Force HTTPS On Your WordPress Site

I’m running my wordpress site for quite some time now.. My site is HTTPS enabled and signed with a certificate. HTTP was also possible in the past for reaching my site. In this guide i’m going to point all of the pages (including the administrative) to force HTTPS.

To simplify this, the guide will build into the following 3 parts:

  1. Force SSL for administrator pages (including the login page)
  2. Secure all normal pages with HTTPS
  3. Change .htaccess to redirect all HTTP to HTTPS

When all of this is completed you should have a WordPress site completely running secure with HTTPS.

This guide assumes that you have already bought a valid Certificate

Force SSL for administrator pages (including the login page)

Go to your FTP and change the following file in the root of the directroy: wp-config.php

Many tutorials tell you to include define('FORCE_SSL_LOGIN', true); this is deprecated in version 4.0.  Using FORCE_SSL_ADMIN is the new and working one.

From this point, every time you are visitting http://erwinbierens.com/wp-admin you should be redirected to the https version.

Secure all normal pages with HTTPS

Google rewards site owners that put their entire site behind HTTPS.  In your WordPress administrator dashboard, go to Settings -> General and change both URLs to have https://.

wordpress https

After changing the WordPress and Site Address, all links internal to your site will include https at the beginning.

Note: his will leave you with broken assets such as CSS and JavaScript and redirection.

Change WordPress .htaccess to redirect all HTTP to HTTPS

Now we are going to do a full transition to HTTPS. The only thing we need to change is the .HTACCESS file. You can find the .HTACCESS file in the root of your WordPress installation directory.

We’re going to say that if the current port isn’t matching 443, then rewrite the URL to use HTTPS with a 301 redirect. (simple as hell). The rest of the code should already exist.
wordpress htaccess
Save the file and go test you webiste! Every page u will go to will now be redirected to HTTPS.
image source: www.wphulp.nl

#EOF

You may also like..

1 comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.