A simple snippet to force SSL for your whole site

You can make your site much more secure by taking this simple step

Once you’ve made the (very wise) decision to run your whole WordPress site over SSL, you can likely still access any page over the unsecure HTTP rather than the secure HTTPS that you’re trying to use.

The issue is that even after you’ve changed your site address to HTTPS in Settings > General and you’ve replaced every instance of “http://www.mysite.com” on your site with “https://www.mysite.com” using the excellent WP Migrate DB Pro, your site is still very much accessible over HTTP. All you’ve done is replace every instance of HTTP with HTTPS on your site.

So, if you want to force pages to load over HTTPS, you need to add a little snippet so that even if someone tries to access your site over HTTP, they will be redirected to the HTTPS version of the page they’re trying to reach.

This is especially useful for particularly sensitive sites like e-commerce sites, membership sites or any site where sensitive data is being transmitted back and forth, but is generally a good idea to try and implement anyway, regardless of what type of site you have, given the benefits of HTTPS.

So, all you need to do is add this simple snippet to your functionality plugin:

Now try and access any page on your site over HTTP and you’ll see that you’re redirected to its HTTPS equivalent. Instant security upgrade.

2 thoughts on “A simple snippet to force SSL for your whole site”

  1. Malou says:

    Great tip! I’m gonna have a look at the plugin. I’m already forcing it by the .htaccess but maybe this will solve some issues i have

  2. Adarsh Mehta says:

    Hey Dave, thanks for this article! I purchased a SSL certificate for cheap and tried to implement it. It worked but if the user purposely went to http:// website, it did not redirect to https:// and there was no green lock icon. :'(
    Fortunately, you have now fixed my problem. :)

Leave a Reply