How to Force HTTPS on Your WordPress Site

WordPress is arguably the most popular CMS platform, which makes securing your WordPress site more important than ever. Its popularity continues to grow due to the vast ecosystem that supports WordPress and simplifies its use. This guide primarily focuses on a plugin called Better Search Replace. Without plugins like this, resolving such issues would be much more difficult.

Primarily this is because one of the easiest ways to secure your managed WordPress site is with installation of a free SSL certificate and then forcing all connections to be over HTTPS. This has a number of benefits including securing connections to the site and boosting its SEO rankings but for WordPress it can also cause some mixed content issues surrounding existing non HTTPS content including images and other media.

Introduction to HTTPS

What is HTTPS and Why is it Important?

HTTPS, or Hypertext Transfer Protocol Secure, secures the connection between the client and the server, enabling safe data transfer when accessing a website. This applies to all websites, including those using WordPress. By encrypting communications, HTTPS reduces the risk of MITM attacks and protects sensitive information such as login details and card numbers, especially with a valid free SSL certificate.

Since HTTPS and SSL usage have become standard, failing to secure your site with a certificate can harm trust in your site and brand. Many browsers amplify the absence of an SSL certificate by displaying security warnings, which can further discourage potential customers. Additionally, using HTTPS across your site significantly affects SEO and search engine rankings. Sites marked unsecured are less likely to be indexed or rank highly in SERPs impacting organic traffic to your domain.

Troubleshooting WordPress Mixed Content

1. Login to your WordPress admin area, to do this most of the time you can add /wp-admin to your WordPress websites URL for instance:

https://yourdomain.tld/wp-admin

2. After logging in to your WordPress admin area head to the plugins menu found in the left sidebar.

3. Now using the search feature search for “Better Search Replace” the plugin we mentioned earlier, once you have found that as shown in the picture below click install and then activate.

4. Now that Better Search Replace is installed & activated you can start using the tool by heading to the “Tools” section found in the left sidebar.

5. Now that Better Search Replace is installed & activated you can start using the tool by heading to the “Tools” section found in the left sidebar.

6. Afterwards from inside the tool enter your domain in the “Search For” field with http:// & enter your domain with https:// in the “Replace with” field. The example below shows the exact entries using yourdomain.tld.

http://yourdomain.tld - Search For.

https://yourdomain.tld - Replace with.

7. Moving on using CTRL+CLICK select all the tables in the “Select Tables” section, this will ensure that the plugin finds any instance of the HTTP address stored in the database. From here use the Dry Run feature (checked by default) and click “Run Search and Replace” to run it as a dry run or uncheck to run the command on your databases.