How to change HTTP to HTTPS in a WordPress site URL? (2019 beginners guide)

Nowadays one of the main issues of WordPress website owners, especially the ones who have online stores, is to have secure website. There are so many ways such as using security WordPress plugins or good hosting services and so on. On the other hand, there are so many ways you can do to make your site more secure. One of the most important things you must do right after installing WordPress is to change HTTP to HTTPS in a WordPress site URL.

If you want to know more about WordPress security items read our article about WordPress security checklist 2019.

What are HTTP and HTTPS stand for?

Many of websites around the globe use HTTP and many others use HTTPS. HTTP stands for Hypertext Transfer Protocol. The difference between HTTP and HTTPS is just an s, but in practice, they have huge differences. That single s stands for secure. It means HTTPS stands for Hypertext Transfer Protocol Secure.

What do HTTP and HTTPS do?

They provide channel to transfer your data between web server and any device you are using at the moment. It means as soon as you open a browser, you are using this protocol to transmit all your data on the world wide web. The difference is HTTPS uses a secure socket layer (SSL). The SSL sends data through a safe tunnel to its destination. It also encrypts data which prevents hackers from cracking the data. Many browsers on PCs or mobile phones show a lock icon beside the URL to show that this URL is using HTTPS or not.

Why change HTTP to HTTPS in WordPress

There are so many reasons to do that:

  1. Due to statistics, less than 0.2 percent of all sites around the globe use SSL. This means a great benefit for you.
  2. If your site has crucial information like phone numbers or credit card numbers for customers, you have to take care of them by using HTTPS.
  3. Using HTTPS shows people that you can be trusted.
  4. Due to announcement of search engines specially Google, it has many many benefits for SEO.
  5. Change HTTP to HTTPS will increase your WordPress load speed time.


6 steps to change HTTP to HTTPS in a WordPress site URL

We care about your website’s security. So here is our 6 Steps about moving WordPress from HTTP to HTTPS.

1. Back up

Before doing anything consider that you need to create a backup file from all available data of your website. Even better than that, if it is possible for you, do all the process on a test server and site.

2. Which SSL certificate is suitable for you?

If you want to get SSL for your site, you should know that there are three different types of SSL certificates:

  • Domain-level validation: suitable for normal sites and least expensive one.
  • Extended validation: Most secure one
  • Organization validated: Suitable for businesses

If you want to start using SSL as a beginner, Domain-Level validation is the best option.

3. Activate an SSL certificate

  1. Go to your cPanel account, security
  2. Click on SSL/TLS

    Click on SSL/TLS to start activating SSL for your WordPress site
    click on SSL/TLS to start activating SSL for your WordPress site
  3. In the new page click on Certificate Signing Requests

    Next step to change HTTP to HTTPS WordPress is to get a CSR code.
    Next step to change HTTP to HTTPS WordPress is to get a CSR code
  4. Fill out the form and click on Generate button
  5. After that your domain CSR will be generated and shown as below

    Encoded CSR code to change HTTP to HTTPS in a WordPress site URL
    Encoded CSR
  6. Now go to your SSL provider. Enter the CSR generated code in text area. Then click NEXT

    steps of change HTTP to HTTPS in a WordPress site URL
    How to set your CSR code
  7. Next step, you will be asked to enter your CSR information and choose an email.
  8. After submitting all information, an email will be sent to your chosen address. To validate your domain just follow the instructions.

4. Install SSL certificate

  1. At your cPanel click on SSL/TLS. Click on Certificates (CRT)
  2. In Upload a New Certificate section, upload you certificate file which has *.crt extension.
  3. Next step is to click on Manage SSL sites.
  4. Click on drop down list and choose Autofill by domain.
  5. At the final step click on install certificate button.

5. Change your WordPress configuration for SSL/HTTPS

  1. On your WordPress dashboard, go to Settings > General.
  2. Change WordPress Address (URL) and Site Address (URL) HTTPS. Then click on save
  3. We need to change the constant FORCE_SSL_ADMIN to true. You have to done this through your site’s wp-config.php. this action will force all logins and all admin sessions to happen over SSL

define(‘FORCE_SSL_ADMIN’, true);

6. Final steps

  1. As the final step, we need to tell Google that we have change our URL. To do this we should add our website address in Google Webmaster tool again.
  2. Redirect all previous links: just add code bellows to your htacess file and done.

RewriteEngine on

RewriteCond %{HTTP_HOST} ^ [NC,OR]

RewriteCond %{HTTP_HOST} ^ [NC]

RewriteRule ^(.*)$$1 [L,R=301,NC]

An important tip: if you use CDN for your site to transfer all your sites data faster, just be sure that site address has the HTTPS in the URL which has been set in CDN service you are using.


To increase your site’s security, you must add SSL to your site through your cPanel. Adding SSL results in change HTTP to HTTPS in your URL address. Many browsers show people that you have HTTPS and as a result, people will trust you better than before.

It also helps you to get a better rank in google search result pages that can boost your business especially for eCommerce.

If you need more help, just feel free to ask us any question by commenting below. We are here to help you out.

Was this post helpful for you?
so so

If you want get latest posts in your email, insert your email in this fiel now:

Our subscribes until now:

Leave a Reply

Sending comments means that you read Comments rules and accept it.

we suggest this post to read