CONTACT US: 1-800-622-4403
Domains To Datacenter Since 1994

Moving your website to HTTPS (SSL)

After purchasing an SSL certificate, there are several steps you should take to properly implement the certificate on your website.
NOTE:  If, after adding your CERT and making these changes, your website displays a mixed content warning, there are troubleshooting steps listed at the end of this article.

REQUIREMENT: A dedicated IP address is required when using a digital certificate. If you're website does not already have a dedicated IP, one can be added from your customer control panel at

1. Change your internal links so they DO NOT use http or https.

This may sound counter intuitive, but makes managing your website easier.  Make sure links to pages or images within your site are referenced using the page or image name only.

Example: Instead of linking to an about page using http or -- link using ONLY the page name /about.html.

2. Add HTTPS to the WordPress Admin Area for WordPress Sites

The first place where you will get to enjoy the new safe connection is the WordPress dashboard. By securing the back end first, you make sure that whenever a user logs in, their information is exchanged securely.

To do so, open wp-config.php in your WordPress root folder and add the following line somewhere before where it says That’s all, stop editing!.

define('FORCE_SSL_ADMIN', true);

Once you have updated the file, it’s time to test if it works. For that, try to access your login page with HTTPS in the URL, for example via If everything worked correctly, you should have a secure connection now. Then continue.

3. Update the Site Address for WordPress Sites

After moving the WordPress backend over to HTTPS, it’s time to do the same for the remainder of your site. You can do that by updating your site address under Settings > General.

Add https:// to the beginning of both the WordPress address and site address. Then update your settings by saving.

Be aware that you might need to log in again afterward.

4. Implement 301 Redirects in .htaccess (Linux) or web.config (Windows)

The next step in moving your site to HTTPS is setting up a redirect that sends visitors automatically over to the secure version. For that, we will use .htaccess or web.config. This is the name of an important system file on your server (usually in the WordPress root directory if using WordPress).

It usually contains settings for using pretty permalinks, so your installation probably already has one. To find it, make sure to allow your FTP client to show hidden files because .htaccess is invisible by default. If you don’t have one, just create a plain text file, rename it to .htaccess or web.config and upload it to the WordPress root directory.

After that, add the following lines to .htaccess

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Or if on Windows, in web.config

<rule name="redirect to https" stopProcessing="true">
  <match url="(.*)" />
    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />

HTTPS Troubleshooting Tips

Unfortunately, moving your site to HTTPS is not all sunshine and rainbows. Some stuff might come up that needs dealing with.

Mixed Content Warnings

The most common problems that arise after you move your website to HTTPS are mixed content warnings. This happens when the browser finds non-secure links on an otherwise secure page. This is usually a matter of updating links to jquery libraries, custom fonts or similar to their HTTPS version.

You should usually take care of this while scanning your site before publishing it. However, if you find a warning like this, make sure to check what is causing it.

Aside from the aforementioned tools, you can also use Why No Padlock? for single pages. Then, correct whatever is the issue.

Check Your Website for Chrome Distrust

Upcoming releases of Google Chrome in March and September 2018 will no longer trust certain Symantec, Thawte, GeoTrust, and RapidSSL SSL/TLS certificates. Chrome users will see "Not secure" in the address bar when connecting to websites using a distrusted certificate.

Use this SSL Certificate Checker to test your Symantec, Thawte, GeoTrust, and RapidSSL certificates only.

Technical Assistance from InfoQuest

If you require additional assistance or have questions, please contact our support team.

Buy SSL Certificates starting at $39

Buy Hosted Exchange - money back guarantee

Buy WordPress Hosting - money back guarantree

Buy Windows VPS Hosting - money back guarantree

Feedback and Knowledge Base