If you’re running a WordPress site, it’s important to switch from HTTP to HTTPS. Not only will this help protect your site from attacks, but it will also improve your search engine ranking. Modern hosting providers, will have all of this setup for you by default. But, that’s not always the case.

Let’s walk through how to switch your WordPress site from HTTP to HTTPS.

Disclosure: Some of the links in this post are affiliate links, meaning, at no additional cost to you, we will earn a commission if you click through and make a purchase. We only endorse products and services we currently use or have used in the past that we believe users will benefit from using. Affiliate links are denoted with

Step 1: Backup your website 

Before you make any changes, it’s always important to backup your site. This way, if anything goes wrong, you can always restore your site from the backup.

If you’re hosting provider provides on-demand backups, that’s a good place to start. Otherwise, we recommend UpdraftPlus. Though they have a Pro version, the free version of UpdraftPlus likely has everything you need.

Step 2: Install an SSL certificate

In order to switch to HTTPS, you’ll need to install an SSL certificate on your server. Most hosting companies offer SSL certificates through Let’s Encrypt, a free and open-source certificate authority. The process for requesting and installing an SSL from your hosting provider will vary. We recommend reaching out and asking them what the process is for installing an SSL certificate for you.

If your hosting company does not offer free SSL certificates, we recommend trying to use the WP Encryption plugin. This plugin will walk you through verifying your domain, generating a free SSL certificate, and giving you the ability to download your Certificate Signing Request (CSR) and you private key which you’ll need to provide to your hosting provider for installation. If that doesn’t work for some reason, you can always purchase an SSL certificate from a Certificate Authority. There is a good chance, if your hosting company doesn’t provide free SSLs, they likely sell them for a markup.

Step 3: Change your WordPress settings

After you’ve installed the SSL certificate, you’ll want to change some of your WordPress settings. In your WordPress admin panel, go to Settings > General and change the WordPress Address (URL) and Site Address (URL) from HTTP to HTTPS.

You could also do this in your wp-config.php file if you have the ability and desire. By making these initial change in the wp-config.php file first, it could help you troubleshoot or revert the change if any major issues arise from the small modification to these settings. To do this, you’ll need access to your WordPress files via SFTP or otherwise. Open your wp-config.php file (typically located in the root of your WordPress installation) and add the following lines right above the comment that says “That’s all, stop editing!”:

define( 'WP_HOME', 'https://yourdomain.com' );
define( 'WP_SITEURL', 'https://yourdomain.com' );

Obviously, be sure to replace “yourdomain.com” with your actual website domain.

Step 4: Update your links 

Once you’ve changed your WordPress settings, you’ll need to update any links on your site that point to HTTP URLs. You can do this manually if you have a small site, using a plugin like Better Search Replace.

No matter what method you use, you’ll want to be sure to change anything that is http://yourdomain.com to https://yourdomain.com (note, if you’re using www, be sure to include it in your search and replace and again, be sure to replace yourdomain.com with your actual domain).

Step 5: Test your site

After you’ve updated all of your links, it’s time to test your site. Make sure that everything is working as expected and that there are no mixed content warnings in your browser console.

If everything looks good, you’re all set and should now be running a more secure and SEO friendly website. If you run into any problems, be sure to consult your web host or a qualified developer for help.

About The Author
Justin Korn

Justin is the founder of Watchdog Studio, and former Director of IT at both Wells Fargo Securities and AirTreks. A prodigy of the dotcom era, he now provides businesses in Oakland, California and the surrounding Bay Area with honest, expert website services to drive growth.