3 simple steps to turn your WordPress to HTTPS without redirect loops

If your wordpress http to https redirect is not working with redirect loop, try these 3 steps that will help you safely change your WP site to use HTTPS.

This post is going to help you turn your WordPress installation to change to HTTPS after you’ve bought a SSL certificate from a Certificate Authority or from CDN services like Cloudflare. Privacy and security are hot topics at this time with all the surveillance revelation. So sites should offer secure way to browse their websites without having to worry about Man in the Middle (MITM) attacks. Google also has pointed out that it will be considering secure sites to rank better to better protect it’s users.

WordPress http to https redirect

If you installed WordPress before you got a SSL certification then you’ll have installed it in HTTP protocol which sets every link to be in HTTP. Changing the links directly in the WordPress settings can take your site take the browser into an infinite loop and make you change the configuration directly from the MySQL database. However i’ve found that this problem arises when you have an older WordPress installation and it doesn’t affect a new installation.

So if you’re having a problem porting your site to the secured side of the web, try the following steps which have worked multiple times for me and other users. You might also want to set your site to maintenance mode if you expect any errors to occur or just let the viewers know you’re updating your sites. You can remove the maintenance mode once you’re done setting up your site to use SSL.

1. The first thing you need to do is open up your file manager control panel or FTP client to access the wp-config.php file on your server.On the wp-config.php file, add the following line just after the < ?php line so it’s executed first before any other code.

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {

2. The next thing you need to do is to add the https:// links directly to your wp-config.php file, this overwrites the settings on your WordPress settings dashboard. This is much easier as if you might encounter any problems you can switch back to your previous settings just by removing those lines on the file.

Add this after define(‘WP_DEBUG’, false);


The Links should reflect the domain and folder of your WordPress installation.

3. This might not be necessary but if you want all the HTTP request to be redirected to HTTPS. Try this only if you really have an ssl certificate on your host and not flexible ssl like cloudflare provides. If you don’t have a SSL on your host, it will again cause it to loop. For doing this you need to edit the .htaccess file of the root of your site.

RewriteCond %{HTTPS} !=on

RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]

The above code checks if the connection is secured or not and if not redirects the user to the secure page of the same link. You should add the correct folder directory if you are not using the root of the domain as your WordPress site.

And that’s it check your wordpress site by going to the home page and testing whether it redirects to the https:// by default. After you’re done with this you’ll still have to check multiple plugins, images and scripts to use HTTPS protocol as they use the default HTTP protocol to access external scripts or images.

Let us know if there are any errors or updates you have made to make it work. Thanks

Leave a Reply