Redirect HTTP to HTTPS in WordPress 2025

| Tanveer Shah | 2min read time
redirect http to https in wordpress
How to redirect http to https in WordPress
Share:

In website security, SSL or HTTPS is a very important means of securely transferring the data from the website server to the client browser.

When I set up a website for my client, the first thing I do is install an SSL certificate and also ensure it redirects all HTTP requests to HTTPS, which makes the website secure by encrypting data, which is better for the website owner and the visitors of the website.

Furthermore, if you are still using HTTP, you should need to install a valid trusted certificate and redirect HTTP to HTTPS. Here, I’ll show you three simple methods to redirect HTTP to HTTPS in WordPress.

Using .htaccess file

You can find the “.htaccess” file in the root directory of your website and then edit the “.htaccess” file, adding the below lines of code to the file, so the code commands the server to redirect all HTTP requests to HTTPS.

Before editing, always make a backup of the “.htaccess” file, just in case something goes wrong during editing.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Using WordPress Database

Another method is updating the WordPress database, which will change all the site URLs to HTTPS and will redirect HTTP requests to HTTPS.

Furthermore, before running the query, back up your WordPress database. The below SQL query will replace all the “http” with “https” in the wp_options, wp_posts, wp_postemeta, and wp_comments tables.

UPDATE wp_options SET option_value = replace(option_value, 'http://', 'https://') WHERE option_name = 'home' OR option_name = 'siteurl';
UPDATE wp_posts SET guid = replace(guid, 'http://', 'https://');
UPDATE wp_postmeta SET meta_value = replace(meta_value,'http://','https://');
UPDATE wp_comments SET comment_content = replace(comment_content , 'http://', 'https://');

Using functions.php

The third method is adding the below PHP code in the functions.php file, which will ensure that anyone visiting your website will automatically be sent the HTTPS version.

function redirect_to_https() {
    if (!is_ssl()) {
        wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301);
        exit();
    }
}
add_action('template_redirect', 'redirect_to_https');

Bonus

The below code checks the current values of the “siteurl” and “home” options in the WordPress database and also matches them with the new URL (“https://example.com”) before updating the record in the database. It ensures the database update only occurs when needed.

Additionally, the code prevents unnecessary database writes and improves performance.

$new_url = 'https://example.com';
if (get_option('siteurl') !== $new_url) {
    update_option('siteurl', $new_url);
}
if (get_option('home') !== $new_url) {
    update_option('home', $new_url);
}

Conclusion

In conclusion, redirecting HTTP to HTTPS is very important for your website and its visitors, while it is easy if you know the right method of redirection.

In all the above methods, you can redirect it with the .htaccess file, website database, or functions.php. Furthermore, the process makes your website more secure and reliable. I hope this helps you with your own website.

You May Also Like

2 comments

  1. I have been dealing with this lately so I thought I would share:

    Many WordPress sites still use the old redirect method in .htaccess like this:

    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    This is no longer optimal and will cause your pages to be dropped from the index.

    This only forces HTTPS, but does not enforce a canonical domain (non-www or www).
    As a result, users visiting `http://www.example.com` get redirected to `https://www.example.com`, which can cause duplicate content and SEO issues if your preferred domain is `https://example.com`.

    The correct method is:

    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
    RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

    This forces both HTTPS and non-www, ensuring all traffic goes to your chosen canonical domain.
    Always update your .htaccess to use this approach for best SEO and user experience!

    Reply

    1. You are absolutely right but the article is about forcing HTTPs for both www and non-www, for example many sites that use www and many sites that are non-www so this code will work perfectly for both types of sites.

      RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
      1. Forces HTTPS — plain and simple.
      2. This will redirects any non-HTTPS request to the same host (e.g., http://example.com/page → https://example.com/page or http://www.example.com/page → https://www.example.com/page).

      Your Method:

      RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
      1. Forces HTTPS AND forces the domain to example.com (no “www”).
      2. So http://www.example.com/page becomes https://example.com/page.

      This version of the method that forces “www”:

      RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
      1. If someone hits http://example.com, it’ll redirect to https://www.example.com.
      Reply

Leave a Reply

Your email address will not be published.Required fields are marked *