Do you want to redirect HTTP and WWW to HTTPS in WordPress? If so, this article provides a simple guide.
Securing your website is essential for protecting visitors and improving search engine rankings.
One of the most critical steps to achieve this is to redirect HTTP and WWW to HTTPS. This ensures that all traffic to your WordPress site is encrypted, providing a safer browsing experience and building trust with your audience.
This guide will walk you through the key methods to redirect HTTP and WWW to HTTPS in WordPress.
Whether you prefer manual code edits or simpler plugin and server-based solutions, these steps will help you enhance your site’s security, improve loading speed, and follow SEO best practices.
Why Redirect HTTP and WWW to HTTPS?
Redirecting HTTP and WWW to HTTPS is essential for several reasons:
- Improved Security: HTTPS encrypts data transferred between your website and visitors, protecting sensitive information from hackers and unauthorized access.
- Better User Experience: Modern browsers display warnings on sites that don’t use HTTPS, which can deter visitors. Redirecting ensures users see the secure padlock icon, boosting their confidence in your site.
- Search Engine Optimization (SEO): Search engines like Google prioritize HTTPS websites in their rankings. You help improve your site’s visibility and ranking by redirecting HTTP and WWW to HTTPS.
- Consistent URL Structure: Redirecting HTTP and WWW versions to a single HTTPS URL prevents duplicate content issues and ensures search engines index the correct version of your site.
- Compliance and Trust: Many industries require secure websites to comply with regulations. Redirecting to HTTPS helps meet these standards and builds trust with your audience.
In the next section, we will show you a pre-redirect checklist.
Pre-Redirect Checklist
Before you start redirecting HTTP and WWW to HTTPS, make sure to complete the following steps to avoid common issues:
- Backup Your Website: Always create a complete backup of your WordPress site, including files and the database, to easily restore if something goes wrong.
- Install an SSL Certificate: Ensure you have a valid SSL certificate installed on your hosting server. Without it, HTTPS won’t work correctly.
- Check for Mixed Content: Scan your website for hardcoded HTTP links in images, scripts, or stylesheets that may cause security warnings after redirection.
- Update Site URLs: Go to your WordPress dashboard and update the URL and home URL to use HTTPS, ensuring the site functions correctly after the redirect.
- Test Your SSL Configuration: Before implementing redirects, use online tools to verify that your SSL installation and configuration are correct.
- Clear Cache: Clear any server, CDN, or browser cache to prevent old HTTP versions of your site from loading after redirection.
The next section will show you how to redirect HTTP and WWW to HTTPS in WordPress.
How to Redirect HTTP and WWW to HTTPS?
Now, let’s see how to redirect users from HTTP and www to HTTPS. There are many ways to do this, but in this guide, we’ll examine the top four.
- Edit the .htaccess file
- Using Apache
- With a plugin
- With Cloudflare
They all get the job done, so choose the one that suits your site best.
1. Edit .htaccess File
There are multiple ways to edit the .htaccess file, so in this example, we will show you the easiest and most accessible way: using cPanel. cPanel, or control panel, is a standard web hosting panel provided by most hosting providers that’s super easy to use.
To start editing, log into the cPanel, go to Files > File Manager > Document Root, and select your domain name. Then, turn on the hidden files. After that, you will see a new window/tab where you can find your site’s root directory. Search for the .htaccess file in the public_html folder, right-click on it, choose Code Edit, and follow the cPanel instructions to start editing.
After that, it’s time to redirect HTTP and WWW to HTTPS, so add the following code at the end of the .htaccess file:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Please note that if your file already has a line that says RewriteEngine On, you don’t need to add it. Simply copy and paste the other two lines of the code.
What if you want to redirect users to a specific domain or folder? That requires different codes, so below, we’ll show you how to redirect visitors from a specific domain and a specific folder.
1.1. Redirect from a Specific Domain
To redirect users from a specific domain to HTTPS without altering the other domains, add the following code:
RewriteEngine On RewriteCond %{HTTP_HOST} ^yourdomain\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
1.2. Redirect from a specific folder
If you want to redirect to HTTPS from a specific folder, you should use the following code:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} folder RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]
When editing the .htaccess file, use the above codes as a base and remember to replace your domain and /folder with your actual domain and folder respectively.
2. Using Apache
Another method to redirect requests from HTTP and WWW to HTTPS is to use Apache. Apache is one of the world’s oldest and most trusted web servers. Developed by the Apache Software Foundation, it’s open-source and free and claims to power approximately 40% of all websites in the world.
As Apache is module-based and highly customizable, its modules have additional functionalities that server administrators can turn on and off. There are modules for security, caching, password authentication, URL rewriting, and many more. Now, let’s see how you can redirect HTTP and WWW to HTTPS with Apache.
First, log in to your Apache server and choose the equivalent path. Then, go to the conf folder and create a backup of the httpd.conf file. Now, as you have a backup, open the file using your favorite VI editor. Check if the mod_rewrite module below has loaded:
LoadModule rewrite_module modules/mod_rewrite.so
If the module is commented (it has a # at the beginning of the line), uncomment it delete the #, and add the following code at the end of the file:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Finally, restart the web server and that’s it.
