WordPress force HTTPS and change all HTTP links to HTTPS?



I just installed SSL on one of my sites. While it’s working well on the main site, it’s not on the wordpress blog here. I have added this snippet in .htaccess of the blog:

RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

But it’s still not fully secure with some assets not in secure mode. I used Httpfox to check all the HTTP requests and all HTTP requests are correctly redirected to HTTPS. Now I don’t know why it’s still not fully secure. I thought redirecting all HTTP assets to HTTPS would be the deal in this case? Is it?

If not, it seems the only option left for me is to manually change all HTTP assets (href, src, etc.) to HTTPS across all the content. Is there any easy way to achieve this for the entire WP blog? A plugin? This doesn’t seem right to me as I’m afraid it would neglect one asset or two on some of the posts or pages.

This really sucks…any help would be appreciated!


I have the same question! I’m bummed to see that nobody responded to your question…
I know you can do a SQL command to do a search and replace on your database - to update http to https – and you could do a similar thing with your text editor for the front-end pages. But your Rewrite rule looks like it should do the trick to. Have you gotten any further with this?


I have same question also


Aside from the .htaccess you have to do a couple more steps. I just ran into the same thing and it’s a bit of a pain, but not too terrible if you’re ok with using the terminal and setting up SSH.

Set up SSH - https://help.dreamhost.com/hc/en-us/articles/216385837-Enabling-Shell-access

I used this guide: https://help.dreamhost.com/hc/en-us/articles/214580498#Correcting_all_URLs_in_the_database

Here’s what I did (note I didn’t mess around with the PHP myAdmin stuff) Obviously this is at your own risk but dreamhost support is actually pretty good if you happen to mess it up.

  1. Login via SSH in terminal type: ssh yourshellusername@servername.dreamhost.com

  2. enter your password and log in

  3. change directories, type: cd yourdomain.com

  4. Back on wordpress, click settings > general and change http in your domains to https. If those domains are not editable, do step 5, else do step 6

  5. If you scroll down (using your arrow keys) to define('WP_HOME','http://yourdomain.com'); Change that URL to 'https://yourdomain.com'

  6. Do the same thing with the following line WP_SITEURL

  7. Scroll down some more to /* That's all, stop editing! Happy blogging. */

  8. Right above that paste the following
    /* Force SSL */
    define('FORCE_SSL', true);
    define('FORCE_SSL_ADMIN', true);

  9. type ctrl + x to close, then y [enter] when asked if you want to save

  10. now you can type wp search-replace http://yourdomain.com https://yourdomain.com

  11. For me I had some assets at www.mydomain.com so I also had to do wp search-replace http://www.yourdomain.com https://yourdomain.com which finally got me to secure status