Once you’ve made the (very wise) decision to run your whole WordPress site over SSL, you can likely still access any page over the unsecure HTTP rather than the secure HTTPS that you’re trying to use.
The issue is that even after you’ve changed your site address to HTTPS in Settings > General and you’ve replaced every instance of “http://www.mysite.com” on your site with “https://www.mysite.com” using the excellent WP Migrate DB Pro, your site is still very much accessible over HTTP. All you’ve done is replace every instance of HTTP with HTTPS on your site.
So, if you want to force pages to load over HTTPS, you need to add a little snippet so that even if someone tries to access your site over HTTP, they will be redirected to the HTTPS version of the page they’re trying to reach.
This is especially useful for particularly sensitive sites like e-commerce sites, membership sites or any site where sensitive data is being transmitted back and forth, but is generally a good idea to try and implement anyway, regardless of what type of site you have, given the benefits of HTTPS.
So, all you need to do is add this simple snippet to your functionality plugin:
Now try and access any page on your site over HTTP and you’ll see that you’re redirected to its HTTPS equivalent. Instant security upgrade.