How do I use an SSL certificate with WordPress?

Overview

Adding an SSL certificate to your WordPress site is an excellent first step towards securing your data. However, there are a few other steps you must take to fully ensure all links within your site point to the secure version of your domain name (This means the 'HTTPS' version).

Please note that these instructions do not apply to DreamPress sites. If your WordPress site is on DreamPress, please follow these instructions instead:

Step 1 — Add an SSL certificate to the domain

Make sure your site is properly set up for HTTPS. You must first add SSL certificate to your site.

Depending on your requirements for the site, you may also require a Unique IP address. See the Unique IP article for more information.

Make sure your SSL certificate is active before continuing.

Step 2 — Update database URLs

Your WordPress database has several hard-coded URLs that point to the 'http' version of your domain. You have two options to update your database URLs:

  • Use a Plugin
  • Use the command line

View the following article for further instructions:

Step 3 — Verify the Home and Site URL are updated

  1. Log into WordPress using the new secure HTTPS URL.
    • https://example.com/wp-login.php
    \
  2. Navigate to Settings -> General page.
  3. On the General page you should see your Home and Site URL now points to 'https'.

Clear your plugin's cache

At this point, you should also delete your cache if using WP Super Cache. 

If you check your site now, all URLs within your WordPress site will use the new domain name.

Step 4 — Update your wp-config.php file

  1. Log into your webserver via SSH or SFTP.
  2. Find the file named 'wp-config.php' in your WordPress site directory, and then open it in a text editor.
  3. ​Add the following two lines above the line that​ says /* That's all, stop editing! Happy blogging. */:
    define('FORCE_SSL', true);
    define('FORCE_SSL_ADMIN',true);
    

Step 5 — Force the URL to redirect to HTTPS

You can force your site to redirect from HTTP to HTTPS in two ways:

It's also a good idea to add a few more lines of code to your .htaccess file to avoid any possible mixed-content warnings.

Configuring Cloudflare with your SSL certificate

This section is only necessary if you have also added Cloudflare to your domain. If so, view the following article for information on how to configure it properly.

Summary

Once you have completed all steps above, any request to your website will redirect to the HTTPS version.

See also

Did this article answer your questions?

Article last updated PST.