Adding SSL and HTTPS in WordPress

Being a beginner web developer, I have started asking too many questions with everyone everywhere, and I am going to do it again here. Recently, I was working on one of my website which I developed on the WordPress, and as per its requirement, I needed to add SSL and HTTPS on the website.
The dilemma is, all of my friend who is also related to the website development industry is now willing to point out the mistake in the code which is given below.

RewriteEngine On
RewriteCond {SERVER_PORT} 80
RewriteRule ^(.*) [R,L]

This is the code that I am trying to use to add SSL and HTTPS through updating my WordPress website URL.
It is not like I am not aware of such terms and codes. The only problem is that I never did this with any of the websites. I have only done adding HTTPS and SSL on specific pages with a plugin. That is why this thing is new to me, and I think such are the confusions that every beginner website developer must have faced once or two.
That is why I am writing this post and want to ask it from the readers of this post that what is wrong in the code and it would be great for me if anyone walks me through the whole process of adding SSL and HTTPS on the WordPress website. Please comment below and help me out from this misery which is costing me a lot of valuable time.

To enable SSL on your website (so you can connect to it via https), you need to install an SSL certificate on your web server. Depending on your web server (IIS, apache, etc), you’ll have to generate a CSR (Certificate Signing Request).

Then you order your SSL certificate (the cheapest I found is $50/year), submit your credentials, info, domain, etc. and CSR, and after processing, they’ll email you back a certificate that kinda looks like this…


You then paste the above certificate to your web server account.

Only then can you connect to your website via

Now, if you want to force every user to connect via https instead of http, that’s when you do the Rewrite Rules.

Again, this differs whether you’re running an IIS web server or Apache web server. Consult your web host.

Okay, now to the practical side… SSL certificates are not free. If your website isn’t asking for any secure information (say ID and password), you don’t need https. Also, https works on a per domain basis. Some certificates only work with your main domain name and www, while the more expensive ones can work with your and any other subhost (a wildcard certificate).

** I think there are some non-profit groups that give out free SSL certificates but it has to be renewed every 3 or 6 months I think. The whole process is also automated, and if your web host supports it, then you’re in luck.

You can check out this site.

1 Like

This isn’t true.

LetsEncrypt offers free certificates.

Browsers (i.e. Chrome) are moving in the direction of alerting users when they view HTTP pages, regardless of the content.

Also, Google gives higher search engine rankings for pages with HTTPS.

@Ellaschofield00 are you asking what’s wrong with that specific .htaccess code? I know there are different ways to write that RewriteRule statement, so maybe that’s what they’re worried about. Also, you’ll want to change the base URL of the site in the WordPress settings to HTTPS as well as everything in the database that refers to HTTP.

Here’s a popular plugin to help with this:


Let’s Encrypt does indeed offer free certificates. I’m with Dreamhost and, once you have requested for one to be installed on a domain/subdomain, the entire process is automated—including renewal. Organisations like Mozilla and the EFF, to name a few, sponsor Let’s Encrypt.

Here’s an example. :stuck_out_tongue:

Insecure security

1 Like

No need for a rewrite — once you set the wordpress site url to https, wp will automatically (internally) redirect as needed.

1 Like

Adding redirection of HTTP to HTTPS is tedious and needs careful planning. Follow the steps given below:

  1. Purchase an SSL certificate
  2. Install the SSL certificate
  3. Update all internal and external links to HTTPS
  4. Set up 301 redirects from HTTP to HTTPS
  5. Add all variants of the website site in Webmaster Tools
    These are the general steps for redirection.

Since the whole procedure can’t be explained here because it includes some code also so I suggest you Check this Resource including screenshots of the procedure to know every bit of HTTPS and SSL and how to implement the same.
Good Luck!

You’re overcomplicating the matter. It seems from the first post OP already has a cert (if not, get a free one , eg. from Let’s encrypt). Wordpress will deal with 3-4, the webmaster has to fix only any hardcoded http paths he added himself. Webmaster Tools I have never heard about, so can’t comment on that.

For WordPress users there is an amazing guide available for integrating SSL.
How to install SSL certificate on WordPress site

Thank You for the informative post.

You are basically adding SSL and HTTPS in your WordPress site, which is quite straight forward. I have done this many times and I can help you in this process.

First you need to create your SSL which is totally free. You can do it from Let’s Encrypt without paying a cent. All steps are given at this article - How to manually Install Let’s Encrypt free SSL Certificate on any hosting

After that you need to go to Settings » General page of your WordPress dashboard and update your WordPress and site URL address fields by replacing http with https.

Check the below screenshot with explains this:


Finally, you need to set up WordPress redirects from HTTP to HTTPS. This is done by adding the following code to your .htaccess file. You will find this file in your website’s root folder.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

That’s quite easy, isn’t it? You also don’t need any help from some plugin to do this.

Thanks & Regards