WordPress SSL Configuration

Move your WordPress site to HTTPS correctly.

Moving WordPress to HTTPS involves more than installing a certificate. The database contains hardcoded URLs, plugins can cause mixed content, and configuration must be adapted.

A poorly executed migration can break the site, cause redirect loops, or leave mixed content that scares visitors.

This guide covers all steps for a successful WordPress HTTPS migration.

WordPress Specifics

Why WordPress needs special attention:

  • URLs in database: URLs are stored as absolute in the database.
  • wp-config.php: some settings must be configured manually.
  • Plugins and themes: some may hardcode HTTP URLs.
  • CDN and cache: caches must be purged after migration.

HTTPS Benefits for WordPress

Why migrate your WordPress:

  • SEO boost: Google favors HTTPS sites.
  • Trust: the padlock reassures your visitors.
  • Security: protect your users' logins and data.
  • Performance: HTTPS enables HTTP/2 for faster loading.

Migration Steps

Complete process for WordPress HTTPS:

  1. Install certificate: configure SSL on your hosting.
  2. Update URLs: change siteurl and home to HTTPS.
  3. Replace in database: use Search & Replace to change URLs.
  4. Force HTTPS: configure redirects and wp-config.

Configuration

Necessary modifications:

// wp-config.php - Force HTTPS
define("FORCE_SSL_ADMIN", true);
if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") {
    $_SERVER["HTTPS"] = "on";
}

// .htaccess - HTTP to HTTPS redirect
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

// WP-CLI - Search & Replace
wp search-replace "http://example.com" "https://example.com" --all-tables

FORCE_SSL_ADMIN secures the dashboard. X-Forwarded-Proto handles proxies/CDN.

Best Practices

Tips for smooth migration:

  • Backup first: complete backup of database and files before any modification.
  • Use a plugin: Really Simple SSL can help but understand what it does.
  • Purge caches: clear all caches after migration.
  • Test mixed content: use DevTools to find HTTP resources.

WordPress HTTPS Checklist

  • Backup performed
  • Certificate installed
  • siteurl and home updated
  • Search & Replace executed
  • Redirects configured
  • Mixed content fixed

Frequently Asked Questions

Which SSL plugin should I use?

Really Simple SSL is popular, but manual configuration is cleaner.

I have a redirect loop!

Add the X-Forwarded-Proto code in wp-config.php if you're behind a proxy.

My theme breaks things

Look for hardcoded URLs in theme files and fix them.

How to find mixed content?

Browser console (F12) or use whynopadlock.com.

Should I regenerate the sitemap?

Yes, regenerate the sitemap with new HTTPS URLs.

What about Google Search Console?

Add the HTTPS version of your site as a new property.

Secure WordPress

A well-executed WordPress HTTPS migration improves security, SEO and visitor trust.

Monitor your SSL certificate with MoniTao to be alerted before any expiration.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing