How to Move WordPress from HTTP to HTTPS
Moving WordPress to HTTPS secures your visitors and helps SEO. With a free SSL certificate already issued, it is a short, safe process.
Step-by-step
- Confirm SSL is active for your domain — Security → SSL/TLS Status (see AutoSSL).
- Update the site URLs. wp-admin → Settings → General → set both addresses to https:// (see changing the site URL).
- Install a simple SSL/HTTPS plugin or add an HTTPS rule — either updates internal links and handles redirects.
- Fix mixed content. Update any hard-coded http:// image/script URLs in content to https:// so the padlock is clean.
- Force HTTPS at the server. Turn on Force HTTPS Redirect in cPanel → Domains (see forcing HTTPS).
- Test in a private window — the padlock should be solid on every page, and http:// should redirect to https://.
💡 Good to know
- Back up before the switch so you can revert if a plugin misbehaves.
- Update your Google Search Console and analytics to the https:// property.
- Mixed-content warnings always trace to an asset still loaded over http:// — find it via the browser console.