How to Add SSL and HTTPS in WordPress

By: nirvaris  |  April 24, 2017


First of all, if you are not sure if you need to have HTTPS on your WordPress, you should read these 5 good reasons we listed below on why you should do this:

  • Best website performance
  • Benefit your SEO rankings
  • Better Referral Data
  • Unconsciously, SSL builds Trust and Credibility
  • And obviously, more security.


You will need a SSL Certificate

HTTPS / SSLTo put the https on your website address, you will need a SSL Certificate. Here at we give SSL/HTTPS certificates for free. That means if you have your website hosted by us, you already have a SSL/HTTPS certificate and can go to the next step. Otherwise you can search on Google how to buy and install a SSL/HTTPS certificate.


Force redirect URLs to HTTPS (301 redirects)

This is the most important step. A 301 redirect is a permanent redirect which passes between 90-99% of link juice (ranking power) to the redirected page. If you don’t implement 301 redirects you could seriously hurt your SEO rankings and your site could completely drop out of SERPs overnight.

To do the redirect you will need to edit the .htaccess file of your WordPress. You can find the file at the root directory of your website, and to edit the file you can use the FileManager tool from CPanel or download the file from FTP.

With the file opened, add the following lines:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

That’s it, let’s move on.


Update all Hard-coded Links to HTTPS

If you are starting a new WordPress website or blog this is not a problem as you don’t have lots of pages, posts and media files linked to them. But if you are migrating an existing WordPress from HTTP to HTTPS, you should take a closer look to the absolute url paths.

WordPress adds absolute URLs to menus and media files. That means some URLs for static files (images, javascripts and stylesheet files) are hard-coded with http://www. Then what you need to do is to replace all absolute URLs with http://www with https://www.

We found that Really Simple SSL is a very nice WordPress plugin that does this hard task in a few steps. You just need to install the plugin, activate it and check the settings in just one page.

Really Simple SSL

After installing and activating the plugin, all should work and your WordPress website or blog should be running with https://www.


Test your website with HTTPS

To make sure all looks good, you can access your website in an incognito window. At the address bar write only, after the page loads you will see the address has changed to

Another test you can do is to use a tool which scan your website and finds any non-secure content. SSL Check is a great little tool created by developers of JitBit and you can use it for free. 😉


What’s next?

Ok, your website/blog is now running under HTTPS/SSL, but, as you know, the work never ends. Don’t forget to update all hard-coded links from the tools you may have connected or are pointing to your website. Bellow we made a list of some stuff that you will need to check:


  • Check your robots.txt file – hard-coded links or blocking rules might still be pointing to HTTP directories or files.
  • Google Search Console – create a new Google Search Console profile for your HTTPS website.
  • Update the Sitemap – resubmit the HTTPS version in your new Google Search Console profile.
  • Resubmit Your Disavow File – Go to Google Disavow tool, launch the disavow tool again under your new HTTPS site and resubmit your file.
  • Change your Google Analytics profile URL  – to not lose any history and can pick up right where you left off.
  • Fetch and crawl your website – to get things moving a little faster, you can do a fetch and crawl on your new HTTPs site.