How to Force HTTPS on WordPress Websites

For both security and SEO reasons, it's recommended for all websites to load using HTTPS — that is, the secure version of HTTP, which is the underlying protocol used for transmitting data between a web server and a user's browser. If your WordPress website fails to load with HTTPS altogether, or if the website appears distorted when accessed via HTTPS, you can fix it by following these steps

1. Obtain an SSL Certificate

Before you can force HTTPS, you need to have an SSL certificate installed on your server. This can be obtained from a certificate authority (CA) or through services like Let's Encrypt.

2. Install the SSL Certificate

Installation steps vary depending on your hosting provider or server setup. Here’s a general overview:

Step 1: Install Certbot

Certbot is the tool provided by the EFF for obtaining Let's Encrypt certificates.

  1. Add Certbot PPA and install Certbot:

  • sudo apt update

  • sudo apt install certbot python3-certbot-nginx

Step 2: Obtain an SSL Certificate

  1. Run Certbot:

sudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com --register-unsafely-without-email --non-interactive --agree-tos

  • Replace yourdomain.com with your actual domain name.

  • Certbot will automatically edit your Nginx configuration to use the new SSL certificate.

Follow the prompts:

  • Certbot will ask for your email address and agree to the terms of service.

  • Certbot will also ask if you want to redirect HTTP traffic to HTTPS. Choose to redirect (recommended).

Step 3: Configure Nginx Settings

  1. Locate the Nginx Configuration Files

  • Common locations: /etc/nginx/sites-enabled/ or /etc/nginx/conf.d/.

  1. Edit the Configuration File

  • Open the configuration file for your website (e.g., default or your domain’s specific file).

sudo nano /etc/nginx/sites-enabled/example.conf

Add the SSL Configuration:

Ensure your server block looks like this:

server {

listen 80;

server_name yourdomain.com www.yourdomain.com;

return 301 https://$server_name$request_uri;

}

server {

listen 443 ssl;

server_name yourdomain.com www.yourdomain.com;

ssl_certificate /path/to/your/certificate.crt;

ssl_certificate_key /path/to/your/private.key;

root /var/www/html;

index index.php index.html index.htm;

location / {

try_files $uri $uri/ /index.php?$args;

}

location ~ \.php$ {

include snippets/fastcgi-php.conf;

fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

}

}

Test the Configuration and Reload Nginx:

  • sudo nginx -t

  • sudo systemctl restart nginx

3. Update WordPress Settings

Update WordPress URL:

  1. Log in to your WordPress Admin Dashboard.

  2. Go to Settings > General.

  3. Update the WordPress Address (URL) and Site Address (URL) to use https://.

4. Update wp-config.php

To ensure all URLs are forced to use HTTPS, add the following lines to your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {

$_SERVER['HTTPS'] = 'on';

}

6. Update URLs in the Database

If you have existing content that uses HTTP URLs, you’ll need to update these to HTTPS. This can be done using a plugin like "Better Search Replace" or directly in the database.

Using a Plugin:

  1. Install and activate the "Better Search Replace" plugin.

  2. Go to Tools > Better Search Replace.

  3. Search for http://yourdomain.com and replace with https://yourdomain.com.

  4. Select all tables and run the search/replace.

Directly in the Database:

  1. Access your database using phpMyAdmin or a similar tool.

  2. Run the following SQL queries:

UPDATE wp_options SET option_value = replace(option_value, 'http://yourdomain.com', 'https://yourdomain.com') WHERE option_name = 'home' OR option_name = 'siteurl';

UPDATE wp_posts SET guid = replace(guid, 'http://yourdomain.com', 'https://yourdomain.com');

UPDATE wp_posts SET post_content = replace(post_content, 'http://yourdomain.com', 'https://yourdomain.com');

UPDATE wp_postmeta SET meta_value = replace(meta_value, 'http://yourdomain.com', 'https://yourdomain.com');

Conclusion

By following this guide, you have successfully set up Let's Encrypt SSL for your WordPress website using Nginx. The process involves obtaining and installing the SSL certificate with Certbot, configuring Nginx to use HTTPS, updating WordPress settings, and ensuring that all content is served securely over HTTPS.

  1. Install Certbot: Use the Certbot tool to obtain the Let's Encrypt SSL certificate.

  2. Configure Nginx: Modify the Nginx configuration to force HTTPS and use the obtained SSL certificate.

  3. Update WordPress Settings: Ensure that WordPress URLs use HTTPS in the General Settings.

  4. Update Database URLs: Convert existing HTTP URLs to HTTPS in your WordPress database.

  5. Clear Caches: Clear any caches to ensure changes take effect.

By implementing these steps, you enhance your website’s security, improve SEO rankings, and provide a safer browsing experience for your visitors. Regularly renewing your SSL certificate with Certbot and maintaining HTTPS across your site ensures long-term security and compliance with modern web standards.

Last updated