Convert a WordPress Website to HTTPS (SSL)

Please Note: Customers with 1&1 IONOS Managed WordPress packages do not need these instructions since their website will automatically switch to HTTPS when the SSL certificate is activated.

How to Enable SSL Encryption for All Pages on your Website

Once you've secured your domain with an SSL Certificate, you should make sure that SSL encryption is active all of the time and everywhere on your site. To do this, you convert your WordPress internally to the HTTPS address and ensure that visitors to the "old" HTTP address are automatically redirected to the secure HTTPS website.

Requirements

Your domain must be secured with an SSL certificate.

For your website to use HTTPS, you must have connected your domain to an SSL certificate. You can check this by visiting your domain with https:// (such as https://www.example.com instead of http://www.example.com).

Activate an SSL Certificate Now

Find out more Set Up an SSL Certificate Managed by 1&1 IONOS

Customising Addresses (URLs)

To set the WordPress CMS to HTTPS, you must edit the website's address setting:

  • Log in to the admin area of your WordPress website and click Settings > General on the menu.
  • In the WordPress Address (URL) and Website Address (URL) fields, replace http with https.
  • Click Save Changes.

Force HTTPS for All Visitors

After you have adjusted the URLs, you can use a so-called 301 Redirect to ensure that all HTTP requests are forwarded to the HTTPS website in a search engine friendly way. So links with the "old" HTTP address automatically lead to the HTTPS website.

To set up 301 Redirect, you must access your webspace and insert the following code into the .htaccess file in your WordPress directory:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.tld/$1 [R,L]
</IfModule> 

You can easily edit your .htaccess file through 1&1 IONOS :

  • Open WebspaceExlorer, click on the clickandbuilds folder, and go to the directory of your WordPress website.
  • Click Actions > Edit File to the right of the .htaccess file.
  • Insert the above code lines at the end of the .htaccess file.

    IMPORTANT: Replace domain.tld with your domain.

  • Click Save. Forwarding is now configured and immediately active.

Fix a Mixed Content Warning

If browsers still classify your website as insecure after the conversion and display a mixed-content warning in the browser, further action is required.

The Mixed content warning occurs when a website accessed in encrypted form (HTTPS) partially loads unencrypted content through HTTP. This can be the case, for example, with images, audio, or video files loaded from an external webspace or provider.

To learn how to identify and fix mixed content, see our help article Fixing the Mixed Content Warning on SSL-Enabled Websites.