How to redirect from http to https in WordPress


Thanks to Let’s Encrypt and WordPress projects today is very easy to migrate your site from http to https (secure version of the HTTP protocol).

The following procedure also works for those sites that are behind a reverse proxy like NGINX and the connection between the proxy and the site is done via http, even if you cannot modify the web server configuration, lets see some concepts and definitions:

Concepts and definitions

WordPress is a Content Management System developed in PHP and MySql with an architecture based on plugins and themes. WordPress is developed and maintained by hundreds of developers around the world.

Let’s Encrypt is a free, automated, and open Certificate Authority (launched on April 12, 2016) that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

SSL / TLS (Secure Socket Layer / Transport Layer Security): are cryptographic protocols that allow to establish a secure communication channel on the Internet: web, mail, fax and instant messaging.

CA (Certificate Authoritative): trusted entity that issues digital certificates for third party.

Note: Before executing the following procedure in a production environment do a backup of your BD and run it on a test enviroment, LibreByte is not responsible for any damage or loss of data that could derived from the following procedure, do it at your own risk.

Step 1. Edit wp-config

wp-config is the WordPress configuration file and the second file to load after index.php so we will put the following code before any PHP code.

// Check if a redirect is needed
$redirect = !isset($_SERVER['HTTPS']) || ('on' != $_SERVER['HTTPS']);
$redirect = $redirect || !isset($_SERVER['HTTP_X_FORWARDED_PROTO']) || ('https' != $_SERVER['HTTP_X_FORWARDED_PROTO']);

// Permanent redirect to https version
if ($redirect) {
    header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], true, 301);

The $_SERVER['HTTPS'] variable has a non empty value if the request is HTTPS, the $_SERVER['HTTP_X_FORWARDED_PROTO'] = https when your site is behind a reverse proxy. It is advisable to check what values take these variable then put the following code:


in a test file accessible from your HTTPS connection.

Step 2. Update prefix_posts table

Connect to the WordPress database and locate the posts table this table must have a prefix defined in the variable $table_prefix, found it in the file wp-config.php, once you’ve connected to the WordPress database run the following query 

UPDATE tableprefix_posts
post_content = REPLACE(post_content, '', ''),
post_excerpt = REPLACE(post_content, '', '')
WHERE post_content LIKE '%' OR post_excerpt LIKE '%'

the previous query will update all http url to https version.

2 thoughts on “How to redirect from http to https in WordPress”

    1. The drawback about using “Really Simple SSL” is that this plugin do the replacement on the fly so every time a page is loaded you get a performance hit.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.