BLOG | categories | wordpress, security

How to Redirect HTTP to HTTPS in WordPress

  • By Steve Founder of PageDart

Is your site secure? In this article, we are going to make sure it is!

We will look at how to redirect HTTP to HTTPS in WordPress which will secure your site for your customers.

As well as giving your users privacy HTTPS will also give you an SEO boost thanks to Google.

To run your website over HTTPS you will need an SSL certificate, this can sound scary. Don't worry they are free and I will walk you through the process.

We will cover:

  • Installing an SSL certificate (if you have not got one)
  • Redirect your HTTP traffic to HTTPS
  • Using a CDN (Optional but recommended)

Let's get started.

Is your site secure?

Before you install any plugin on WordPress make sure you have a backup. 99% of the time installing a plugin goes without a hitch and uninstalling the plugin will fix the problem. Yet, if something does go wrong you want to be able to rollback.

Once you have a backup we need to check if your site already has an SSL certificate. This is the file that your web server uses to secure the connection to the users’ browser.

The browser reads the SSL certificate and if it is valid it will give you a lock sign like this:

This lets users know your site is secure.

Does your site have this lock symbol?

To check, open the browser and visit your website. Type your address and make sure to include https:// at the beginning of the URL, like this:

https://example.com

If you see the lock sign then you have SSL setup and you can jump to the redirect HTTP to HTTPS section.

If your website looks like something like this:

This means that your site does not have an SSL certificate and cannot work over HTTPS.

Luckily for us, SSL certificates are now available for free and with the help of a plugin, it is easy to set up.

Next, let's look at installing an SSL certificate and redirecting to HTTPS.

Install SSL and Redirect

LetsEncrypt is a non-profit company supported by Facebook, Shopify, and Wix. LetsEncrypt creates a more secure internet by providing SSL certificates for free. This is great as SSL certificates used to cost hundreds of dollars.

There are a few plugins that use this free service to set up the certificate for you. The one I recommend is SSL-Zen.

They have an instructional video on how to get this set up on the plugin page. Here is the basic outline:

  1. Download the plugin
  2. In the WordPress admin panel click “add new”
  3. On the plugin page you will need to press “Upload Plugin” then click “Choose File”
  4. Select the zip file you downloaded in step one and the plugin will load
  5. Choose “activate” to see the setup guide, you will need to give access to Cpanel with a username and password.

The great thing about SSL-Zen is they will also set up the HTTP to HTTPS redirection for you when you activate SSL:

Once the plugin installs, test your site. Type the address again this time you can use the HTTP version like this:

http://example.com

You will get redirected to the secure site and see the lock when accessing the site.

This is great but we are not finished! You need to let Google know that the site is now using HTTPS.

HTTP to HTTPS Redirect

If you already have a lock in the browser then you have an SSL certificate installed. This could be because your hosting provider has set one up as part of your hosting package.

Yet, your site has not been set up to redirect from HTTP to HTTPS. To test this type your sites web address with HTTP into the browser, for example:

http://example.com

Are you sent to:

https://example.com

If not, then you can install a plugin to do the redirect. The plugin I recommend is Really Simple SSL which will create the redirect for you.

This plugin is different from SSL-Zen because it does not create an SSL certificate. It only handles the redirection from HTTP to HTTPS.

The plugin installation is straight forward. Download the plugin and follow the installation instructions. Don't forget to backup!

Once installed and enabled you can test it in the browser like this:

http://example.com

And the URL will change to:

https://example.com

You should also see a lock symbol. You now have HTTP to HTTPS redirection set up.

Next, I want to talk about CDN. Having many plugins can slow down your site, one solution is to use a CDN instead as this can do the redirection for you.

Consider a CDN

One of the easiest ways to set up redirection for a website is to use a CDN. And unlike a plugin, this will not slow down your site.

A CDN will cost you money each month but this can be worth it as they can also increase your traffic. This is because they speed up the TTFB which will make your site faster.

The CDN I recommend is CloudFlare. It can enable HTTPS redirection with one button with a feature they call “Always use HTTPS”. Once enabled all web traffic will use HTTPS:

To enable it, login to your CloudFlare account and go to the “SSL/TLS” section:

Then click on “Edge Certificates” tab:

Scroll down to the “Always use HTTPS” option. Click on the toggle and it will switch to on:

Once set up your website will work only with HTTPS. There are many other advantages of CDNs but the ease of configuring SSL is one.

The last task is to set up Google Search Console.

Update Google Search Console

Now the site runs over HTTPS we need to update Google with the new URLs. This is because Google will have indexed your site using the old HTTP links. Changing these Google links to HTTPS will speed up your site. Redirects from HTTP to HTTPS slow down your web pages so you want all the Google links to be HTTPS.

You can do a site search and check if the term http:// is in the URL. For example, if I wanted to check if there were any HTTP links in google for PageDart I would use this query:

site:pagedart.com inurl:http://

Here are the results I get:

I get no results which are the result I am after. If we search for HTTPS links we find:

How do you make this change?

There are three tasks you need to perform to update your site:

  1. Google treats HTTP and HTTPS as two sites so you need to add the HTTPS version of the site to Google Search Console.

  2. Then make sure that each page has a canonical url that points to the HTTPS URL.

  3. You then need to update the sitemap so that it is https.

Once you have updated the above your site will load HTTPS links from Google Search results.

Wrapping Up, How to Redirect HTTP to HTTPS in Wordpress

We have looked at the steps you must follow to get your site working over HTTPS. With all HTTP links sent to the HTTPS page so that it is secure.

We have learned about 3 options:

  1. If you do not have an SSL certificate then use SSL-Zen to set one up and redirect.
  2. If you already have an SSL certificate then use Really Simple SSL to do the redirect
  3. The last option is to not use a plugin but use a CDN instead such as Cloudflare. HTTPS redirection is one of the features of a CDN.

Once you follow one of these methods you will have HTTP to HTTPS redirection set up.

Recent Posts

Add Google Search to a Website

In this tutorial we will add Google search to a website using the custom site search tool

How to Create a WordPress Plugin

In this tutorial we are going to look at how to create a WordPress plugin.

How to Add a Search Bar in HTML

We look at how to add a search bar in HTML to your website and search connect it to Google search