How to Secure a Website with WordPress SSL: 2 Methods to Setup HTTPS + Common Errors

1. Method 1: Install an SSL Certificate

The first step to securing a website with WordPress SSL is to install an SSL certificate. An SSL certificate is a digital certificate that encrypts data sent between a website and its visitors. It is a must-have for any website that collects sensitive information, such as credit card numbers or personal information.

To install an SSL certificate, you will need to purchase one from a trusted certificate authority. Once you have purchased the certificate, you will need to install it on your web server. This process can vary depending on the type of server you are using, so it is best to consult your hosting provider for instructions.

Once the certificate is installed, you will need to configure your WordPress site to use it. This can be done by editing the wp-config.php file and adding the following line:

define(‘FORCE_SSL_ADMIN’, true);

This will force all admin pages to use SSL. You can also add the following line to force all pages to use SSL:

define(‘FORCE_SSL’, true);

2. Method 2: Use a WordPress Plugin

If you don’t want to go through the hassle of installing an SSL certificate, you can use a WordPress plugin to secure your website. There are several plugins available that will automatically install and configure an SSL certificate for you.

The most popular plugin is Really Simple SSL. This plugin will automatically detect your settings and configure your website to use SSL. It also provides an easy way to redirect all of your visitors to the secure version of your website.

Common Errors

When setting up SSL on your website, there are a few common errors that you may encounter. The most common error is a “mixed content” error. This occurs when some of the content on your website is still being served over an insecure connection. To fix this, you will need to make sure that all of your content is being served over a secure connection.

Another common error is an “invalid certificate” error. This occurs when the SSL certificate is not properly installed or configured. To fix this, you will need to make sure that the certificate is properly installed and configured.

Finally, you may encounter an “insecure connection” error. This occurs when the SSL certificate is not properly configured or is not trusted by the browser. To fix this, you will need to make sure that the certificate is properly configured and is trusted by the browser.

How to Secure a Website with WordPress SSL: 2 Methods to Setup HTTPS + Common Errors

If you run a website, there may be people who trust their personal information to you. That means you need to enforce solid security standards, and both Secure Sockets Layer (SSL or TLS) and Hypertext Transfer Protocol Secure (HTTPS) play an essential role in making that happen. Luckily, setting up a WordPress SSL certificate and enforcing HTTPS on the platform is fairly simple, and can be done in just a few steps.

In this article, we’ll talk about:

  1. What SSL is and when you should use it.
  2. What HTTPS is, and how it works alongside SSL.
  3. How to configure WordPress to use HTTPS and SSL via two different methods.
  4. Two common errors you can run into when using SSL with WordPress, and how to deal with them.

We have an important subject to tackle and a lot of ground to cover, so let’s dive right in!

What SSL Is (And When You Should Use It)

Secure Sockets Layer (SSL) is a technology that creates a secure connection between a website and a browser. Websites that use SSL have ‘certificates’ that let you know your private information is safe during each transfer.

You can recognize most sites that use these certificates, due to the green lock symbol many browsers use to identify them:

The green SSL padlock on Google Chrome

For example, if you’re purchasing something online, you should only do so through websites that use SSL. Otherwise, attackers might be able to read or modify your payment information as it’s sent across the web.

As for your own website, using SSL is a must. There are a number of benefits to doing this:

  • If you run a website where you encourage users to register and share private information, their data will be safer.
  • Your website will be more trustworthy.
  • An awesome green lock will show up next to your web address in various browsers.
  • You’ll receive a boost to your site’s Search Engine Optimization (SEO).

To elaborate on that last point, search engines like Google encourage all websites to use SSL, by giving secure sites preference in their results. That means you get to protect your users’ information and possibly benefit from some more traffic in one fell swoop.

In addition, Google announced that Chrome will display a “not secure” warning since the beginning of July 2018. So it’s a great time to enforce your website’s security with an SSL certificate if you haven’t already.

Pro Tip

Here on Hostinger, we also encourage safe websites. Thus we bundle in a free lifetime SSL certificate with Business web hosting plans!

These days, setting up a WordPress SSL certificate is downright simple. There are several types of SSL certificates, but you probably won’t need anything fancy unless you’re running a sizable website or selling products online.

For all other types of websites, a free certificate will usually do the job. What’s more, you can easily set one up to work with Hostinger.

What HTTPS Is (And How It Works Alongside SSL)

When you set up an SSL certificate for your website, you’ll also need to configure it to transmit data using Hypertext Transfer Protocol Secure (HTTPS). Every site you visit uses either HTTP or HTTPS as a prefix for its full URL, including Hostinger:

The HTTPS prefix highlighted on the address bar

HTTPS works just like HTTP, but it enforces higher security standards. If you load a website that uses HTTPS, you’ll know your data is secure during the transfer. However, in order for HTTPS to work, the website you’re trying to access needs an SSL certificate.

