Posted on Leave a comment

Switching WordPress to https only

Wordpress Logo

As you might have seen I’ve switched this site to https only. The steps involved in switching WordPress to https only are pretty simple.

Set Site URL

First, make sure to set the proper https site URLs. You find these options under Settings » General: Wordpress set site URL to https

Redirect non-https traffic

Second, make sure to redirect all non-https requests to https-only in your .htaccess file. In the example below I’ve included an automatic redirect to the www subdomain for the SSL certificate. You can safely ignore this step in case you have a different setup:

RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Update media URLs

Afterwards, you (probably) need to update the URLs of your referenced media files in your blog posts/pages. Do so by issuing the following command (of course replace with your proper domain):

UPDATE wp_posts SET post_content = 
replace(post_content, '', '');

Update template and plugins

Finally, you need to make sure that your theme and respective plugins do not statically reference any http-only files, e.g., etc. For instance, for the tiga-theme that this site’s is derived from you need to overload the Google fonts URL set by enqueue.php (replace http:// with // only):

wp_enqueue_style( 'tiga-font', 
null, TIGA_VERSION, 'all' );

That’s it 😉