Please Note

Customers with IONOS Managed WordPress packages do not need the following instructions since their website will automatically switch to HTTPS when the SSL certificate is activated.

Learn how to enable SSL encryption for every page of your website.

Once you've secured your domain with an SSL Certificate, you should make sure that SSL encryption is active all of the time and everywhere on your site. To do this, you convert your WordPress internally to the HTTPS address and ensure that visitors to the "old" HTTP address are automatically redirected to the secure HTTPS website.

Requirements

Your domain must be secured with an SSL certificate.

For your website to use HTTPS, you must have connected your domain to an SSL certificate. You can check this by visiting your domain with https:// (such as https://www.example.com instead of http://www.example.com).

Activate an SSL Certificate Now

Find out more Set Up an SSL Certificate Managed by IONOS

Customising Addresses (URLs)

To set the WordPress CMS to HTTPS, you must edit the website's address setting:

  • Log in to the admin area of your WordPress website and click Settings > General on the menu.
  • In the WordPress Address (URL) and Website Address (URL) fields, replace http with https.
  • Click Save Changes.
Please Note

Starting with WordPress 5.7, all internal links are automatically switched to HTTPS by using this URL adjustment. Older WordPress versions may require further changes as described in the section Fixing Mixed Content Warnings below.

Forcing HTTPS for All Visitors

After you have adjusted the URLs, you can use a so-called 301 Redirect to ensure that all HTTP requests are forwarded to the HTTPS website in a search engine-friendly way. This will make sure that links with the "old" HTTP address automatically lead to the HTTPS website.

To set up 301 Redirect, you must access your webspace and insert the following code into the .htaccess file in your WordPress directory:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.tld/$1 [R,L]
</IfModule> 

You can easily edit your .htaccess file through IONOS:

  • Open WebspaceExplorer, click on the clickandbuilds folder, and go to the directory of your WordPress website.
  • Click Actions > Edit File to the right of the .htaccess file.
  • Insert the above code lines at the end of the .htaccess file.

    IMPORTANT: Replace domain.tld with your domain.

  • Click Save. Forwarding is now configured and immediately active.

Fixing Mixed Content Warnings

If browsers still classify your website as insecure after the conversion and display a mixed-content warning in the browser, further action is required.

The Mixed content warning occurs when a website accessed in encrypted form (HTTPS) partially loads unencrypted content through HTTP. This can be the case, for example, with images, audio, or video files loaded from an external webspace or provider.

To learn how to identify and fix mixed content, see our help article Fixing the Mixed Content Warning on SSL-Enabled Websites.