Redirect HTTP to HTTPS for WordPress on Windows
To redirect your WordPress website to the secure HTTPS protocol on Windows, there are several steps that need to be taken before the redirect will work properly.
Note: If your site is hosted on our Managed WordPress hosting platform you do not need to manually change these settings, the HTTPS protocol will be configured automatically.
WordPress Preparation steps
These steps should be taken before modifying any code.
- Sign in to WordPress.
- From the left-side menu, select Settings and then select General.
- Find the following entries:
- WordPress Address (URL)
- Site Address (URL)
- Update both URLS to include https instead of http.
- Scroll to the bottom of the page and select Save Changes.
Windows Redirect Steps
If your WordPress website is hosted on Windows, it will use a web.config configuration file. Placing the web.config
in the root of your site will change the behavior of your site when the file is detected and executed.
- Download a copy of your
web.config
from your hosting account. - Open the file with a text editor of your choice.
Note: Make sure you edit the web.config file using a plain text editor that doesn't use word wrap. Some editors (such as MS Word or Notepad with word wrap enabled) will insert invisible characters to signify a line break. Your web.config file will not work if it has these special characters in it.
- Make the necessary changes (see examples below).
- Save your changes.
- Upload the modified
web.config
to your hosting account. - Test your work by visiting the site through the HTTP protocol. It should redirect to HTTPS automatically.
Example WordPress web.config Content
Your WordPress site should already have a default entry in your web.config
file. It should look similar to this example:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="WordPress Rule" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
To ensure your hosting account will force the HTTPS protocol on all traffic to the site, you'll need to add the following to the web.config file.
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
You'll need to place the code snippet after the rules
in the web.config
file. It should look similar to the following example:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
<rule name="WordPress Rule" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>