3. Using a Plugin
Multiple plugins are available to handle SSL integration on your WooCommerce store or WordPress website. One of the popular ones is Really Simple SSL. In this section, we will show you how to use Really Simple SSL to redirect HTTP visitors to the HTTPS version of the website.
The first thing you need to do is install and activate the plugin on your website. Since this is a free plugin, you can get it directly from the WordPress repository.
Once you activate the plugin, you can see its settings under the WordPress section.
To enable SSL, click the Activate SSL button.
The plugin will then show you a pop-up. From the dropdown, you can choose the hosting provider you are using. This is optional by the way.
An SSL certificate will be installed on your website within a few seconds. The next thing you need to do is enable the redirection. When you install SSL with the plugin, the 301 redirection is enabled by default. But if it is inactive, you can turn it on from the plugin’s settings.
That’s it!
As you can see, this is an easy way to install SSL on your website and redirect visitors.
4. With Cloudflare
Cloudflare is an excellent tool for improving your site’s performance and security. It allows you to redirect HTTP and WWW to HTTPS easily. There are two ways to do this: they only take a few seconds.
- Enable Always use HTTPS
- Create page rules
Note that both options will do the job, so choose the one you like best.
4.1. Enable “Always Use HTTPS”
Since 2017, Cloudflare has come with an option to Always Use HTTPS. This lets you easily redirect users to HTTPS with a few mouse clicks.
Log in to your Cloudflare account and choose the site you want to redirect to HTTPS. Then, go to the SSL/TLS > Edge Certificates, and you will see a toggle switch just like the picture below.
Switch it on and that’s it. You’ll redirect HTTP and www to HTTPS.
4.2. Create Page Rules
The second option is to create page rules. This method might seem more complicated but it’s actually the same. You can redirect HTTP and WWW to HTTPS by following these simple steps:
- Go to Page Rules and click Create Page Rule
- Enter your URL. Remember to put the asterisk (*) at the end so the system understands that the redirection should happen to all URLs
- Click Add a Setting and choose Always Use HTTPS from the dropdown
- Finally, click Save and Deploy
After deploying the rule, wait a few seconds to test if your website is accessible through HTTPS. It should work right out of the box.
Common Issues and How to Fix Them
Redirecting your WordPress site from HTTP and WWW to HTTPS is crucial for security and SEO, but can sometimes lead to issues. Below are common problems users face and how to fix them.
1. Mixed Content Warnings
After redirecting to HTTPS, your site might still load some elements over HTTP, causing browsers to show a “Not Secure” warning.
FIX:
- Use a plugin like Better Search Replace to update all internal URLs to HTTPS.
- Check your theme and widget settings for hard-coded HTTP links.
- Use tools like Why No Padlock to detect insecure elements.
2. Redirection Loops
This happens when the site endlessly redirects between HTTP and HTTPS, making it inaccessible.
FIX:
- Ensure you don’t have conflicting redirects in .htaccess, your CDN settings, and plugin configurations.
- If you used multiple methods to redirect www to https, remove duplicates.
- Clear your cache and temporarily disable any redirection plugins to test.
3. Unresponsive Site After Editing .htaccess
A small mistake in the .htaccess file can break your site and throw a server error.
FIX:
- Access your site via FTP or hosting file manager.
- Restore the default .htaccess or comment out the recent changes.\
- Always back up your .htaccess file before editing.
4. SSL Certificate Errors
Even after setting up redirection, you might see browser SSL warnings if your certificate is misconfigured or expired.
FIX:
- Verify that your SSL certificate is valid and installed correctly.
- Use your hosting panel or an online SSL Checker tool.
- For Let’s Encrypt users, check if auto-renewal is working.
5. Cache-related Issues
Old cached versions of your site might still load over HTTP or prevent redirects from taking effect.
FIX:
- Clear your WordPress cache (if using a caching plugin like W3 Total Cache).
- Purge your CDN cache.
- Clear your browser cache to test recent changes.
6. Incorrect Canonical URLs
If you don’t update your canonical tags, search engines may still index your pages’ HTTP or WWW versions.
FIX:
- Use an SEO plugin (like Yoast SEO) to update canonical URLs to the HTTPS version.
- Verify your canonical tags in the page source after applying changes.
Bonus: Best WordPress SSL Plugins You Should Try
If you’re not comfortable editing code or want a quicker setup, these WordPress SSL plugins can simplify the process of securing your site and help you redirect HTTP and WWW to HTTPS:
- Really Simple SSL
- SSL Insecure Content Fixer
- WP Force SSL
- Easy HTTPS Redirection
- One Click SSL
These tools handle the technical details for you, such as setting up HTTPS redirection, fixing mixed content issues, and automatically updating URLs.
Let’s have a close look at each option.
1. Really Simple Security
Really Simple Security is one of WordPress’s most widely used plugins for enabling HTTPS. It automatically detects your existing SSL certificate and configures your site to use it.
With just a single click, the plugin sets up 301 redirects from HTTP to HTTPS, updates your WordPress URLs, and handles most of the heavy lifting in the background. It also fixes insecure content issues by replacing all internal links with their HTTPS equivalents. What makes this plugin stand out is its simplicity.
You don’t need to manually configure anything—the plugin automatically handles SSL activation, redirect rules, and compatibility tweaks. It even notifies you about potential issues with your SSL setup, ensuring a smooth transition and preventing redirect loops or mixed content warnings.
2. SSL Insecure Content Fixer
After enabling HTTPS, many websites still face the dreaded “mixed content” warnings. These warnings occur when some resources (like images, stylesheets, or scripts) are still loaded over HTTP. SSL Insecure Content Fixer is explicitly built to address this problem.
It scans and replaces HTTP URLs with HTTPS across your entire site. Depending on how deeply the insecure content is embedded in your theme or plugins, the plugin offers multiple fixing levels, ranging from basic to aggressive. It also integrates with caching plugins and WooCommerce, making it ideal for eCommerce and content-heavy websites.
Its flexibility and advanced options make it a must-have for sites struggling with mixed content errors.
3. WP Force SSL
WP Force SSL is a lightweight yet powerful plugin that enforces HTTPS across your entire WordPress site.
It redirects all HTTP traffic to HTTPS using 301 redirect rules and ensures that every page loads securely. It doesn’t overwhelm you with too many settings but focuses on doing one thing very well.
The plugin also offers SSL certificate monitoring, which checks your certificate’s status and expiration date. This is especially useful for site owners who don’t want to worry about manual renewals or outages.
WP Force SSL is a solid pick if you’re looking for a no-nonsense solution to secure your WordPress site and redirect all HTTP and WWW traffic to HTTPS.
4. Easy HTTPS Redirection
As the name suggests, Easy HTTPS Redirection simplifies forcing HTTPS on your site.
You can enable HTTPS redirection for your entire website or only specific URLs. It also allows you to automatically update old HTTP links to HTTPS, helping you avoid search engine indexing issues.
This plugin is handy for users who need selective control over what gets redirected. If you have specific pages or posts that shouldn’t be forced to HTTPS, you can easily exclude them. It’s an excellent option for advanced users and developers who want more flexibility than most SSL plugins.
5. One Click SSL
One Click SSL focuses on ease of use and quick setup. Once your SSL certificate is installed, you can instantly activate the plugin to configure your site for HTTPS.
It handles 301 redirects, sets WordPress and site URLs to HTTPS, and rewrites insecure content to prevent browser warnings.
One of its standout features is the ability to test whether your SSL certificate is configured adequately before making changes, reducing the risk of site errors. For beginners and non-tech-savvy users, One Click SSL offers a reliable, hands-off approach to securing your site.
Frequently Asked Questions
Now, let’s look at some of the frequently asked questions.
How do I redirect HTTP to HTTPS in WordPress?
You can redirect HTTP to HTTPS in WordPress by updating your .htaccess file or modifying your server configuration file. This ensures that all users are securely redirected to the HTTPS version of your site automatically.
How can I redirect www to https in WordPress?
To redirect www to HTTPS, you must add specific redirection rules to your .htaccess file or server settings. This helps unify your domain structure and ensures all traffic is routed securely.
Can I add https://www. to the URL automatically?
Yes, you can automatically add https://www. to your URL by configuring redirects at the server level. This ensures all visitors are directed to your website’s secure, preferred version.
Why is my site still not secure after enabling HTTPS?
If your site shows as “not secure” even after enabling HTTPS, it could be due to mixed content. This means some resources (like images or scripts) are still being loaded over HTTP instead of HTTPS.
What should I check if HTTPS redirection isn’t working?
Check your .htaccess rules, server configuration, browser cache, and SSL certificate status. Conflicting redirect rules or caching issues are common causes when HTTPS redirection fails.
Conclusion
Securing your WordPress site with HTTPS and ensuring a proper redirect from both HTTP and WWW versions is essential for improving search engine optimization, site credibility, and user trust.
Whether you edit your .htaccess file, adjust your server configuration file, or make changes through your hosting plan, each method helps ensure that all visitors are routed to your site’s correct, secure version.
Redirecting www to HTTPS and adding https://www. to the URL improves your site’s loading speed and prevents duplicate content and indexing issues. Be sure to verify your redirects using the appropriate tools, and always back up your site before making changes to the root directory or config file.
Implementing these best practices will align your site with modern security standards and improve the experience for your users and search engines.
Do you know any other methods you can use for the redirection?
Let us know in the comments.
2 comments
Thomas
Hi
Great post. I use a plugin called Really Simple SSL. It has been working great for me. I do however use the .htaccess file to redirect from my former domain name to my new domain.
german
Hi Thomas, thanks for the info. Really Simple looks awesome