How do I use an SSL certificate with WordPress?

Adding an SSL certificate to your WordPress site is an excellent first step towards securing your data. However, there are a few other steps you must take to fully ensure all links within your site point to the secure version of your domain name (This means the 'HTTPS' version).

Please note that these instructions do not apply to DreamPress sites. If your WordPress site is on DreamPress, please follow these instructions instead:

Add an SSL certificate to the domain

Make sure your site is properly set up for HTTPS. You need to have an SSL certificate applied to your site and possibly a Unique IP address depending on your requirements for the site. See the Unique IP article for more information.

Make sure your SSL certificate is active before continuing.

Update database URLs

Your WordPress database has several hard-coded URLs that point to the 'http' version of your domain. To update everything very quickly to 'https', use a plugin. This will change all internal URLs to use the new secure URL. View the following article for instructions on how to do this with a plugin:

At this point all URLs in your database now point to 'https'. You'll be logged out after running the plugin above. Log back into your site again at the 'https' URL instead. For example:

  • https://example.com

Verify the Home and Site URL are updated

  1. After running the plugin above, log into WordPress using the new secure HTTPS URL.
    • https://example.com/wp-login.php
    "
  2. Navigate to Settings -> General page.
  3. On the General page you should see your Home and Site URL now points to 'https'.

Update your wp-config.php file

  1. Log into your webserver via SSH or SFTP.
  2. Find the file named 'wp-config.php' in your WordPress site directory, and then open it in a text editor.
  3. ​Add the following two lines above the line that​ says /* That's all, stop editing! Happy blogging. */:
    define('FORCE_SSL', true);
    define('FORCE_SSL_ADMIN',true);
    

Force the URL to redirect to HTTPS

You can force your site to redirect from HTTP to HTTPS in two ways:

Configuring Cloudflare with your SSL certificate

This section is only necessary if you have also added Cloudflare to your domain. If so, view the following article for information on how to configure it properly.

Summary

Once you have completed all steps above, any request to your website will redirect to the HTTPS version.

See also

Did this article answer your questions?

Article last updated PST.