Common hosting task

How to enable HTTPS on WordPress

A certificate is only the first step. WordPress also needs correct URLs, redirects, mixed-content cleanup, and a final test from a fresh browser session.

Use this as a focused checklist for one common hosting task. The larger setup guides still cover full-site and full-server builds.

Difficulty
Beginner
Time
15 to 45 minutes
Images
4 official examples

1. Confirm DNS points to the right host

SSL issuance usually fails when the domain still points at the old host or a proxy is misconfigured. Confirm root and www resolve to the hosting account before requesting the certificate.

dig +short example.com
dig +short www.example.com
curl -I http://example.com
Namecheap EasyWP official WordPress image
Namecheap EasyWP: Managed WordPress products simplify the path, but DNS still has to point to the right platform.
GreenGeeks WordPress hosting feature section
GreenGeeks WordPress hosting: Plan pages usually show whether SSL is included and whether backups or cache are plan dependent.

2. Issue or activate the SSL certificate

Use the host panel first

Most shared and managed WordPress hosts provide free SSL. Activate it from the hosting panel and wait until the certificate shows as issued before forcing redirects.

Use Certbot on a self-managed VPS

If this is a VPS with Nginx or Apache, issue the certificate from the server after DNS points to the VPS.

sudo certbot --nginx -d example.com -d www.example.com
Namecheap WordPress HTTPS support page
Namecheap HTTPS for WordPress: HTTPS setup starts with the certificate but doesn't end there.

3. Update WordPress URLs and force redirects

Inside WordPress, confirm both the WordPress Address and Site Address use https. Then force HTTP traffic to HTTPS from the host panel, plugin, or server config.

Warning

don't run multiple SSL redirect plugins at the same time. Duplicate redirect rules can create loops.

Namecheap WordPress HTTPS settings steps
Namecheap HTTPS for WordPress: WordPress-level URL and mixed-content steps matter after the certificate exists.

4. Test for mixed content and broken redirects

Redirects

http://example.com and http://www.example.com both end at the intended HTTPS URL.

Mixed content

Images, scripts, CSS, fonts, and embeds load over HTTPS.

Forms

Contact, login, checkout, and newsletter forms submit without browser warnings.

Cache

Clear plugin, CDN, object, and browser cache after switching URLs.

Official sources checked

Namecheap HTTPS for WordPress

Used for WordPress URL, SSL, and mixed-content steps.

Bluehost free SSL

Used for free SSL activation context.

GreenGeeks WordPress hosting

Used for SSL and WordPress feature checklist context.

© 2026 WebHostWatch. We may earn affiliate commissions from links. Recommendations remain editorially independent.