WeWP
ComparePricingFeaturesContact UsLoginTry For Free
  • Knowledge Base
  • How to Fix "Not Secure" or "Not Private" Connection Errors
  • How to Add Cron Jobs
  • Connect to Your Server via SSH on Windows
  • Keeping Servers and Sites Secure
  • Troubleshooting Cloudflare Issues
  • Install WordPress Themes and Plugins with Composer
  • How To Fix Mixed Content Issue For WordPress
  • What Is a DDoS Attack and How to Prevent It?
  • How to Enable WordPress Debug Mode
  • How to Fix the “MySQL server has gone away” Error
  • How to Configure WP Mail SMTP Plugin to Send Emails
  • How To Fix the “HSTS Missing From HTTPS Server” Error
  • How to Check Your Domain's Expiration Date
  • How to Use and Serve WebP Images in WordPress
  • Email security best practices for using SPF, DKIM, and DMARC
  • What is a LEMP (Linux, Nginx, MySql, PHP) Stack?
  • Deploying Web Applications with NGINX HTTP Server
  • How to Configure WP Rocket Plugin for WordPress
  • How to Check SPF and DKIM Records with WeWP
  • Understanding FTP vs SFTP: Which Should You Use for Secure File Transfers?
  • What is a DMARC record and How to Set it Up?
  • How to Set Up Cloudflare’s Free CDN for WordPress
  • How to check your Ubuntu version (Using the command line and GUI)
  • How to Download Backups from WeWP panel
  • How to Change the PHP Version of Your Hosting Plan
  • Troubleshooting Cloudflare Universal SSL
  • How to Fix “Your Domain Is Not Pointing” Error
  • SSH vs SSL: What’s the Difference?
  • WordPress Search and Replace
  • How to Force HTTPS on WordPress Websites
  • How to Fix a Failed Lifetime SSL Installation
  • How to Redirect HTTP to HTTPS
  • How to Monitor System Processes Using htop Command
  • Varnish vs Nginx FastCGI Cache: Which is Best for WordPress?
  • What Is the Database information_schema on phpMyAdmin?
  • How to Disable WP-Cron for Faster Performance
  • How to fix the ERR_SSL_PROTOCOL_ERROR
  • How to fix the NET::ERR_CERT_AUTHORITY_INVALID error
  • How to Add Expires Headers in WordPress
  • How to fix the “There has been a critical error on your website” error
  • How to Fix ERR_QUIC_PROTOCOL_ERROR in Chrome Browser
  • What Is Localhost? And How Does It Apply to WordPress?
  • How to Fix a Mixed Content Warning on Your Website
  • How to Fix the "Connection Timed Out" Error in WordPress
Powered by GitBook
On this page

Was this helpful?

How to Force HTTPS on WordPress Websites

PreviousWordPress Search and ReplaceNextHow to Fix a Failed Lifetime SSL Installation

Last updated 8 months ago

Was this helpful?

For both security and SEO reasons, it's recommended for all websites to load using HTTPS — that is, the secure version of HTTP, which is the underlying protocol used for transmitting data between a web server and a user's browser. If your WordPress website fails to load with HTTPS altogether, or if the website appears distorted when accessed via HTTPS, you can fix it by following these steps

1. Obtain an SSL Certificate

Before you can force HTTPS, you need to have an SSL certificate installed on your server. This can be obtained from a certificate authority (CA) or through services like Let's Encrypt.

2. Install the SSL Certificate

Installation steps vary depending on your hosting provider or server setup. Here’s a general overview:

Step 1: Install Certbot

Certbot is the tool provided by the EFF for obtaining Let's Encrypt certificates.

  1. Add Certbot PPA and install Certbot:

  • sudo apt update

  • sudo apt install certbot python3-certbot-nginx

Step 2: Obtain an SSL Certificate

  1. Run Certbot:

sudo certbot certonly --standalone -d -d --register-unsafely-without-email --non-interactive --agree-tos

  • Replace yourdomain.com with your actual domain name.

