Adding an SSL certificate to your WordPress site is an excellent first step towards securing your data. However, there are a few other steps you must take to fully ensure all links within your site point to the secure version of your domain name (This means the 'HTTPS' version).
Add an SSL certificate to the domain
Make sure your site is properly set up for HTTPS. You need to have an SSL certificate applied to your site and possibly a Unique IP address depending on your requirements for the site. See the Unique IP article for more information.
Update the Home and Site URL in WordPress
- Log into WordPress using the new secure HTTPS URL.
- Navigate to Settings -> General page.
- On the General page, change the URLs to add the 's' in 'HTTPS'.
- Scroll down and click the Save Changes button.
When you click Save Changes, WordPress will log you out.
Update your wp-config.php file
- Log into your webserver via SSH or SFTP.
- Find the file named 'wp-config.php' in your WordPress site directory, and then open it in a text editor.
- Add the following two lines above the line that says /* That's all, stop editing! Happy blogging. */:
define('FORCE_SSL', true); define('FORCE_SSL_ADMIN',true);
Force the URL to redirect to HTTPS
You can force your site to redirect from HTTP to HTTPS in two ways:
Update database URLs
If this is a new WordPress site
If this is a brand new site, all new pages and posts you create will be saved with the HTTPS URL, so no further changes are required.
If this is an existing WordPress site with content
If this is an existing site with existing images, posts, and pages, you must also change all internal URLs to use the new secure URL. View the following article for instructions on how to do this with a plugin:
Configuring Cloudflare with your SSL certificate
This section is only necessary if you have also added Cloudflare to your domain. If so, view the following article for information on how to configure it properly.
Once you have completed all steps above, any request to your website will redirect to the HTTPS version.