WordPress HTTPS (SSL) 


  • Supports Shared and Private SSL.
  • Helps reduce or completely fix partially encrypted / mixed content errors.
  • Force SSL on a per-page basis.
  • Force SSL in admin panel.


  • Upload the wordpress-https folder to the /wp-content/plugins/ directory.
  • Activate the plugin through the 'Plugins' menu in WordPress.


To only make certain pages secure: In the Publish box on the add/edit post screen, a checkbox for 'Force SSL' has been added to make this process easy.

Getting 404 errors on all my pages: If you're using a public/shared SSL, try disabling your custom permalink structure. Some public/shared SSL's have issues with WordPress' permalinks because of the way they are configured.

How to fix partially encrypted/mixed content errors: To identify what is causing your page(s) to be insecure, please follow the instructions below.

  • Download Google Chrome.
  • Open the page you're having trouble with in Google Chrome.
  • Open the Developer Tools. How to access the Developer Tools.
  • Click on the Console tab.

For each item that is making your page partially encrypted, you should see an entry in the console similar to "The page at https://www.example.com/ displayed insecure content from http://www.example.com/." Note that the URL that is loading insecure content is HTTP and not HTTPS.

If you see any external elements (not hosted no your server) that are loading over HTTP, try enabling the 'External HTTPS Elements' option in the WordPress HTTPS settings.

Any other insecure content warnings can generally be resolved by changing absolute references to elements, or removing the insecure elements from the page completely. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix.

  • Elements loaded via JavaScript that are hard-coded to HTTP. Usually this can be fixed by altering the JavaScript calling these elements.
  • External elements that cannot be delivered over HTTPS. These elements will have to be removed from the page, or hosted locally so that they can be loaded over HTTPS.
  • YouTube videos – YouTube does not allow videos to be streamed over HTTPS. YouTube videos will have to be removed from secure pages.
  • Google Maps – Loading Google maps over HTTPS requires a Google Maps API Premiere account. (source)