WordPress and HTTPS usually work smoothly — but when they don’t, the errors can be confusing. This guide covers every common WordPress SSL problem and how to fix it.
For initial SSL setup, see our WordPress SSL installation guide.
ERR_TOO_MANY_REDIRECTS (redirect loop)
The #1 WordPress SSL problem. Your browser shows “This page isn’t working — redirected you too many times.”
Cause 1: Behind a proxy (Cloudflare, load balancer)
The proxy terminates SSL and forwards HTTP to WordPress. WordPress sees HTTP, redirects to HTTPS. The proxy forwards HTTP again. Infinite loop.
Fix — add to wp-config.php (before /* That's all, stop editing! */):
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}If using Cloudflare: Also set SSL mode to “Full” or “Full (Strict)” — never “Flexible.”
Cause 2: Conflicting redirects
Your .htaccess redirects to HTTPS, AND a WordPress plugin (like Really Simple SSL) also redirects, AND your server config also redirects. Triple redirect = loop.
Fix: Keep only ONE redirect source. Recommended: .htaccess redirect, disable plugin redirects.
Cause 3: WordPress URLs mismatch
Settings → General shows http:// but your server forces HTTPS.
Fix — update via wp-config.php:
define('WP_HOME', 'https://yourdomain.com');
define('WP_SITEURL', 'https://yourdomain.com');Mixed content warnings (padlock broken/missing)
HTTPS is working but the padlock icon shows a warning, or some resources don’t load.
Cause: Your pages reference images, scripts, or CSS with http:// URLs — usually stored in the database from before the migration.
Quick fix: Really Simple SSL plugin
Install and activate Really Simple SSL — it dynamically rewrites http:// URLs and adds the upgrade-insecure-requests CSP header.
Permanent fix: Database search-replace
# WP-CLI (recommended)
wp search-replace 'http://yourdomain.com' 'https://yourdomain.com' --all-tables --precise
# Dry run first to see what changes
wp search-replace 'http://yourdomain.com' 'https://yourdomain.com' --all-tables --dry-runOr use the Better Search Replace plugin for a GUI approach.
Also check:
- Theme files (
header.php,footer.php) for hardcodedhttp://URLs - Widget content (text widgets, custom HTML)
- Custom CSS in the Customizer
- Plugin settings (social share images, logo URLs)
White screen / 500 error after enabling HTTPS
Cause 1: .htaccess conflict
The HTTPS redirect rule conflicts with WordPress’s permalink rules.
Fix: Reset .htaccess:
# Rename the current one
mv .htaccess .htaccess.backup
# WordPress regenerates it
# Go to Settings → Permalinks → Save (no changes needed)Then re-add just the HTTPS redirect at the top:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Cause 2: Plugin conflict
A security or caching plugin may conflict with the HTTPS change.
Fix: Disable all plugins via FTP:
# Rename the plugins directory
mv wp-content/plugins wp-content/plugins.bakIf the site works, rename it back and enable plugins one by one to find the conflict.
Can’t log in to wp-admin after HTTPS
Cause: Cookie domain mismatch
Old cookies set for http:// don’t work on https://.
Fix:
// Add to wp-config.php
define('FORCE_SSL_ADMIN', true);
define('COOKIE_DOMAIN', 'yourdomain.com');Then clear your browser cookies for the domain, or try an incognito window.
SSL certificate installed but WordPress still shows HTTP
Cause: WordPress doesn’t know about HTTPS
The certificate is on the server, but WordPress’s URL settings still say http://.
Fix: Update both URLs:
- If you can access wp-admin: Settings → General → change both URLs to
https:// - If you can’t access wp-admin: Add to
wp-config.php:define('WP_HOME', 'https://yourdomain.com'); define('WP_SITEURL', 'https://yourdomain.com'); - If wp-config.php doesn’t work: Update the database directly:
UPDATE wp_options SET option_value = 'https://yourdomain.com' WHERE option_name IN ('siteurl', 'home');
Elementor / page builder shows broken layout on HTTPS
Page builders store absolute URLs in post meta. After migrating to HTTPS, run:
wp search-replace 'http://yourdomain.com' 'https://yourdomain.com' --all-tablesFor Elementor specifically, also go to Elementor → Tools → Replace URL and update from http:// to https://.
WooCommerce checkout not working on HTTPS
Cause 1: Mixed content blocking payment scripts
Stripe, PayPal, and other payment gateways require HTTPS and refuse to load over mixed content.
Fix: Run the database search-replace (above) and check for http:// references in WooCommerce → Settings → Payments.
Cause 2: Force SSL checkout setting
WooCommerce has a “Force secure checkout” option that can conflict with site-wide HTTPS.
Fix: If your entire site is HTTPS, you don’t need this option. Uncheck it at WooCommerce → Settings → Advanced → Page setup.
Frequently asked questions
Do I need Really Simple SSL plugin?
It makes the HTTP→HTTPS transition easier (especially mixed content), but it’s not required. If you run the database search-replace and set up a redirect in .htaccess, you don’t need the plugin. The plugin adds a small overhead on every page load because it dynamically rewrites URLs.
Should I change WordPress URLs before or after installing the certificate?
After. Install the certificate and verify HTTPS works first. Then update WordPress URLs. If you update URLs before the certificate is ready, WordPress tries to serve HTTPS but can’t — and you may lock yourself out.
My caching plugin serves the old HTTP version
Clear all caches after the migration:
- WP Super Cache / W3 Total Cache / LiteSpeed Cache: Clear cache from the plugin settings
- Cloudflare: Purge Everything
- Server-side (Varnish, Nginx cache): Clear the cache or restart the service
I migrated months ago but Google still shows HTTP URLs
Submit your HTTPS sitemap in Google Search Console. Check that <link rel="canonical"> tags on all pages point to https://. Google may take weeks to reindex — 301 redirects help but aren’t instant.