How to Enable https on WordPress with WooCommerce

Do you want to make your website all SSL?  This is a quick how to on settings you need to on WordPress to make sure your WooCommerce website is SSL 100% of the time.  By default WooCommerce only uses SSL when you go to check out.  But what if you wanted SSL all the time?

First, you’ll need an SSL certificate.  That is outside the scope of this blog, so I’m going to assume you already have your SSL certificate installed and working okay.

Update the Address and Site Address in your settings.

Settings > General  and update WordPress Address and Site Address both have https in the url.

On this clients website I was getting an error where WP wouldn’t allow me to change those  two addresses.  An alternative method to perform the update and my personal preference is using the wp-cli utility.

I used a command like the following:

wp search-replace http://example.com https://example.com --all-tables

Let me explain why I prefer using the wp-cli.  If  you’re new to WP, the one thing you may not be aware is that the URLs are stored in the database.  So even if you’ve updated the settings to have a new URL or adding https, it’s still all over your database.

So by running the wp search-replace on command like you not only update the site settings but you update ALL the URLs throughout your blog.

So, before going to the next step, make sure everything works properly, otherwise you’ll have a bigger issue.

Double check the db replacement updated the WP and Site URLs, go to  Settings > General  and make sure WordPress Address  and Site Address both have https in the url.

Update WooCommerce settings

Next if you’re running WooCommerce, go to

WooCommerce > Settings > Checkout and make sure Force HTTP when leaving the checkout is unchecked.  This is normally on and will cause the website to be forced back to http when not in the shopping cart. 

Now test this change, go to the homepage of your website and change the url to https://example.com, and make sure it doesn’t automatically put you back to http://example.com

Last step is going to be

Add redirect to htaccess for incoming urls

Next is to cover things for SEO and external links.  Anyone who links to your website is probably linking to http://example.com, but you really what people to land on the SSL homepage, samething with images.  Any external images that are http will be forced to https.

Add this redirect to your .htaccess file on your website.  You’ll want to place this before the WordPress rules.

# BEGIN SSL Redirect
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301,NC]
# END SSL Redirect

And if you’re running all these behind an Cache or Varnish these settings will need to be different.  I’ll give an example of how this is done in a future posting.