In this guide we’ll show you how to install the Really Simple SSL WordPress plugin. It’s often easier to use such a plugin to force a WordPress site to HTTPS than attempting a .htaccess redirect and manually fixing mixed content errors. This plugin also forces all images to display over a secure connection to negate mixed content errors – easily tested using WhyNoPadLock.com.
Note: FreeSSL users may need to edit the .htaccess file to ensure FreeSSL updates properly.
Installing the plugin
- Log into your WordPress website.
- Select Plugins from the sidebar and select Add New.
- Search “Really Simple SSL” in the search bar.
- Select Install Now to install the plugin.
- Select Activate in the same location. You can also enable it from Installed Plugins on the left.
Installing via WP-CLI
- To install and activate the plugin using WP-CLI, first SSH into the cPanel account and website directory using the correct steps for your hosting plan – Shared or VPS/Dedicated.
- Type the WP-CLI command wp plugin install really-simple-ssl –activate. To install the plugin without activating it, remove the –activate.
Note: Activating the plugin will not automatically force HTTPS. This is a later step covered below.
- To install the plugin manually, download the plugin zip file from WordPress.org.
- Upload the zip file and extract the folder to the website’s wp-content/plugins folder.
- Log into your WordPress site or use the WP-CLI command wp plugin activate really-simple-ssl to activate the plugin.
Configuring the Plugin
- Once you’re ready to force your website to HTTPS, you can activate the function from Installed Plugins or the plugin notification at the top of the screen.
Warning: Before you force any website to HTTPS, ensure you’ve installed a properly signed SSL or FreeSSL. It shouldn’t be self-signed. Otherwise, your website will display a security error.
- After pressing Go ahead, activate SSL! you’ll see a notification stating the HTTPS redirect completed.
- You can configure the settings for Really Simple SSL by selecting Settings and SSL.
Note: The Premium items on the Configuration page require a paid subscription to the plugin’s providers. They do NOT indicate an issue with the plugin or SSL.
- You can test your website’s new HTTPS redirect by opening a private browser session and navigating to your website without HTTPS – e.g. domain.com. It should automatically redirect to HTTPS.
Afterwards, you’ll want to ensure you update any URL’s written elsewhere for the website. You can recheck your redirect results at WhyNoPadLock.com. For more information on improving your WordPress site, please visit Recommended Plugins.