Title: Update HTTPS for WordPress Last modified: February 5, 2017 --- # Update HTTPS for WordPress * [Peter Bishop](https://wordpress.org/support/users/peterbbshp/) * (@peterbbshp) * [9 years, 2 months ago](https://wordpress.org/support/topic/update-https-for-wordpress/) * The warning message for sites that have not enabled SSL points to the [HTTPS for WordPress](https://make.wordpress.org/support/user-manual/web-publishing/https-for-wordpress/) documentation page. * This page does not link to the [Administration Over SSL](https://codex.wordpress.org/Administration_Over_SSL) documentation page. It really should. * In addition, I suggest that the HTTPS for WordPress page should tell people to set the constant FORCE_SSL_ADDMIN to true in the wp-config.php file. * When I was using GoDaddy, they did a great job of installing my SSL certificate, but I had to dig beyond the HTTPS for WordPress page to find out about this. Viewing 6 replies - 1 through 6 (of 6 total) * [Arvind Singh](https://wordpress.org/support/users/arvindsinghu/) * (@arvindsinghu) * [9 years, 2 months ago](https://wordpress.org/support/topic/update-https-for-wordpress/#post-8735056) * Ok we will see your case and forward to the concern department 🙂 thank for your feed back 🙂 * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [9 years, 2 months ago](https://wordpress.org/support/topic/update-https-for-wordpress/#post-8736638) * > Ok we will see your case and forward to the concern department 🙂 thank for > your feed back 🙂 * I don’t know what that means but it sounds cheerful. 😉 * > This page does not link to the Administration Over SSL documentation page. > It really should. * What page and what warning message are you seeing? * Thread Starter [Peter Bishop](https://wordpress.org/support/users/peterbbshp/) * (@peterbbshp) * [9 years, 2 months ago](https://wordpress.org/support/topic/update-https-for-wordpress/#post-8740351) * Just as the WordPress admin functions make it appear to the naive WordPress user that they do not need to edit any of the files on their server, so GoDaddy has a similar goal. GoDaddy has an automated script for installing WordPress on a GoDaddy hosted site that enables HTTP and HTTPS for all pages. They charge extra for an SSL certificate, however. Once you buy an SSL certificate for your domain, however, they install it for you, so I did not need any of the instructions on the HTTPS for WordPress documentation page. * My problem was that after the SSL certificate was installed on my GoDaddy website, WordPress did not automatically force use of SSL when logging in or when performing admin functions. Thus, since GoDaddy installs WordPress using the not recommended technique of enabling all pages for both HTTP and HTTPS, it was still possible to access wp-login.php via HTTP. * I did not quite realize that, if I simply used wp-login.php via HTTPS, which was now possible, that most of my problem would be solved. Now that I have set FORCE_SSL_ADMIN, however, when I try to use wp-login.php over HTTP, it immediately switches to HTTPS. * Thus, presumably the problem with the documentation in the HTTPS for WordPress page is that it assumed that you had already set Apache to require use of wp- login.php over HTTPS and not HTTP. I am beginning to realize that the FORCE_SSL_ADMIN flag in the wp-config.php file was designed to significantly reduce the damage if all pages were enabled for both HTTP and HTTPS. It is possible that if this flag is set, then it is perfectly fine to make all pages accessible to both HTTP and HTTPS. * The change I am proposing is a change to the documentation for the HTTPS for WordPress page so it at least links to the Administration over SSL page. * In my mind, the goal of minimizing the need for WordPress site admins to edit any of the files on the server is a good goal. Although I, at one time, did quite a bit of editing Apache config files, it has been many years since I did this. I remember it being a rather error-prone task, not unlike the error-prone tasks throughout much of a programmer’s life. It was vastly easier than programming in assembly language, however, which was how I was introduced to the programming profession. * An additional suggestion I have for WordPress documentation is to clearly identify which files on the server need to be edited and which ones will be “taken care of” by the WordPress DashBoard. Once I know which files may need to be edited, I can start thinking about which languages I need to learn, although it is pretty obvious that php and CSS are both needed. If I can find templates and add-ins that do what I need, however, I may not need to program in either php or CSS. I think the WordPress project should be commended for how well the goal of editing all files through the Dashboard has been met. If this goal is to be abandoned when installing SSL certificates, then at least link to the page that explicitly says how to edit the file that needs to be edited to make the SSL certificate do what almost everyone wants it to do. * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [9 years, 2 months ago](https://wordpress.org/support/topic/update-https-for-wordpress/#post-8741522) * Moving to Fixing WordPress. * > My problem was that after the SSL certificate was installed on my GoDaddy website, > WordPress did not automatically force use of SSL when logging in or when performing > admin functions * If WordPress successfully recognizes that your site URL and WordPress address is HTTPS then it does sort it out. If not (and that can happen for many reasons) then you’ll need to modify your database settings to ensure that the URLs are all correctly HTTPS just as you would when you move to a new server. * [https://codex.wordpress.org/Moving_WordPress](https://codex.wordpress.org/Moving_WordPress) * Thread Starter [Peter Bishop](https://wordpress.org/support/users/peterbbshp/) * (@peterbbshp) * [9 years, 2 months ago](https://wordpress.org/support/topic/update-https-for-wordpress/#post-8744270) * I solved my problem by setting FORCE_SSL_ADMIN to true in the wp-config.php file. The documentation page [Administration over SSL](https://codex.wordpress.org/Administration_Over_SSL) explains the need for and how to set this variable. * The only thing I am suggesting is to add a link from the [HTTPS for WordPress](https://make.wordpress.org/support/user-manual/web-publishing/https-for-wordpress/) documentation page to the Administration over SSL documentation page. * [Olsi Ferazini](https://wordpress.org/support/users/olsiferazini/) * (@olsiferazini) * [9 years, 2 months ago](https://wordpress.org/support/topic/update-https-for-wordpress/#post-8793631) * The fastest way and the easiest is below define(‘WP_DEBUG’, false); on wp-config. php you can add these two lines: define(‘WP_HOME’,’[https://yoursite.com’](https://yoursite.com’);); define(‘WP_SITEURL’,’[https://yoursite.com’](https://yoursite.com’);); Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Update HTTPS for WordPress’ is closed to new replies. ## Tags * [FORCE_SSL_ADMIN](https://wordpress.org/support/topic-tag/force_ssl_admin/) * [SSL](https://wordpress.org/support/topic-tag/ssl/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 4 participants * Last reply from: [Olsi Ferazini](https://wordpress.org/support/users/olsiferazini/) * Last activity: [9 years, 2 months ago](https://wordpress.org/support/topic/update-https-for-wordpress/#post-8793631) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics