How do I use an SSL certificate with WordPress?

Adding an SSL certificate to your WordPress site is an excellent first step towards securing your data. However, there are a few other steps you must take to fully ensure all links within your site point to the secure version of your domain name (This means the 'HTTPS' version).

Add an SSL certificate to the domain

Make sure your site is properly set up for HTTPS. You need to have an SSL certificate applied to your site and possibly a Unique IP address depending on your requirements for the site. See the Unique IP article for more information.

Update the Home and Site URL in WordPress

  1. Log into WordPress using the new secure HTTPS URL.
  2. Navigate to Settings -> General page.
  3. On the General page, change the URLs to add the 's' in 'HTTPS'.
  4. Scroll down and click the Save Changes button.

    When you click Save Changes, WordPress will log you out.

Update your wp-config.php file

  1. Log into your webserver via SSH or SFTP.
  2. Find the file named 'wp-config.php' in your WordPress site directory, and then open it in a text editor.
  3. ​Add the following two lines above the line that​ says /* That's all, stop editing! Happy blogging. */:
    define('FORCE_SSL', true);

Force the URL to redirect to HTTPS

You can force your site to redirect from HTTP to HTTPS in two ways:

Update database URLs

If this is a new WordPress site

If this is a brand new site, all new pages and posts you create will be saved with the HTTPS URL, so no further changes are required.

If this is an existing WordPress site with content

If this is an existing site with existing images, posts, and pages, you must also change all internal URLs to use the new secure URL. View the following article for instructions on how to do this with a plugin:

Configuring Cloudflare with your SSL certificate

This section is only necessary if you have also added Cloudflare to your domain. If so, view the following article for information on how to configure it properly.


Once you have completed all steps above, any request to your website will redirect to the HTTPS version.

See also

Did this article answer your questions?

Article last updated PST.