Forcing your wordpress site to use https

Hello, today we will force our WordPress site to use HTTPS instead of HTTP
You can use plugins or something else but the proper way to force your site to use HTTPS is by editing the .htaccess file.
In fact, doing something wrong with .htaccess can cause your site to crash and more

So let’s start our Guide

If you set up your WordPress your .htaccess should look like this

#BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

But adding a simple sentence can force your site to use HTTPS

This is an example:

RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$$1 [R=301,L]

Note - only one RewriteEngine on can exist in your .htaccess code !

Finally, there are a lot of ways to force your site to use HTTPS, but I will show the way that redirects to HTTPS you can use Cloudflare but this can be enough to force your site to use HTTPS
Don’t forget you need an SSL certificate to use HTTPS.
Have a nice day hope you force your site to use HTTPS :slight_smile:


I showed how to force your site use https without using plugins.
Thanks, who don’t want to edit .htaccess can use plugin but don’t forget you can force your site use htttps without using plugins.

I haven’t vetted this article so I don’t know if it works. But our official guide recommends a slightly different .htaccess snippet:

And the Really Simple SSL plugin is very nice.


I hate really simple ssl it causes my site crash.
This problem may only be for me but I do not recommend it.

And do note to put the htaccess file/code files in code blocks so that people can use it with ease :+1:


Another way will be to use InfinityFree SSL tool to install SSL cert. Then add the custom domain to CloudFlare. Last step will be to change SSL mode to full or full(strict) within CF. No .htaccess modification will be needed.

For those who find renewing SSL cert every 3 mths a hassle, get a self -signed cert from

This method will only work with custom domain.

1 Like

after I typed my url…

I prefer this method.

1 Like

No issue for me. Most likely your ISP or network…

SSL is valid for 10 yrs.



1 Like

Did you test this? The control panel should not accept self signed certificates.

1 Like

Yes, it worked.
Installed successfully.