d
d
+91 (790) 882-5636

How to Enable HTTPS on WordPress: Complete SSL Setup Guide

Enable HTTPS WordPress SSL setup guide

If your WordPress website still loads on http:// instead of https://, you have a problem. Google Chrome labels HTTP sites as “Not Secure,” visitors see browser warnings, and Google actively penalises non-HTTPS sites in search rankings.

The good news: SSL certificates are now free, and setting up HTTPS on WordPress takes under 30 minutes. Here’s the complete guide.

What is SSL and Why Does It Matter?

SSL (Secure Sockets Layer) — now technically TLS — encrypts data transmitted between your server and visitors’ browsers. It’s what makes the padlock icon appear in the browser address bar and changes your URL from http:// to https://.

Why it matters:

  • SEO ranking factor — Google confirmed HTTPS as a ranking signal since 2014, and its weight has increased since
  • Visitor trust — “Not Secure” warnings visibly destroy user confidence, especially for contact forms and checkouts
  • Data protection — encrypts form submissions, login credentials, and payment details
  • Required for WooCommerce — you cannot legally process payments without SSL

Step 1: Get a Free SSL Certificate from Your Host

Almost every reputable web host now provides free SSL certificates via Let’s Encrypt. Here’s how to enable it on common hosting providers:

Hostinger

Go to your hPanel → Websites → ManageSSL → Click “Install” next to your domain. It activates in minutes.

SiteGround

Go to Site Tools → Security → SSL Manager → Select Let’s Encrypt → Click Get.

cPanel (Most Shared Hosts)

Go to cPanel → SSL/TLS → Let’s Encrypt SSL and issue the certificate for your domain.

Step 2: Update Your WordPress Site URL to HTTPS

Once SSL is active on your server, update WordPress to use HTTPS:

  1. Go to Settings → General in WordPress
  2. Change both WordPress Address (URL) and Site Address (URL) from http:// to https://
  3. Click Save Changes

Warning: This will log you out. Log back in and continue.

Step 3: Force HTTPS with an SSL Plugin

Install the free Really Simple SSL plugin. It automatically:

  • Detects your SSL certificate
  • Fixes mixed content warnings (pages loading some resources on HTTP)
  • Adds HTTPS redirects
  • Enables HSTS (forces browsers to always use HTTPS)

This single plugin handles 95% of the post-installation work.

Step 4: Set Up 301 Redirects from HTTP to HTTPS

You need HTTP to automatically redirect to HTTPS so visitors who type your old address still land correctly. Add this to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The Really Simple SSL plugin also handles this automatically.

Step 5: Fix Mixed Content Warnings

Mixed content warnings occur when your HTTPS page loads some resources (images, scripts, stylesheets) via HTTP. Chrome shows a broken padlock or warning. Fixes:

  • Really Simple SSL plugin — fixes most automatically
  • Search & Replace plugin — replaces all http:// with https:// in your database
  • Manually update hardcoded HTTP URLs in theme files and widgets

Step 6: Update Google Search Console

Add your HTTPS version as a new property in Google Search Console and resubmit your sitemap pointing to HTTPS URLs. Google needs to recrawl and re-index your HTTPS URLs — this happens automatically over a few weeks.

Step 7: Update Your Google Analytics Settings

In Google Analytics 4, update your data stream URL to use HTTPS so traffic data continues without interruption.

Step 8: Check SSL Certificate Expiry and Auto-Renewal

Let’s Encrypt certificates expire every 90 days. Most hosts auto-renew them, but this occasionally fails. Check your SSL expiry at sslshopper.com/ssl-checker.html and set a calendar reminder to verify renewal every 3 months. An expired SSL causes frightening browser warnings and can instantly kill your traffic.

Verify Your HTTPS Setup

After completing setup, verify everything using:

  • Why No Padlock (whynopadlock.com) — checks for mixed content issues
  • SSL Labs (ssllabs.com/ssltest) — gives an A/B/F grade to your SSL configuration
  • Google PageSpeed Insights — confirm no HTTP references in recommendations

Need SSL Setup Done Right?

HTTPS setup seems simple but mixed content issues can be tricky on older sites. At debrajx, we handle complete SSL installation and HTTPS migration for WordPress sites. Get it done properly today.

Fix Mixed Content Errors After Enabling HTTPS

After switching to HTTPS, you may see “Not Secure” warnings even though SSL is active. This is a “mixed content” issue — some images, scripts, or links are still loading over HTTP instead of HTTPS.

Step 1: Install Better Search Replace

This free plugin updates all hardcoded HTTP URLs in your database to HTTPS at once. Go to Plugins → Add New, search “Better Search Replace”, install and activate it.

Step 2: Run the Search and Replace

Go to Tools → Better Search Replace. In “Search for”, enter your old URL: http://yourdomain.com. In “Replace with”, enter: https://yourdomain.com. Select all database tables, uncheck “Run as dry run”, and click “Run Search/Replace”. This updates every internal URL in your content, meta, and widget settings.

Step 3: Update wp-config.php

Add these two lines to your wp-config.php file:

define('WP_HOME','https://yourdomain.com');
define('WP_SITEURL','https://yourdomain.com');

Force HTTPS via .htaccess (301 Redirect)

To permanently redirect all HTTP traffic to HTTPS, add these rules to your .htaccess file, above the WordPress rules:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This ensures users who type http:// are automatically redirected to the secure version. It also signals to Google that HTTPS is the canonical version of your site.

How SSL Affects Your Google Rankings and AdSense Approval

Google officially confirmed HTTPS as a ranking signal in 2014. Since then, it’s become essentially a requirement rather than a preference. Here’s what HTTPS does for your site:

  • Rankings boost: HTTPS sites get a slight ranking advantage over HTTP sites in Google Search.
  • Trust signals: The padlock icon in Chrome makes visitors feel safe. Sites without it show “Not Secure” warnings, which dramatically increases bounce rates.
  • AdSense requirement: Google AdSense requires your site to be on HTTPS. An HTTP-only site will not be approved.
  • Google Analytics accuracy: HTTPS preserves referral data (HTTP sites lose referral source from HTTPS referrers due to the Referrer Policy).
  • Search Console: HTTPS and HTTP are treated as separate properties in Google Search Console. Register both and set HTTPS as preferred.

SSL Troubleshooting: Common Issues in India

Indian hosting environments sometimes have SSL-specific issues. Here’s what to watch for:

  • SSL certificate not renewing: Let’s Encrypt certificates expire every 90 days. Most hosts auto-renew, but check your cPanel → SSL/TLS Status regularly.
  • Cloudflare + SSL conflict: If you use Cloudflare, set the SSL mode to “Full (Strict)” in your Cloudflare dashboard. “Flexible” mode causes redirect loops.
  • Subdomain not covered: Free Let’s Encrypt certificates cover your root domain and www subdomain. If you have other subdomains, they may need separate certificates.

Having trouble setting up SSL on your WordPress site? Contact us — we set up HTTPS correctly the first time, including fixing all mixed content errors.

Related Articles

Scroll to Top