HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. More and more WordPress owners are migrating from HTTP to HTTPS, mainly due to the 5 following reasons:

  1. Google announced that sites using HTTPS will get a slight ranking factor in Google search.
  2. You can achieve faster performance with the new HTTP/2 protocol which requires HTTPS due to browser support. And yes, Kinsta supports HTTP/2 on all servers.
  3. HTTPS is more secure and your visitor’s data is entirely encrypted.
  4. HTTPS can build trust by enabling the green padlock in the visitor’s web browser address bar.
  5. If someone is visiting a website from HTTPS and going to an HTTP website, the referral data is lost in Google Analytics. It usually ends up lumped together with the “direct traffic.” If someone goes from an HTTPS website to another HTTPS website, the referral data is still passed. So by migrating from HTTP to HTTPS, you can actually have more accurate referral data.

Prefer to watch the video version?

How to Redirect HTTP to HTTPS in WordPress

There are a couple different options you have when choosing to redirect HTTP to HTTPS in WordPress.

If you’re a Kinsta client, the easiest way is to use our force HTTPS tool (recommended). Another way is to do it at the server level, or you can even do it with a free WordPress plugin. Note: Our examples all include a 301 redirect directive which is the correct way to implement it in regards to SEO. Using a different type of redirect could harm your rankings.

Redirect HTTP to HTTPS on MyKinsta

No need to install a plugin or reach out to our support team, you can easily redirect all of your HTTP traffic to HTTPS on MyKinsta. Simply log in to the MyKinsta dashboard, browse to your site, and click on “Tools.” Next, click the “Enable” button under Force HTTPS.

Force HTTPS in MyKinsta
Force HTTPS on MyKinsta

You can choose to use your primary domain as the destination or a requested alternative domain. Then click “Force HTTPS.”

Force HTTPS Options
Force HTTPS Options

Note that if you use 3rd party proxies or if you had custom HTTPS rules set up forcing HTTPS may lead to some errors. If you notice any issues simply disable HTTPS forcing and contact support.

Redirect HTTP to HTTPS in Nginx

According to W3Techs, Nginx is the fastest growing web server and holds a 30%+ market share as of 2017. On average, every minute one of the top 10 million websites starts to use Nginx.

redirect http to https in nginx

If your web server is running Nginx, you can easily redirect all of your HTTP traffic to HTTPS by adding the following code to your Nginx config file. This is the recommended method for redirecting WordPress running on Nginx.

server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}

We use Nginx for everyone here at Kinsta. The great news is that you don’t have to worry about this. If you need to add a redirect simply open up a quick support ticket and let us know which domain you need to be redirected. We then add it to the Nginx config for you.

Redirect HTTP to HTTPS in Apache

redirect http to https in apache

If your web server is running Apache, you can easily redirect all of your HTTP traffic to HTTPS by adding the following code to your .htaccess file. This is the recommended method for redirecting WordPress running on Apache.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

None of Kinsta’s servers are running Apache.

Redirect HTTP to HTTPS with Really Simple SSL Plugin

The third option you have to redirect from HTTP to HTTPS is to use the free WordPress Really Simple SSL plugin.

We don’t recommend this method as a permanent solution because 3rd party plugins can always introduce another layer of problems and compatibility issues. Also, for an HTTPS migration, you should update your HTTP URLs in the database, rather than relying on a plugin. But this can be a good temporarily solution.
really simple ssl plugin
Really Simple SSL WordPress plugin

The plugin has 2+ million active installs with a 4.9 out of 5-star rating, and is actively kept to date by the developer, Rogier Lankhorst. You can download Really Simple SSL from the WordPress repository or by searching for it within your WordPress dashboard under “Add New” plugins. Here is a list of what the plugin does:

  • All incoming HTTPS requests are redirected from HTTP to HTTPS. If possible with .htaccess, or else with JavaScript.
  • The WordPress site URL and home URL are changed to HTTPS.
  • Your insecure content is fixed by replacing all HTTP:// URLs with HTTPS://, except links to other external domains. Everything is done dynamically. Other than the WordPress site URL and home URL, no other database changes are made.

There aren’t really any steps to using this plugin, you simply install and click on “Go ahead, activate SSL” and you’re good to go.