Talk to us!

How to Enforce HTTPS on Your WordPress Website

  • Sep 2 2023

In an era where online security is paramount, ensuring that your website is served over a secure connection has become a necessity. HTTPS not only encrypts data transmission between your site and its visitors but also boosts your SEO rankings. If your WordPress website is still using HTTP, it’s time to make the switch. In this guide, we’ll walk you through the process of enforcing HTTPS on your WordPress site, including editing the .htaccess file, ensuring both security and trustworthiness.

1. Choose the Right Hosting Provider

Before you start, ensure that your hosting provider supports HTTPS. Many reputable providers, including Malaysia Web Hosting, offer free SSL certificates as part of their hosting packages.

2. Acquire an SSL Certificate

To enable HTTPS, you’ll need an SSL (Secure Sockets Layer) certificate. Most hosting providers offer a one-click installation of free Let’s Encrypt certificates, making the process seamless.

3. Install and Activate the SSL Certificate

Follow your hosting provider’s instructions to install and activate the SSL certificate for your domain. This typically involves a few clicks in your hosting control panel.

4. Update Your WordPress Settings

Log in to your WordPress dashboard and navigate to ‘Settings’ > ‘General.’ Ensure that both the WordPress Address (URL) and Site Address (URL) start with ‘https://.’ Save your changes.

5. Update Internal Links

To avoid mixed content issues (a mix of HTTP and HTTPS resources), you’ll need to update internal links. You can use a plugin like “Better Search Replace” to search for HTTP URLs in your content and replace them with HTTPS.

6. Implement a 301 Redirect with .htaccess

To enforce HTTPS and ensure that all HTTP requests are automatically redirected to HTTPS, you’ll need to edit your website’s .htaccess file. Here’s how to do it:

a. Access your website’s root directory using an FTP client or your hosting provider’s file manager.

b. Locate the .htaccess file. If it doesn’t exist, you can create one using a text editor.

c. Edit the .htaccess file and add the following code at the beginning:

   <IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This code checks if HTTPS is off and redirects all HTTP requests to HTTPS.

d. Save the .htaccess file and upload it back to your website’s root directory if necessary.

7. Update External Links and Resources

Check external links and resources in your content, including widgets and scripts, to ensure they use HTTPS. Replace any HTTP references with their secure counterparts.

8. Test Your Website

After making these changes, thoroughly test your website to ensure that all pages, images, and resources load securely over HTTPS. Look out for any mixed content warnings in your browser’s developer console.

9. Update Google Search Console

If you’ve previously added your website to Google Search Console, update the property settings to reflect the change to HTTPS. This helps Google index your secure pages correctly.

10. Monitor and Maintain

Regularly monitor your website to ensure that HTTPS is enforced consistently. Keep your SSL certificate up to date and renew it as needed.


By following these steps, including editing the .htaccess file, you can enforce HTTPS on your WordPress website, enhancing its security, trustworthiness, and SEO rankings. As online security concerns continue to grow, making the transition to HTTPS is not just a good practice; it’s essential for the long-term success and credibility of your website.

Feel free to customize and expand upon this guide to fit the specific needs