3-Step WordPress HTTPS Redirect via .htaccess (Ultimate 2025 Guide)
If your WordPress site still loads with http:// instead of https://, it’s time to fix it. Implementing a WordPress HTTPS redirect is one of the fastest ways to boost your website’s SEO, security, and credibility. In this updated 2025 guide, we’ll show you how to set it up using only the .htaccess file—no plugins required.
Why HTTPS Matters for WordPress
An HTTPS redirect ensures all visitors use the secure version of your website. Without HTTPS, information like passwords or form data travels in plain text, which attackers can intercept. Beyond security, Google officially considers HTTPS a ranking factor—so redirecting from HTTP to HTTPS helps both safety and visibility.
Step 1: Locate Your .htaccess File
Access your hosting control panel (like cPanel, DirectAdmin, or Plesk) or connect via FTP. Navigate to your WordPress installation root—usually public_html or www.
If you don’t see the .htaccess file, enable “show hidden files” in your File Manager’s settings. This file handles rewrite and redirect rules for your site.
Step 2: Add the Redirect Rule
Open the .htaccess file in a text editor and insert the following code right at the top:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
What this does:
– Detects when HTTPS is off
– Redirects visitors to the secure HTTPS version
– Sends a **301 Permanent Redirect** to inform browsers and Google that this is the official version
After saving, every HTTP request will automatically go to its HTTPS equivalent.
Step 3: Save and Verify the Redirect
Once saved, open your site in the browser and type:
http://yourdomain.comIt should instantly redirect to:
https://yourdomain.comIf it doesn’t, clear your browser cache and retry. You can also check the redirect path using Redirect Checker or your browser’s network tab.
Alternative Method (Plugin Option)
If you’re uncomfortable editing files manually, you can use a plugin like Really Simple SSL. It detects your SSL certificate automatically and forces HTTPS.
However, doing it manually in .htaccess is faster, safer, and avoids unnecessary plugin bloat.
Extra HTTPS Optimization Tips
- Ensure your SSL certificate is valid and auto-renewing.
Test for mixed content using WhyNoPadlock.
If using Cloudflare, enable “Full SSL” and “Automatic HTTPS Rewrites.”
Update all internal URLs from http://tohttps://via the Better Search Replace plugin.
Always back up your .htaccessbefore editing.
FAQ: WordPress HTTPS Redirect
1. My redirect doesn’t work — what should I do?
Check that your hosting supports SSL (port 443). If not, contact your provider to install a free Let’s Encrypt certificate.
2. Can I redirect only www to non-www with HTTPS?
Yes, just combine the two rules or use:
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [L,R=301]Final Thoughts
Configuring your WordPress HTTPS redirect via .htaccess is the cleanest and fastest way to secure your website. It only takes minutes and significantly improves SEO, user trust, and security—without relying on extra plugins.
If you want more technical WordPress tutorials, visit our WordPress Guides section.
≈ 640 words
