How to troubleshoot HTTPS and SSL issues on your WordPress website

When you switch a WordPress website to SSL, unexpected problems can arise.

If you’re trying to add SSL to an existing WordPress site and are encountering errors, here’s an easy way to fix the problem.

A guide to Fixed the most common SSL and HTTPS issues see this WordPress guide.

What is an SSL certificate and why are you seeing the message that the WordPress site is not secure?

SSL/HTTPS encrypts the connection that a user’s browser has with your WordPress hosting server. This makes it harder for hackers to disrupt the connection.

SSL/HTTPS-enabled websites are given a unique digital certificate to identify them. The browser warns the user not to connect to such a website if a server pretends to use HTTPS but does not have the correct certificate.

WordPress is showing the message “Not Secure” because your website doesn’t have an SSL certificate or one that wasn’t properly configured during installation.

Adding an SSL certificate improves your website’s usability and security. Google’s “Not Secure” notice appears when something is wrong with your SSL.

Google recommends all websites to use SSL/HTTPS for increased security.

The Chrome web browser considers all sites without an SSL certificate to be insecure, which is why it displays a warning.

Customers will have a negative impression of your business when they see “Not Sure” written in the address bar.

Also, to use payment services like PayPal or Stripe, you need to make sure that SSL/HTTPS is enabled.

Here are some of the Most Common SSL/HTTPS Problems in WordPress and How to Solve Them.

Common SSL problems and how to fix them

For your convenience, we have broken down our process into separate steps. Going through this process step-by-step will take a few hours, so make note of this page!

Don’t be alarmed if the following parts seem a bit technical. If you follow the instructions carefully, you can successfully fix the WordPress website not secure warning. Before you start, create a backup of your WordPress website.

1. Install the SSL certificate to secure the connection

Installing an SSL certificate is intimidating for most people, and in the past they would have had good reason to be concerned.

Things have changed drastically since Let’s Encrypt came into being. Any website can get a free SSL certificate with Let’s Encrypt.

WP Encryption

If you are unable to set up Let’s Encrypt, you can use WP Encryption to generate a free Let’s Encrypt SSL certificate for your WordPress site and enforce SSL/HTTPS sitewide, making insecure content and mixed content issues easy be resolved.

WP Encryption redirects links from HTTP to HTTPS directly, so you don’t have to do that tedious part either.


You may get this error message in Google Chrome. These warnings may look different in other browsers, but they all signal that the connection to your site is insecure.


This error message indicates that a user’s browser did not accept the certificate presented by the website. A number of factors can lead to this:

  • The SSL certificate is associated with a different domain or subdomain.
  • A valid certificate is no longer available.
  • Your browser does not recognize the issuer of the certificate.

You can contact the WordPress hosting provider that installed your SSL certificate to fix it if you bought it and asked them to install it.

If the SSL certificate was installed manually, try installing it again, or contact SSL certificate provider support.

3. Fixing mixed content errors after switching WordPress to SSL/HTTPS

Mix content errors can occur when source files (images, scripts or stylesheets) are loaded into URLs still with insecure HTTP protocol.

In this case, the padlock icon will not appear in the website’s address bar.

Padlock SSL icon

WordPress mixed content errors can be fixed with a plugin like WP Encryption or Really Simple SSL.

However, if you have enough time and knowledge, I recommend you to fix the mixed content error manually: it is more effective and performance-enhancing.

The first step you need to do is to check if HTTPS is enabled in WordPress.

In Settings ” General you need to make sure that the WordPress address and Site address options contain HTTPS URLs.

URLs starting with HTTP should be changed to HTTPS. Make sure you click the “Save Changes” button to save your settings.

The next step is to find the old HTTP URLs in your WordPress database and replace them with the new HTTPS URLs.

Install and activate the Better Search Replace plugin to get started.

Once activated, you can go to the Better Search Replace page under Better Search Replace Tools You need to enter your website URL using HTTP in the Search field.

Then in the “Replace” field, enter the URL of your website prefixed with https.

The plugin will now update the URLs in your WordPress database.

If you are still encountering mixed content errors, you need to check your theme and plugin URLs. To isolate the resources responsible for the error, you need to use your browser’s inspection tool.

Mixed content error

Once identified, you need to manually update the URL directly in the plugin/theme files.

You can also contact the theme developer and ask for an update if you can’t find it.

4. Fixing too many redirect errors after switching to SSL/HTTPS

You can force SSL/HTTPS for the admin area by putting the following code in your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

Unfortunately, this setting alone can lead to “Too many redirects” errors in some scenarios.

If this is the case for you, you need to add the following code just before the line “That’s all, stop editing! Happy blogging.”

define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)

5. Fix WordPress HTTP to HTTPS redirect

Unless you tell WordPress, HTTP requests will not automatically be redirected to HTTPS. If you use a plugin like WP Encryption or Really Simple SSL, the redirects will be done automatically.

In any other case, you have to set up the redirects manually.

Your .htaccess file should contain the following code to enable HTTPS redirection.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

6. Update Google Search Console

It’s time to let Google know you’re using HTTPS for your WordPress site, now that you’ve installed and properly set up your SSL certificate.

Without this change, Google Search Console will continue to collect data from the HTTP version, which will receive less and less traffic over time.

To add this property, go to Google Search Console and add HTTPS as a new property.

Add HTTPS URL in Google

Then resubmit your sitemap files to Google with the new HTTPS versions.

HTTPS and SSL Issues in WordPress: Final Considerations

Getting an HTTPS URL and an SSL certificate has many positive effects on your website: better security, no more Chrome warnings, better loading times, better SEO scores, brand credibility and much more.

Even if this looks difficult to you, it is really important to implement an HTTPS URL and an SSL certificate for your WordPress website.

I hope this article helped you fix your SSL/HTTPS issues in WordPress. You may also be interested in my article on how to fix “The Link You Followed Has Expired” error in WordPress.

Previous post 7 steps to a secure WordPress website
Next post Regular WordPress vulnerabilities: Constant security threat