Redirect HTTP to HTTPS for WordPress on Windows

To redirect your WordPress website to the secure HTTPS protocol on Windows, there are several steps that need to be taken before the redirect will work properly.

Note: If your site is hosted on our Managed WordPress hosting platform you do not need to manually change these settings, the HTTPS protocol will be configured automatically.

WordPress Preparation steps

These steps should be taken before modifying any code.

  1. Log in to WordPress
  2. Select Settings from the menu and click on General.
  3. Locate the following entries in the General settings::
    • WordPress Address (URL):
    • Site Address (URL):
  4. Update both URLS to include https instead of http
  5. Save the changes

Windows Redirect Steps

If your WordPress website is hosted on Windows, it will use a web.config configuration file. Placing the web.config in the root of your site will change the behavior of your site when the file is detected and executed.

  1. Download a copy of your web.config from your hosting account.
  2. Open the file with your favorite text editor

    Note: Make sure you edit the web.config file using a plain text editor that doesn't use word wrap. Some editors (such as MS Word or Notepad with word wrap enabled) will insert invisible characters to signify a line break. Your web.config file will not work if it has these special characters in it.

  3. Make the necessary changes(see examples belowe).
  4. Save your changes.
  5. Upload the modified web.config to your hosting account.
  6. Test your work by navigating to the web site through the HTTP protocol, it should redirect to HTTPS automatically.

Example WordPress web.config Content

Your WordPress site should already have a default entry in your web.config file. it should look similar to this example:

  <?xml version="1.0" encoding="UTF-8"?>
  <configuration>
  <system.webServer>
  <rewrite>
  <rules>
  <rule name="WordPress Rule" stopProcessing="true">
  <match url=".*" />
  <conditions>
  <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
  <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
  </conditions>
  <action type="Rewrite" url="index.php" />
  </rule>
  </rules>
  </rewrite>
  </system.webServer>
  </configuration>

To ensure your hosting account will force the HTTPS protocol on all traffic to the site, you'll need to add the following to the web.config file.

<clear />
<rule name="Redirect to https" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>

You'll need to place the code snippet after the rules in the web.config file. It should look similar to the following example:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />    
    <rule name="Redirect to https" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
<rule name="WordPress Rule" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>