If you add an SSL certificate to your domain, you can force all visitors to secure HTTPS pages.
Redirecting HTTP to HTTPS for WordPress on Linux hosting like BlueHost, Hostgator, and Hostinger is very easy.
Here we are giving an easy solution to achieve this.
WordPress Setting
This is the first setting you must do before updating any code on your WordPress site.
- Login into WordPress
- Select Setting and then click on General.
- Now locate the following entries on the General Setting page
- WordPress Address (URL):
- Site Address (URL):
- Update both URLs, including HTTPS instead of HTTP, if you have URLs like http://www.yourdomain.com change it to https://www.yourdomain.com or https://yourdomain.com
- Save the changes.
htaccess Code Update
WordPress setup creates an htaccess file on the Linux server. You need to modify this .htaccess file.
- Download the htaccess file from your hosting server using an FTP software like FileZilla
- Open this file in a text editor like Notepad, Notepad++
- Update the file like the example given below
- Save changes and upload the file to the server
Force HTTPS on WordPress: Full example including the default WordPress code
Below is what your default .htaccess file looks like.
RewriteEngine On
RewriteBase /
# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
To redirect from HTTP to HTTPS, you’ll need to add the following code to your .htaccess file.
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Add this code after RewriteBase / in your .htaccess file. Below is what your .htaccess file looks like with both the new HTTPS code and the existing WordPress code.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
If you are using the Yoast SEO plugin, you can update .htaccess from the tool section of this plugin.
Redirect www to non-www and HTTP to HTTPS
If you would like to redirect your URLs from www to non-www and HTTP to HTTPS like our website wpclap.com, follow the steps given below.
Before adding steps let me clarify this htaccess code is redirecting the following hostname:
http://wpclap.com
http://wpclap.com
http://wpclap.com
to
http://wpclap.com
Add this code after RewriteBase / in your .htaccess file.
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
You can also use the inline hostname version of the code. Please do not forget to replace wpclap.com with your hostname.
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ http://wpclap.com%{REQUEST_URI} [L,NE,R=301]
Always take a backup of the .htaccess file before editing it. In case something goes wrong, you can restore the previous version with the backup file.
Redirect HTTP to HTTPS with Really Simple SSL Plugin
If you are not comfortable with htaccess, you can redirect HTTP to HTTPS with a free WordPress plugin called ‘Really Simple SSL Plugin’.
The plugin has 4+ million active installations and is actively updated by its developers Rogier Lankhorst and Mark.
‘Really Simple SSL’ automatically detects your WordPress setting to redirect URLs to HTTPS.
Here is what this plugin does –
- Redirects all incoming requests to HTTPS.
- Change siteurl and homeurl to HTTPS.
- Fix all insecure content URLs (HTTP) to secure content URLs (HTTPS) dynamically
We recommend you use the Https version of URLs with proper redirects for better SEO. You can also add an extra layer of security on your WordPress site with .htaccess codes for WordPress security.