How to Force SSL (HTTPS) on WordPress in Easy Steps

Learn how to force SSL on WordPress quickly and easily. Enable HTTPS, keep sensitive information safe, and give your visitors peace of mind.


Force SSL (HTTPS) on WordPress: Quick Steps

Forcing SSL on WordPress ensures that all visitors are automatically redirected from the insecure http:// of your site to the secure https:// version. This process encrypts data transmission, protects user privacy, and is a standard requirement for modern SEO and payment processing.


Watch this video tutorial below:


Follow these steps and considerations to implement and maintain a secure connection:

  • Force SSL WordPress using the Really Simple SSL plugin, manual wp-config.php edits, or adding a 301 redirect rule to the .htaccess file.
  • Protects user data via encryption, removes "Not Secure" browser warnings, and improves SEO rankings as Google prioritizes secure sites.
  • Resolve common issues by using search-and-replace tools to update asset URLs and clearing server/browser cache.

How to force SSL on WordPress

Forcing SSL means any requests to HTTP are redirected to HTTPS. This is generally a good thing: Google prefers HTTPS for search, Chrome will display a “Not Secure” message when accessing HTTP, and scripts and features such as payment processing require your pages to be as secure as possible.


While some platforms allow a simple toggle, a WordPress site offers several ways to ensure your traffic remains encrypted.

Method 1: Use a plugin

This is the safest and easiest option for most users.

  1. Go to Plugins → Add New.
  2. Search for Really Simple SSL.
  3. Install and activate the plugin.
  4. Click Enable SSL when prompted.

The plugin automatically updates site URLs, fixes mixed content, and adds redirects.

Method 2: Force SSL via wp-config.php

For those who prefer a manual touch without extra plugins, add this line to your wp-config.php file to force SSL on the WordPress admin dashboard: 

define('FORCE_SSL_ADMIN', true);

Then ensure your WordPress Address and Site Address fields (Settings → General) both start with https://. This method forces SSL for the admin area and helps apply HTTPS sitewide.

Method 3: Force HTTPS with .htaccess (301 Redirect)

To force SSL across the entire site at the server level, add the following code to the .htaccess file:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Why this works:

A 301 redirect tells browsers and Google that your site’s secure version is the default.

Force SSL in Convertri

If your domain has SSL enabled, you can switch it on or off in the Domains section:

  1. In the Dashboard, click Account. Then, click Domains in the left-hand menu.
  2. Next to the domain you want to edit, click More.
  3. Click the Redirect tab. Choose Force SSL from the dropdown menu.
  4. Click Update.

Troubleshooting common SSL issues

WordPress mixed content error after forcing SSL

This happens when some images, scripts, or CSS files still load using HTTP.

Fixes:

  • Use Really Simple SSL to auto-correct URLs.
  • Run a search-and-replace plugin (Better Search Replace) to update old HTTP links.
  • Clear WordPress, CDN, and browser caches.

Still seeing the HTTP version indexed

Possible causes:

  • Google hasn’t crawled the redirect yet.
  • Mixed content prevented full indexing.
  • Redirect not set as 301.

Fixes:

  • Set a proper 301 redirect.
  • Request indexing in Google Search Console.

Redirect loop after forcing SSL

Usually caused by:

  • Conflicting redirects (plugin + .htaccess + Cloudflare).
  • HTTPS is not fully enabled on the hosting.

Fixes:

  • Disable plugins temporarily.
  • Remove duplicate rules from .htaccess.
  • Ensure SSL is active in the hosting control panel.

SSL works on domain but not in WordPress admin

Even after forcing SSL, Google may take time to update its index.

Fixes:

  • Updating URLs in Settings → General.
  • Adding define('FORCE_SSL_ADMIN', true); to wp-config.php.
  • Clearing the plugin or server-side caching.

Frequently Asked Questions

How do I force HTTPS in WordPress?

Use a plugin like Really Simple SSL, or add a 301 redirect in .htaccess, and update WordPress URLs to HTTPS.

How do I redirect in WordPress?

Add a 301 redirect rule in .htaccess or enable it via your hosting panel.

Does forcing SSL affect SEO?

Yes. Google prefers HTTPS and may rank secure sites higher.

What is mixed content, and how do I fix it?

Mixed content occurs when a secure page loads an insecure URL. Update all asset URLs to HTTPS, or use a plugin to fix them automatically.

How long does Google take to update HTTPS indexing?

Most sites update within a few days to a few weeks once a proper 301 redirect is in place. But it usually depends on the crawl rate.

Do I need a plugin to force HTTPS?

Not required, but plugins make it easier and reduce errors.

Why does my site show “Not Secure” even after forcing SSL?

Your SSL certificate may have expired, be misconfigured, or URLs may still load via HTTP.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.