  • Certbot will automatically edit your Nginx configuration to use the new SSL certificate.

Follow the prompts:

  • Certbot will ask for your email address and agree to the terms of service.

  • Certbot will also ask if you want to redirect HTTP traffic to HTTPS. Choose to redirect (recommended).

Step 3: Configure Nginx Settings

  1. Locate the Nginx Configuration Files

  • Common locations: /etc/nginx/sites-enabled/ or /etc/nginx/conf.d/.

  1. Edit the Configuration File

  • Open the configuration file for your website (e.g., default or your domain’s specific file).

sudo nano /etc/nginx/sites-enabled/example.conf

Add the SSL Configuration:

Ensure your server block looks like this:

server {

listen 80;

server_name yourdomain.com www.yourdomain.com;

return 301 https://$server_name$request_uri;

}

server {

listen 443 ssl;

server_name yourdomain.com www.yourdomain.com;

ssl_certificate /path/to/your/certificate.crt;

ssl_certificate_key /path/to/your/private.key;

root /var/www/html;

index index.php index.html index.htm;

location / {

try_files $uri $uri/ /index.php?$args;

}

location ~ \.php$ {

include snippets/fastcgi-php.conf;

fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

}

}

Test the Configuration and Reload Nginx:

  • sudo nginx -t

  • sudo systemctl restart nginx

3. Update WordPress Settings

Update WordPress URL:

  1. Log in to your WordPress Admin Dashboard.

  2. Go to Settings > General.

  3. Update the WordPress Address (URL) and Site Address (URL) to use https://.

4. Update wp-config.php

To ensure all URLs are forced to use HTTPS, add the following lines to your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {

$_SERVER['HTTPS'] = 'on';

}

6. Update URLs in the Database

If you have existing content that uses HTTP URLs, you’ll need to update these to HTTPS. This can be done using a plugin like "Better Search Replace" or directly in the database.

Using a Plugin:

  1. Install and activate the "Better Search Replace" plugin.

  2. Go to Tools > Better Search Replace.

  3. Search for http://yourdomain.com and replace with https://yourdomain.com.

  4. Select all tables and run the search/replace.

Directly in the Database:

  1. Access your database using phpMyAdmin or a similar tool.

  2. Run the following SQL queries:

UPDATE wp_options SET option_value = replace(option_value, 'http://yourdomain.com', 'https://yourdomain.com') WHERE option_name = 'home' OR option_name = 'siteurl';

UPDATE wp_posts SET guid = replace(guid, 'http://yourdomain.com', 'https://yourdomain.com');

UPDATE wp_posts SET post_content = replace(post_content, 'http://yourdomain.com', 'https://yourdomain.com');

UPDATE wp_postmeta SET meta_value = replace(meta_value, 'http://yourdomain.com', 'https://yourdomain.com');

Conclusion

By following this guide, you have successfully set up Let's Encrypt SSL for your WordPress website using Nginx. The process involves obtaining and installing the SSL certificate with Certbot, configuring Nginx to use HTTPS, updating WordPress settings, and ensuring that all content is served securely over HTTPS.

  1. Install Certbot: Use the Certbot tool to obtain the Let's Encrypt SSL certificate.

  2. Configure Nginx: Modify the Nginx configuration to force HTTPS and use the obtained SSL certificate.

  3. Update WordPress Settings: Ensure that WordPress URLs use HTTPS in the General Settings.

  4. Update Database URLs: Convert existing HTTP URLs to HTTPS in your WordPress database.

  5. Clear Caches: Clear any caches to ensure changes take effect.

By implementing these steps, you enhance your website’s security, improve SEO rankings, and provide a safer browsing experience for your visitors. Regularly renewing your SSL certificate with Certbot and maintaining HTTPS across your site ensures long-term security and compliance with modern web standards.

yourdomain.com
www.yourdomain.com