Last updated on March 26th, 2018 at 07:07 am
After the SSL certificate installation and forcing HTTPS in the .htaccess file of the WordPress site, you will need to also change the URL structure of your site. So that it explicitly loads every single link via HTTPS.
Change WordPress siteurl and home url from wp-admin
You can use the following steps to change your URLs.
Go to WP Dashboard -> Settings -> General and modify your WordPress Address (URL) and Site Address (URL) fields.
Basically, you just need to add an s after http so that both home url and siteurl have https instead of just http:
Now click on the Save Changes button.
If you haven’t added the mod_rewrite rule for forcing HTTPS for the site, then please do so. Just follow the steps from the article called Manually Force HTTPS from the .htaccess file of WordPress.
You can now refresh one of your pages to see the change to HTTPS. Don’t worry if your browser shows a notification about insecure content such as Connection is Not Secure for Chrome and Firefox. This means that some of the links in your site’s source code are still loading via HTTP. We should change these links to HTTPS.
This is done automatically with the help of some plugins such as the Really Simple SSL plugin. But if the plugin doesn’t work for you for some reason, you have other options too. Simply download a plugin for Search/Replace such as Search & Replace Plugin or Better Search Replace.
Fix Insecure content with Better Search Replace Plugin
If the insecure links are internal ones, you can go with the steps as shown in the screenshot.
Furthermore, if you use any external links on your website (such as affiliate links, etc.) that go through HTTP instead of HTTPS follow the same steps. You will need to change just the domain name.
Fix Insecure content with Insecure Content Fixer Plugin
- Firstly, install Insecure Content Fixer and open SSL Insecure Content settings.
- By default the Simple option is selected. Once you click on the Save changes button, the insecure content should be fixed automatically.
- If you continue to see the notification, then you should try with the other options such as Content, Widgets, Capture or Capture All until you get it fixed.
Fix Insecure content with a MySQL replace command from cPanel -> phpMyAdmin
In order to replace every instance of HTTP with HTTPS in every WordPress post, use the following MySQL command:
update wp_posts set post_content = replace(post_content, 'http://www.yoursite.com', 'https://www.yoursite.com');