If you try to access a site without SSL using HTTPS, you’ll see an error like this one:

A Chrome SSL error.

In other words, SSL and HTTPS work hand-in-hand. If you only use one, the information users send through your website won’t be secured.

Your first move, therefore, should be to get an SSL certificate and set it up to work with your website. Once you have that, you need to tell WordPress to load using HTTPS instead of HTTP. Let’s take a look at how to enable HTTPS on WordPress.

How to Configure WordPress to Use SSL and HTTPS (2 Methods)

At this point, we’re going to assume that you already have an SSL certificate set up for your website. Once you’ve done that, you simply need to force WordPress to use HTTPS. There are two primary ways to do that.

1. Use the WordPress Dashboard and a 301 Redirect

Once you have a WordPress SSL certificate set up, you need to configure your website to use HTTPS. This process is simple if you’re starting a new website. However, if you’re adding an SSL certificate to a site that’s been around for a while, it’s a bit more complicated.

In any case, your first step should be to go to your dashboard and open up the Settings › General tab. Inside, you’ll find two fields called WordPress Address (URL) and Site Address (URL). Your website’s address should appear identical in both, and should use HTTP.

What you need to do is replace that HTTP prefix with HTTPS in both fields, and save the changes to your settings:

Changing your WordPress website's URL to using HTTPS.

That’s all it takes to configure WordPress to use HTTPS. However, some users might have saved your website’s old URL, and it may be linked to across the web. You need to make sure those people make it to the HTTPS version of your site instead. To do that, you can set up a URL redirect.

There are many types of redirects you can use. However, you’re generally best off using a 301 redirect, which tells search engines that your website has moved permanently from one address to another. To implement this redirect, you need to edit a file called .htaccess, which controls how your server interacts with WordPress, as well as its URL structure.

This will require you to access your site’s files directly, using a File Transfer Protocol (FTP) tool such as FileZilla. If it’s your first time doing this, you can find all the details in our FTP guide.

Once you connect to your website via FTP, navigate to the public_html folder and look for the .htaccess file within:

Selecting View/Edit on the .htaccess file in the FTP application.

Select that file and right-click on it, then choose the View/Edit option. This will open the file using your local text editor, enabling you to make changes to it. Don’t alter any of the code within .htaccess unless you know what you’re doing. Just scroll to the very bottom of the file, and paste in the following snippet:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

For this to work, you’ll need to replace the placeholder URL in this code with your website’s full HTTPS address. This will redirect any connection that comes through port 80 to your new, secure URL. As you may know, port 80 is the default for HTTP connections, so this will catch just about anyone trying to access your website through the old address.

Once you’ve added the code with your URL, save your changes to .htaccess and close the file. FileZilla will ask if you want to upload those changes to your server, which you’ll want to agree to. If you try visiting your website using the HTTP URL now, your browser should automatically redirect WordPress to HTTPS version instead.

2. Install a WordPress SSL Plugin

If you’d rather not work directly with your WordPress files, there are easier ways to enforce HTTPS use throughout your website. For example, you can set up a WordPress SSL plugin, which adds the same code we showed you in the previous method.

While this approach is much simpler, it also comes with some added risk. For example, if compatibility issues arise with another tool, your SSL plugin could stop working and your website won’t load over HTTPS until you fix the issue. That means you’ll want to choose your plugin carefully.

We recommend Really Simple SSL, since it’s remarkably easy to set up. All you need is a WordPress SSL certificate ready to go:

The Really Simple SSL plugin banner.

Once you install and enable the plugin, it will scan your website for a WordPress SSL certificate. If it finds one, it will help you enable HTTPS throughout your entire site with a single click. To do this, just visit the new Settings › SSL tab in your dashboard, and click on the Reload over HTTPS button. With that, you’re good to go!

2 Common WordPress SSL Errors (And How to Fix Them)

At this point, you know how to make sure all visitors to your site get to take advantage of a secure connection. In some cases, however, forcing WordPress to load over HTTPS can lead to a couple of errors. Let’s talk about what they are and how to fix them, just in case.

1. Some Assets Aren’t Loading Over HTTPS

After enabling HTTPS for your website, you might find that some of its assets, such as images, aren’t loading properly. That’s because WordPress is still using the HTTP prefix for them instead of HTTPS.

If you find yourself having this problem with your site’s images, CSS, or JavaScript, the easiest way to solve it is to make a few additions to your .htaccess file. However, this approach only applies if you used the manual method during the previous section. We’ll talk about what to do if you used a plugin instead in a minute.

Access your website via FTP again, and look for the .htaccess file within the public_html directory. Open it up, and find the code you added earlier to force a 301 redirect, which should look like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

What you’re going to do is delete that snippet and replace it with one that’s more thorough. This isn’t necessary in most cases, since it isn’t that common to have issues with some assets not loading properly. However, if you are having this problem, here’s the code you should use instead:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

What this code does is force all traffic to load over HTTPS. It also includes rules for your WordPress assets, so it should take care of all the files that weren’t working. After adding it in, save your changes to the .htaccess file and upload it back to the server.

