP sites. Just check out on, which states that HTTPS has a slightly fast page load speed and hence is another favorable factor for SEO.

Page load speed is also a ranking factor in SEO, and hence HOBO indicates that 53% of the visitors abandon sites having more page load speed (more than 3 seconds).

Since HTTPS’s importance is established, let’s check out the steps involved in shifting the site from HTTP to HTTPS.

Steps required for shifting the website from HTTP to HTTPS in WordPress:

Website Backup: HTTP to HTTPS in WordPress

Before making any major transformation to your site, website backup is an essential process. Though it may be lengthy and time-consuming, depending on your site content, images, and pages, it’s worth the time and money.


  • Safeguards human error
  • Prevents data loss
  • Help take care of Malware Infections
  • Protection against cyber-attackers
  • Ensures continual Revenues
  • Reduces damages

There are many more advantages and many website backup services available, which may help you keep your website safe and secure.

Order &Purchase SSL Certificate: HTTP to HTTPS in WordPress

You need to Buy an SSL certificate and purchase the same from a reputed Certificate Authority for your WordPress website.


  • Set up your server for SSL installation
  • Update your WHOIS record with the correct information i.e., company name, address, contact number, email id, etc.
  • Generate the CSR request on the server
  • Submit the CSR and other required information to the CA
  • Get your company and domain name validated
  • Receive your SSL certificate and Install the same

Free SSL and Paid SSL certificates are available in the market. Consider your business requirements and select your SSL wisely.

Install SSL Certificate: HTTP to HTTPS in WordPress

Many business owners are hesitant to spend on SSL certificates. Many WordPress hosting companies offer free SSL to their customers. Let’s Encrypt is one such Certificate Authority that provides free SSL certificates.

BlueHost, HostGator, WP Engine, etc are some WordPress Hosting Companies that offer free SSL certificates along with their hosting plans.

WordPress offers free SSL plugins like Really Simple SSL, SSL Zen, Auto-Install Free SSL, etc. for securing your website with encryption.

Installation Process:

    • Login to Web Host Manager (WHM)
    • Enter User name and Password
    • In your WHM homepage, click SSL/TLS button
    • In SSL/TLS button, click Install an SSL certificate on a Domain
    • Type your Domain name in the Domain name field
    • Input your certificate file
    • Later click Install.

Your SSL certificate is successfully installed on your WordPress website.

Many cheap SSL certificate providers provide paid SSL certificates in different validations i.e. DV, OV &EV. Install SSL certificate from ClickSSL, and get the best discounts on SSL certificates.

Configuring HTTPS in WordPress Admin Area& Update Site Address: HTTP to HTTPS in WordPress

To change your WordPress website URL from HTTP to HTTPS you need to follow the below steps.

    • Login in WordPress Dashboard
    • Later go to Settings > General
    • Check whether the WordPress URL and Site URL is HTTPS or not. If not, add HTTPS in both the URL as shown in the image below.
HTTP to HTTPS in WordPress Complete User Guide sent 4
    • Later click Save.
    • Go to site’s wp-config.php file and defineForce_SSL_Admin to true

This command will force all logins, URLs, and admin sessions to move over SSL.

Old HTTP links can lead to errors in your site. While migrating a website from HTTP to HTTPS, many times, it may happen that some links related to images, videos, templates, etc. are not processed,; which may lead to Mixed Content Error.

Dr. Link Check is one such Checker tool for locating all HTTP links on your site. To know more about this tool, click here.

Set 301 Redirects in .htaccess: HTTP to HTTPS in WordPress

The main purpose of setting 301 redirects is to forward visitors directly to the secured version. For that, a command needs to be written in the .htaccess file located in the WordPress root directory.

Since this file is hidden by default, un-hide all files in the WP root directory and click .htaccess.

Write the below mentioned command in the file.

RewriteEngine on


RewriteCond %{HTTP_HOST} ^ [NC,OR]

RewriteCond %{HTTP_HOST} ^ [NC]

RewriteRule^(.*)$$1 [L,R=301,NC]

This will land all visitors on the secured HTTPS version of your WP site. It is essential to ensure that duplication of pages (in both versions) does not prevail, to benefit SEO.

SSL Test: HTTP to HTTPS in WordPress

SSL Server Test is used for checking whether your SSL certificate is installed properly or not. Insert your domain name in the hostname and click “Submit”.

You will get a summary of the overall rating of your website including issues needed for fixation.

HTTP to HTTPS in WordPress Complete User Guide sent 1

You can also use the SSL Checker tool, to diagnose SSL installation problems.

Update your Site Environment: HTTP to HTTPS in WordPress

Last few steps for completing the transfer procedure from HTTP to HTTPS are:

    • Update the sitemap, add in robots.txt file and update all the links
    • Add the HTTPS version of your website to all the webmaster tools, upload the new sitemap.
    • Update your CDN (Content Delivery Network)
    • Switch the new version in Google Analytics in Admin > Property Settings > Default URL.

Submit your HTTPS version to Google Search Console: HTTP to HTTPS in WordPress

For Google, HTTP and HTTPS versions are 2 different websites. You need to inform this search engine giant that your website has been moved to HTTPS to gain SEO benefits too.


    • Go to Google Search Console account, click “Add a property button”
    • Add new HTTPS address of your website in the popup
    • Verify the ownership of your website with multiple options given in Search Console

To know more about the same, click here.

HTTPS Troubleshooting Tips:

A few things need to be taken care of post the shifting process.

    • Mixed Content Error:

Though minute details are taken care of while moving the site from HTTP to HTTPS, there may be a few non-secure links on secured pages. This may give the Mixed Content Error message.

Install and enable the SSL Insecure Content fixer to track down the links and fix the error. Detailed information on resolving Mixed Content Error in WordPress is available on here.

Wrapping Up:

Being a website owner, you need to ensure that your website and network traffic are secured from cyber-criminals. This tutorial will give you a complete picture of the importance of SSL certificate, how to install it, how to move your site from HTTP to HTTPS, things to be taken care of, and how to resolve errors or queries in the transfer process.

I hope this guide suffices in making your site more secure by successfully adding HTTPS and SSL, thus giving a secured environment to your visitors.

We also have a detailed post on how you can fix a WordPress Mixed Content Warning at THIS LINK.

WordPress HTTPS Service

HTTPS Service

It is so important that your site loads using HTTPS. This will make sure that is so.

Leave a Reply

Your email address will not be published. Required fields are marked *