There was a problem loading the comments.

How to Move WordPress from HTTP to HTTPS Without Breaking Links

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

Quick answer: Move WordPress to HTTPS by installing an SSL certificate, changing both addresses in Settings to https, running a serialization-safe search-replace of http to https across the database (skip the guid column), forcing HTTPS with a redirect, then clearing caches and fixing mixed content.

Moving WordPress to HTTPS is more than installing a certificate. Old http:// links stored in the database must be updated too, or you get mixed-content warnings and a padlock that never turns secure. Here is the complete, safe sequence.

1. Install the SSL certificate first

Issue and install a certificate for the domain (a free Let's Encrypt certificate is fine - see the related Plesk and cPanel guides). Confirm https://yourdomain.com loads before changing anything in WordPress.

2. Update the WordPress addresses

In Settings > General, change both WordPress Address and Site Address from http:// to https:// and save. You will be logged out and back in over HTTPS.

3. Replace old links in the database

Content, widgets, and settings still contain hardcoded http:// URLs. Do a safe search-and-replace across the database - a serialization-aware tool matters, because a plain SQL find-and-replace can corrupt serialized data. The WP-CLI command is the cleanest:

wp search-replace 'http://yourdomain.com' 'https://yourdomain.com' --skip-columns=guid

Skipping the guid column is deliberate - those values should not change. If you prefer a plugin, a reputable search-and-replace plugin does the same job. Back up the database first.

4. Force HTTPS for every visitor

Add a redirect so anyone arriving on HTTP is sent to HTTPS. On Apache, in .htaccess:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Many control panels offer this as a one-click "force HTTPS" toggle, which is simpler and avoids editing files.

5. Clear caches and fix any stragglers

Purge your caching layer and reload the site. If the padlock still shows "not fully secure", the browser console lists which assets are loading over HTTP - update those hardcoded links in your theme or page builder to https://.

Frequently asked questions

Why do links break if I only change the settings?
Content and settings contain hardcoded http URLs; a database search-replace updates them safely.

Why skip the guid column?
The guid should not change, as it is an internal identifier, not a live link.

On SoftSys managed WordPress hosting, free SSL, the HTTPS redirect, and the database URL update are handled as part of setup, so your move to HTTPS is clean and complete.


Share via
Did you find this article useful?  

Related Articles

Tags

© Softsys Hosting