If you configured your website to use HTTPS via a plugin, you shouldn’t need to tweak your .htaccess file manually. Instead, most plugins will offer an alternative solution. For example, Really Simple SSL can scan your website for files not loading over HTTPS, and help you fix them. To use this feature, go to your Settings › SSL tab, and then navigate to the plugin’s Settings page:

Fixing the WordPress mixed content error in the Settings page in the admin panel.

There’s a setting called Auto replace mixed content right at the top of the screen. Make sure it’s enabled, and then save your changes to the plugin’s configuration. This option will ensure that WordPress loads all its assets over HTTPS, and not just your posts and pages.

2. Your WordPress Caching Plugin Is Causing Issues

If you have a WordPress caching plugin set up, your browser might try to load your website’s cached version over HTTP, which can lead to some errors. The quickest way to solve this problem is to clear your WordPress cache.

The way this process works will vary, depending on which caching plugin you use. However, it shouldn’t take you more than a few minutes. For more details, you can check out our guide on how to clear your WordPress cache in WP Super Cache, W3 Total Cache, and WP Fastest Cache. If you’re using another caching plugin, you may need to check its documentation for instructions on how to proceed.

In any case, once you clear your cache, try loading your website again to ensure that your browser is using HTTPS without any errors. Your SSL certificate is now successfully set up!


It used to be the case that WordPress SSL certificates were reserved for business websites, which dealt with a lot of sensitive information. These days, SSL certificates and HTTPS have become commonplace. In fact, search engines such as Google encourage you to use them. Fortunately, as you’ve seen, implementing SSL and forcing your WordPress site to use HTTPS isn’t a difficult task.

Do you have any questions about how to use WordPress SSL and HTTPS? Let’s talk about them in the comments section below!


How to Secure a Website with WordPress SSL: 2 Methods to Setup HTTPS + Common Errors

Having a secure website is essential for any business. Not only does it protect your customers’ data, but it also helps to build trust and credibility. Fortunately, WordPress makes it easy to secure your website with SSL (Secure Sockets Layer). In this article, we’ll show you two methods to setup HTTPS on your WordPress site, plus common errors you may encounter.

What is SSL?

SSL (Secure Sockets Layer) is a security protocol that encrypts data sent between a web server and a web browser. This ensures that any sensitive information, such as credit card numbers, passwords, and other personal data, is kept secure. When a website is secured with SSL, it will display a padlock icon in the address bar and the URL will begin with “https” instead of “http”.

Method 1: Setup WordPress SSL with a Plugin

The easiest way to setup WordPress SSL is to use a plugin. There are several plugins available, but we recommend using the Really Simple SSL plugin. It’s free, easy to use, and it will automatically detect your settings and configure your website to run over https.

To get started, install and activate the Really Simple SSL plugin. Once activated, you’ll be asked to activate SSL. Simply click the “Go Ahead, Activate SSL!” button and the plugin will take care of the rest.

Method 2: Setup WordPress SSL Manually

If you’d prefer to setup WordPress SSL manually, you’ll need to purchase an SSL certificate from a trusted provider. Once you have the certificate, you’ll need to install it on your web server. This process can vary depending on your hosting provider, so you’ll need to consult their documentation for instructions.

Once the certificate is installed, you’ll need to configure your WordPress site to use it. This can be done by editing your site’s .htaccess file. You’ll need to add the following code to the file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This code will redirect all traffic from “http” to “https”. Once you’ve added the code, save the file and upload it to your server.

Common Errors

When setting up WordPress SSL, you may encounter some common errors. The most common error is the “mixed content” error. This occurs when some of your site’s content is still being served over “http” instead of “https”. To fix this, you’ll need to update all of your site’s URLs to use “https” instead of “http”.

Another common error is the “too many redirects” error. This occurs when your site is stuck in a loop of redirects. To fix this, you’ll need to check your .htaccess file for any incorrect redirects.


Securing your WordPress website with SSL is essential for any business. Fortunately, WordPress makes it easy to setup HTTPS with either a plugin or manually. We hope this article has helped you learn how to setup WordPress SSL and troubleshoot any common errors you may encounter.

Jaspreet Singh Ghuman

Jaspreet Singh Ghuman

Passionate Professional Blogger, Freelancer, WordPress Enthusiast, Digital Marketer, Web Developer, Server Operator, Networking Expert. Empowering online presence with diverse skills.

jassweb logo

Jassweb always keeps its services up-to-date with the latest trends in the market, providing its customers all over the world with high-end and easily extensible internet, intranet, and extranet products.


Jassweb, Rai Chak, Punjab, India. 143518
Item added to cart.
0 items - 0.00