How to force HTTPS on your Wordpress site

1. Install and activate an SSL certificate

The simplest and cheapest (free!) option for this is using Let’s Encrypt. You may alternatively purchase and install a commercial certificate.

2. How to force HTTPS

only pick ONE of the options below

Option 1: Use Plesk  to force HTTPS

  1. Log in to Plesk
  2. Select “Hosting Settings” under the domain for which you wish to enable HTTPS
  3. Look under the “Security” header and check the box that says: Permanent SEO-safe 301 redirect from HTTP to HTTPS.
  4. Click Apply or OK.

 

Option 2: Use Apache to force HTTPS

If you’re not using nginx/php-fpm performance mode, then you can simply use an .htaccess file to force https. Create a file called .htaccess (if it doesn’t already exist) within your web root, then enter the following within it:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Option 3 Use Really Simple SSL Wordpress plugin:

  1. Login to your Wordpress site
  2. Go to Plugins > Add new
  3. Type 'Really Simple SSL' on Search box
  4. Install and activate
  5. Please click "Go Ahead and activate SSL".

Be sure to check any mixed contents (images or links) which were hard coded on your posts and pages.