If you find yourself in a situation that requires changes to your site, and your developer isn't available to help, DreamHost's skilled support team may be able to assist you for a small fee. You can find more information about supported services and associated costs in the DreamHost Professional Services article.
Overview
Adding an SSL certificate to your WordPress site is an excellent first step toward securing your data. However, there are a few other steps you must take to fully ensure all links within your site point to the secure version of your domain name (This means the HTTPS version).
Please note that these instructions do not apply to DreamPress sites. If your WordPress site is on DreamPress, please follow these instructions instead:
Step 1 — Add an SSL certificate to the domain
Make sure your site is properly set up for HTTPS. You must first add SSL certificate to your site.
Depending on your requirements for the site, you may also require a Unique IP address. See the Unique IP article for more information.
Make sure your SSL certificate is active before continuing.
Step 2 — Update database URLs
This step is only necessary if you added an SSL certificate to a site that was already built. If so, there are old HTTP URLs that need to be updated to HTTPS.
If this is a brand new site without any data, you can skip this step. This is because all new pages/posts you create will use the new HTTPS URL automatically.
Your WordPress database has several hard-coded URLs that point to the http version of your domain. You have two options to update your database URLs. View the following article for further instructions:
Step 3 — Verify the Home and Site URL are updated
Log into WordPress using the new secure HTTPS URL and navigate to the Settings -> General page:
- https://example.com/wp-login.php
On the General page you should see your Home and Site URL now points to https.
Clear your plugin's cache
At this point, you should also delete your cache if using WP Super Cache.
If you check your site now, all URLs within your WordPress site will use the new domain name.
Step 4 — Update your wp-config.php file
- Log into your webserver via SSH or SFTP.
- Find the file named wp-config.php in your WordPress site directory, and then open it in a text editor.
- Add the following two lines above the line that says /* That's all, stop editing! Happy blogging. */:
define('FORCE_SSL', true); define('FORCE_SSL_ADMIN',true);
Step 5 — Force the URL to redirect to HTTPS
After you have added an SSL certificate to your domain, DreamHost automatically redirects the URL visitors use to view your site from HTTP to HTTPS. The S ensures that your connection is encrypted. For example:
- https://example.com
There's nothing on your end you must do in order to force your site to use the secure URL. However, in some special cases, it may be necessary for you to create your own custom configuration file to force the redirect from HTTP to HTTPS.
Adding custom code is only necessary if your website requires specific code to force the redirect. If so, you will need to first disable the automatic redirect in your panel.
Once disabled, you can then proceed with adding your custom redirect file.
Most WordPress sites do NOT require you to add code to the .htaccess file to redirect it. However, if your specific WordPress site requires custom code for some reason, you could force your site to redirect from HTTP to HTTPS using the following article code.
Step 6 — Prevent mixed-content warnings using an .htaccess file
It's a good idea to add a line of code to your .htaccess file to avoid any possible mixed-content warnings. View the following article for further details.
Configuring Cloudflare with your SSL certificate
This section is only necessary if you have also added Cloudflare to your domain. If so, view the following article for information on how to configure it properly.
Summary
Once you have completed all steps above, any request to your website will redirect to the HTTPS version.