How To Activate SSL On Your WordPress Site Without Plugins (No Redirects)

Hello guys, welcome back to another WordPress tutorial. This is a special topic for any developer. Because SSL is a must in these days. Some hosting companies are providing SSL freely. But the problem is, most of the developers (Including me) don’t know how to activate it and force users to https.

By the way, Google is identifying non-SSL and SSL sites. Their mission was to get all the website onto SSL and https. So if you have a non-SSL website, they will say that your site is not secure. However, I hope, you don’t want yours or your client’s websites flashing up scary, not secure warnings. That is definitely bad for business. So the upshot is if you haven’t already, you need to switch your WordPress website to SSL.

Finally, I think I could do it. But, I searched for different tutorials and they just had different opinions. Some guys were using only wp-config to force users and some of them used .htaccess and some of them used a plugin. By the way, I’m not a fan of using plugins. Because I cannot trust anyone now. However, I activated my SSL certificate in minutes. But the problem was the redirection part.

So, I’m going to tell you exactly how to make the switch as easy as possible and avoid all the various potential pitfalls that trip so many people up. Most importantly, it’s a process that you still need to be really careful of.  Because of that, I should explain a bit about this SSL and if you don’t want to read, just skip to the subheading. According to my research, SSL switching pitfalls can be as follows.

  • Maybe you switch to SSL, but don’t see the padlock.
  • Wrong ways can lose your site engine rankings.
  • Forget to update external services.

Why this SSL can be a great idea,

  • Data can’t be intercepted or modified in transit. : As an example, when you access the admin panel, username and password normally sent as plain text and anyone could read it if they need to.
  • Huge Level of trust & credibility. Visitors can see the green padlock and the have better user experience because of it.
  • Performance and Speed – Sites using HTTPS can use faster HTTP/2. If your site uses SSL, then it automatically runs on HTTP/2. Shortly it’s faster than the boring old HTTP/1.

Let’s Do This

*Important – I assume, you already have SSL certificate installed for your domain. If you haven’t yet, just contact your hosting provider and ask them about that service.

Before doing this

  • Take a backup
  • Clear Caches (if you use a cache plugin)
  • Turn your CDN off.

1st step:

  • Go to your admin panel.
  • Then, click on Settings -> General.
  • replace http to https in URL fields.

  • Then save it.


2nd Step:

  • Login to your CPanel.
  • Go to file manager and select the WordPress installed directory.
  • open .htaccess file. (If you can’t see it, just check “show hidden files” using settings button in the top corner.)
  • then paste the following code.
RewriteCond %{HTTPS} !=on [NC] [OR] 
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
  • After saving it open the wp-config.php file.
  • Then paste the following code line before “/* That’s all, stop editing! Happy blogging. */” comment.
define('FORCE_SSL_ADMIN', true);
  • Then save it and you can close the CPanel.


3rd and Final Step

The most important part. Because you didn’t have your SSL certificate activated in the beginning. all the URLs are in http mode. So you have to change all http:// URLs into https:// in the database. To do that, you have to install a plugin called Search & Replace by  Inpsyde GmbH (Plugin will be removed after the process) or you can use any search and replace plugin.

Then, follow the steps which are given below.

  • Go to tools -> search & replace.

  • Create SQL backup and download it to your computer.
  • Click on Search & Replace tab and give your information as follows. (Replace your domain name)

  • Then submit. (If you got any error, just select the other option called “ ” and download edited SQL file to your computer and import it to your database after dropping all the tables in your database.)

After doing all the changes as above explained, just make sure, your site is working without any errors and use this tool to check mix content errors.

That’s all, now you’re OK with your SSL certificate. I hope you could understand it well. By the way, if you got any question just comment it in the comment section or you can use the messenger icon to send me a direct message. I will come back with another tutorial soon. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *