Configuring https in WordPress

Protocol secure https connection is rapidly gaining popularity. If before such could afford only large companies, since the certificates were paid and expensive, now anyone can get a certificate from Lets Encrypt, search engine the promise of benefits to those who use https, and browsers recently started to indicate that the connection is not secure if https is not used.

The issue of obtaining the certificate aside, in this article I want to talk about how you customize https wordpress when switching to this Protocol with http, because there may arise some difficulties.

Configuring https in WordPress

1. URL customization

The first thing to do when switching to https is to replace the old site URL from http to https. To do this, open the admin Panel -> Settings -> General:

Then in the fields WordPress Address (URL) and site Address (URL) change the http to https and save the settings.

If you have already switched to https, set up a redirect and HSTS (HSTS through browser as soon as you understand that the site has an https version on the regular version, you will no longer be allowed even if no redirect) you can use wp-config.php to enable https wordpress. Open the file wp-config.php in the root directory of WordPress and add the following lines:

vi wp-config.php

define('WP_HOME', '');

2. Configuring wp-config

Then in the same file add the following lines to the admin panel is also working on https, otherwise you risk to get a To many redirects error in WordPress when trying to log in to the admin panel:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);

After this all should work, will just have to fix the content in the database. But the magic starts if you use Cloudflare to provide HTTPS, and the server listens for connections on the standard port 80, 443 for SSL. In this case, it is necessary to add such code:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){

If wordpress https is not working with Nginx in the virtual host file, in the section where connects FastCGI PHP add this line (or replace if it already exists):

vi /etc/nginx/conf.d/losst.conf

fastcgi_param HTTPS 'on';

3. Customize content

Further you can find in the developer console of Chrome Mixed content message, but they will no longer affect the display of pages, images and links that you have added manually and in articles. They need to fix it. You can use the Better Search Replace plugin. Need to replace all links to your website from http to https, for example:

When you first start, you can perform a blank search, where the program will only show what changes should be made, and then replaced. Also everything can be done through the database. Before making any changes make a backup copy of the database. Then connect to the database e.g. through phpMyAdmin or the terminal, and then run this query:

UPDATE `wp_posts` SET post_content = REPLACE(post_content, "src='", "src='")
WHERE post_content LIKE "%src='";

Naturally, domain need to replace your. Then you can go through the pages and see if there’s any Mixed Content errors to developer console and fix the remaining problems manually.

4. Redirect

The last thing we need to do is set up a redirect to https wordpress. Need it to work correctly with your website search engines. If you are using the Apache web server, you can create a file .htaccess file in the website directory with the following content:

vi .httaccess

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !robots.txt
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

For nginx, you should create a file in your virtual host additional host:

vi /etc/nginx/conf.d/losst.conf

server {
listen 80;
rewrite ^ https://$server_name$request_uri? permanent;

There is similar need to replace domain name to your. Now everything is ready.


In this small article we discussed how you customize https WordPress, this process is quite time-consuming and costly in terms of time, but you get the advantage in terms of security of traffic, and many API without https to work with you will not. What problems do you face while setting up HTTPS and how decided? Write in the comments!


(Visited 13 times, 1 visits today)