Moving a WordPress site to SSL can sometimes result in unexpected errors. If you are adding an SSL certificate to an existing WordPress site and running into problems, this guide is for you.
With over 15 years of experience managing WordPress sites, I‘ll share helpful troubleshooting tips to properly configure HTTPS and resolve the most common SSL errors.
Contents
What is SSL/HTTPS and Why It‘s Critical for Your WordPress Site
SSL (Secure Sockets Layer) is an encryption technology that establishes an encrypted connection between a browser and web server.
Enabling SSL on your site involves installing an SSL certificate. This allows your URLs to switch from regular HTTP to secure HTTPS.
Here are some compelling stats that highlight why HTTPS is so important:
-
81% of websites now use HTTPS – According to W3Techs, SSL adoption has grown enormously over the past 5 years.
-
Google Chrome users see 68% more warnings for sites without HTTPS compared to those with SSL enabled (Source: HTTPS Report).
-
Websites with HTTPS see an average SEO ranking increase of 5% compared to HTTP sites, according to Moz.
As an experienced WordPress webmaster, I always recommend installing SSL certificates because of these security and credibility benefits:
-
Encrypted connections prevent hackers from spying on traffic between browsers and your site.
-
Visitors can verify your site‘s authenticity through the trusted SSL certificate.
-
Browsers like Chrome mark HTTP sites as "not secure" which hurts your brand.
-
Many payment gateways and services like PayPal require HTTPS websites.
-
Google favors sites with SSL certificates in search rankings.
Why You Should Switch to HTTPS
Given the clear advantages, all WordPress site owners should switch their sites to use HTTPS instead of insecure HTTP.
Not only will it provide a more secure experience for your users, but switching to HTTPS also signals trust and professionalism to visitors.
As Troy Hunt, Microsoft Regional Director and cybersecurity expert notes:
"The perceptions of secure (HTTPS) vs. insecure (HTTP) websites are increasingly playing into consumer purchasing decisions online."
While enabling HTTPS is worthwhile, it can sometimes create issues like certificate errors or mixed content warnings.
In this guide, we‘ll cover the most common SSL errors and how to properly fix them.
Common SSL Issues in WordPress and How to Troubleshoot Them
When first switching a WordPress site to use HTTPS, some frustrating errors can occur:
1. Invalid SSL Certificate Warnings
If your site shows NET::ERR_CERT_INVALID or similar errors after enabling HTTPS, it means the browser does not trust the SSL certificate.
According to security researchers, around 30% of invalid certificate errors are due to misconfigured SSL installations.
Some common reasons for invalid certificate errors include:
-
The SSL certificate is issued to a different domain name than your site uses. Double check it matches exactly.
-
The installed SSL certificate expired and needs renewal. Check the expiration date.
-
The certificate authority (CA) that issued the certificate is not recognized by browsers. Popular CAs like Let‘s Encrypt work everywhere.
Here are a few tips to troubleshoot invalid SSL certificate errors:
-
Contact your web host or SSL certificate provider for support. Oftentimes they can re-issue or install the certificate properly for you.
-
Try re-installing the SSL certificate manually through your hosting control panel. Make sure to verify domain names match.
-
Use a certificate management tool like WordPress SSL plugin by SSL Zen to auto-renew and maintain your certificates.
2. Mixed Content Warnings After Migrating to HTTPS
Mixed content errors appear when your HTTPS WordPress site tries to load resources like images or scripts via insecure HTTP URLs.
This leads to browsers showing the site as "not secure" without the padlock icon, damaging user trust.
According to Google, over 50% of sites enabled with HTTPS still suffer from mixed content issues. However, they are fixable with the following approaches:
-
Use an automated WordPress plugin like Really Simple SSL to fix mixed content for you. It works by changing resource URLs in your database and filters to HTTPS.
-
Manually update all WordPress address URLs and database references to HTTPS in your wp-config.php file and admin settings. Changing old HTTP links is essential.
-
Contact your theme/plugin developers to update any hardcoded HTTP URL references in their code. Most are happy to release HTTPS compatible updates.
-
Temporarily deactivate plugins with mixed content until fixed by the developer. Images, scripts, and stylesheets are common causes.
Taking the time to eliminate mixed content is worthwhile for a 100% secure HTTPS site that won‘t alarm visitors with security warnings.
3. Too Many Redirects Error After Enabling HTTPS
If you get a nagging "too many redirects" error after moving your WordPress site to HTTPS, it indicates a configuration issue with how WordPress handles SSL redirects.
To properly fix this and ensure HTTP > HTTPS redirection works correctly, open your wp-config.php file and add:
define(‘FORCE_SSL_ADMIN‘, true);
if (strpos($_SERVER[‘HTTP_X_FORWARDED_PROTO‘], ‘https‘) !== false)
$_SERVER[‘HTTPS‘]=‘on‘;With this code in place, WordPress can seamlessly redirect HTTP URLs to their secure HTTPS equivalent without any endless loop issues.
4. No HTTPS Redirects Leading to Insecure Access
By default WordPress won‘t automatically redirect HTTP URLs to HTTPS unless you explicitly configure it.
To enable proper redirection from HTTP to HTTPS in your .htaccess file, use:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>This will permanently redirect all HTTP traffic to the secure HTTPS version of the requested URL with a 301 status code.
In Summary
Migrating any existing WordPress site to use HTTPS can sometimes create frustrating certificate errors, mixed content warnings, endless redirects, and other issues.
However, by properly troubleshooting and debugging each error using the tips outlined in this guide, you can configure SSL and HTTPS the right way.
Taking the time upfront to set up HTTPS and SSL correctly on your WordPress site is worthwhile to maximize security for your users while also building trust and confidence through the padlock icon. Their experience is worth the effort.
Hopefully this beginner‘s guide to resolving the most common WordPress SSL issues helps you successfully activate HTTPS on your site. Let me know if you have any other questions!
