Converting a WordPress Website to HTTPS (SSL)
Please use the “Print” function at the bottom of the page to create a PDF.
Please Note
Customers with IONOS Managed WordPress packages do not need the following instructions since their website will automatically switch to HTTPS when the SSL certificate is activated.
In this article, we'll show you how to enable SSL encryption for every page of your WordPress website.
Once you've secured your domain with an SSL Certificate, you should make sure that SSL encryption is active all of the time and everywhere on your site. To do this, you convert your WordPress internally to the HTTPS address and ensure that visitors to the "old" HTTP address are automatically redirected to the secure HTTPS website.
Requirements
Your domain must be secured with an SSL certificate.
For your website to use HTTPS, you must have connected your domain to an SSL certificate. You can check this by visiting your domain with https:// (such as https://www.example.com instead of http://www.example.com).
Activate an SSL Certificate Now
Find out more Set Up an SSL Certificate Managed by IONOS
Customizing Addresses (URLs)
To set the WordPress CMS to HTTPS, you must edit the website's address setting:
- Log in to the admin area of your WordPress website and click Settings > General on the menu.
- In the WordPress Address (URL) and Website Address (URL) fields, replace http with https.
- Click Save Changes.
Please Note
Starting with WordPress 5.7, all internal links are automatically switched to HTTPS by using this URL adjustment. Older WordPress versions may require further changes as described in the section Fixing Mixed Content Warnings below.
Forcing HTTPS for All Visitors
After you have adjusted the URLs, you can use a so-called 301 Redirect to ensure that all HTTP requests are forwarded to the HTTPS website in a search engine-friendly way. This will make sure that links with the "old" HTTP address automatically lead to the HTTPS website.
To set up 301 Redirect, you must access your webspace and insert the following code into the .htaccess file in your WordPress directory:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.tld/$1 [R,L]
</IfModule>
You can easily edit your .htaccess file through IONOS:
- Open WebspaceExplorer, click on the clickandbuilds folder, and go to the directory of your WordPress website.
- Click Actions > Edit File to the right of the .htaccess file.
- Insert the above code lines at the end of the .htaccess file.
IMPORTANT: Replace domain.tld with your domain.
- Click Save. Forwarding is now configured and immediately active.
Fixing Mixed Content Warnings
If browsers still classify your website as insecure after the conversion and display a mixed-content warning in the browser, further action is required.
The Mixed content warning occurs when a website accessed in encrypted form (HTTPS) partially loads unencrypted content through HTTP. This can be the case, for example, with images, audio, or video files loaded from an external webspace or provider.
To learn how to identify and fix mixed content, see our help article Fixing the Mixed Content Warning on SSL-Enabled Websites.