Be sure to begin by enabling HTTPS on your domain. If, after completing those steps, you are not seeing the green lock / green bar when visiting your WordPress site, then there may be additional resources that are explicitly linking using http:// in their URL.

With a purely HTML based website, you’d need to check every single file and adjust each resource to ensure it’s being loaded via HTTPS (e.g.: https://websavers.ca/image.png) or a relative URL (e.g.: /image.png), or even a protocol agnostic URL (e.g.: //websavers.ca/image.png). With WordPress there are many files that your theme loads for you, such as jQuery dependencies or stylesheets. When you changed the Site Address in step 2 above, it should have changed the URL to https throughout your site, however some themes and plugins ignore that setting and instead have hard-coded URLs (when they definitely should not).

Below are three methods of enabling secure resource URLs. If there are too many resources across too many pages, the automatic method is best. If it’s just a header and footer image (or something similar) then we recommend the manual option.

Switch to HTTPS via Find/Replace

This is the optimal method, as it means you’re setting the URLs permanently to their correct values. Go to Plugins > Add New in the WordPress admin and search for “Better Search Replace” by the company DeliciousBrains. Install it, and then follow their documentation to run it.

You will be using this utility to find and replace all instances of your non-HTTPS URL with the HTTPS URL by telling it to replace this (for example):

http://yourdomain.com

with this:

https://yourdomain.com

If you normally use www in your domain (like www.yourdomain.com) then be sure to use it in both the search and replace. And of course, replace yourdomain.com with your actual domain in both cases.

Switch to HTTPS by live replacing HTTP with HTTPS

This is the simplest way to fix this as you don’t have to change anything in the database. This method uses a plugin that will automatically detect http:// URLs on every request and dynamically change them to https:// automatically while the page is generated. Here’s a couple plugins that do this:

  1. SSL Insecure Content Fixer
  2. Really Simple SSL

Install and Activate the plugin. Head to settings and progressively increase the ‘level’ of  setting until you’ve got one that works. Each level handles more intensive methods of ensuring SSL is enabled. Note that using the lowest level that ensures you get a green lock in the address bar is best for performance (don’t simply max out the setting on all sites as it will mean slower page generation times when you might have been able to use a lower setting to get the same result).

You’ll know it’s working fully when you see the lock icon in your address bar. Don’t forget to disable caching while testing this, or at least clear your cache after each change, then refresh your website in the browser.

Switch to HTTPS the old fashioned way…

You could alternatively manually look through your theme settings, page builder settings, and WordPress settings for any images being loaded (like your logo, or background images) and manually adjust their URLs by swapping http for https. This is not recommended as the first option above should take care of all of these instances for you.

About Jordan Schelew

Jordan has been working with computers, security, and network systems since the 90s and is a managing partner at Websavers Inc. As a founder of the company, he's been in the web tech space for over 15 years.

Leave a Comment