WordPress HTTPS Redirect via .htaccess (3-Step 2025 Guide)
If your WordPress site still loads with http:// instead of https://, you need a fast and permanent solution. The simplest fix is applying a wordpress https redirect through your .htaccess file. This method improves SEO, increases security, and removes all “Not Secure” warnings. It works instantly and requires no plugins.
Why HTTPS Matters for WordPress
A secure HTTPS redirect prevents data interception and protects login pages, forms, and cookies. In addition, Google treats HTTPS as a ranking factor, so your site becomes more visible in search results. Because modern browsers highlight insecure pages, switching to HTTPS increases user trust immediately.
Step 1 — Locate Your .htaccess File
First, open your hosting control panel such as cPanel, DirectAdmin, or Plesk. Then navigate to the WordPress root folder, typically public_html or www. If the .htaccess file is hidden, enable “show hidden files.” This file controls redirects and rewrite rules.
Step 2 — Add the HTTPS Redirect Rule
Next, open .htaccess and paste the rule at the very top:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
This code forces every visitor to access the HTTPS version. It also sends a permanent 301 Redirect signal to Google, which helps consolidate duplicate URLs and strengthens your SEO ranking.
Step 3 — Verify the HTTPS Redirect
After saving the file, type http://yourdomain.com into your browser. If the redirect is working, it will jump instantly to https://yourdomain.com. Otherwise, clear your browser cache and test again. You can also confirm the redirect using the free tool at Redirect Checker.
Benefits of HTTPS Redirect
Setting up a wordpress https redirect brings several advantages:
- Eliminates browser “Not Secure” warnings.
- Improves rankings due to Google’s HTTPS preference.
- Works with HTTP/2 and CDNs for faster performance.
- Protects login pages, admin sessions, and cookies.
- Ensures secure API and e-commerce communication.
Overall, it’s a high-impact change that delivers long-term stability and trust.
Alternative Plugin Method
If you prefer automation, install Really Simple SSL. It detects your SSL certificate and forces HTTPS across your site. However, the manual .htaccess method remains faster, lighter, and more reliable.
Extra HTTPS Optimization Tips
- Enable auto-renew for your SSL certificate.
- On Cloudflare, activate Full (Strict) mode.
- Use Better Search Replace to convert old internal links.
- Add HSTS after verifying everything works:
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload - Back up
.htaccessbefore editing.
FAQ: wordpress https redirect
Why doesn’t my redirect work?
Your SSL certificate might not be active. Check port 443 or verify your CDN settings.
Can I redirect www to non-www with HTTPS?
Yes. Here is the rule:
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [L,R=301]Final Thoughts
Applying a wordpress https redirect with .htaccess takes only minutes, yet the benefits last for years. It strengthens security, boosts SEO, and ensures every visitor loads the correct version of your site. For more WordPress guides, visit our WordPress Tutorials.
Meta: wordpress https redirect via .htaccess — 3-step setup for secure, SEO-friendly WordPress sites. Includes redirect rules, verification steps, and optimization tips.
