The simplest method of forcing HTTPS on a site running WordPress is through a WordPress Plugin. Rather than editing the .htaccess file manually, a WordPress plugin can automatically add the code necessary to redirect any visitor to view your website over an ssl connection. There are multiple plugin options available which handle checking your SSL certification, forcing WordPress to use HTTPS in URLs, automatically redirecting old HTTP sources to HTTPS, and checking for mixed (secure and insecure) content. The Really Simple SSL WordPress plugin is recommended as of this writing.
Step 1 – Back up your website
Before making any changes to WordPress, it is highly recommended that you back up your website. Making a complete backup of the website files and database ensures that you can always recover if anything goes wrong. The free UpdraftPlus plugin facilitates making a complete backup.
Step 2 – Download and install a WordPress SSL Plugin
One of the most used plugins to switch from HTTP to HTTPS is the Really Simple SSL Plugin. This plugin automatically detects new website settings and configures it to run over HTTPS.
To install Really Simple SSL directly from the WordPress dashboard, go to Plugins > Add New and search for Really Simple SSL.
Click install and then activate the Really Simple SSL Plugin.
Step 3 – Automatically Detect SSL Certificate with the Plugin
The plugin will automatically detect your SSL certificate and set WordPress to use HTTPS. Open the plugin Really Simple SSL in your WordPress dashboard, then navigate to Settings > SSL.
Your WP site should be running on HTTPS in one click after you click on “Go ahead activate SSL!”.
After you click on the “Go ahead, activate SSL” button, you might need to log in again to WordPress. The setting page also has options for handling mixed content. If you have mixed content warnings, read this article for further instructions.
Step 4 – Set your HTTPS WordPress website in Google Search Console
If you have set up your website in Google Search Console, you will want to add and verify the new HTTPS URL.
Add a Property in Google Search Console
After this, Google will re-crawl your site and submit a new XML sitemap with your HTTPS URLs.
It’s important to note that there will be a period of normalization after applying SSL, but in the end, a secure website is a confirmed ranking signal according to Google. Similarly, social sharing counters for older content will likely become invalid because the URL now starts with HTTPS rather than HTTP and many tools count each as a separate URL with its own engagement metrics.
