No setup required - simply activate to force HTTP URLs to HTTPS using native WordPress filters and permanent redirects for best SEO.

Rogier Lankhorst

Mark

Hessel de Jong

Jan-Willem

Wim Braam

Marcel Santing

vicocotea

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.

Steve85b

SSL Mixed Content Fix

A fix for mixed content! This Plugin creates protocol relative urls by removing http + https from links. Works in Front- and Backend!

Tips and Tricks HQ

Easy HTTPS Redirection (SSL)

The plugin allows an automatic redirection to the "HTTPS" version/URL of the site. Make your site SSL compatible easily.

Alex Lion (阿力獅)

Andrea Ferro

Rimas

Augusto Bombana

Headers Security Advanced & HSTS WP

Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP/HTTPS.

webaware

SSL Insecure Content Fixer

Clean up WordPress website HTTPS insecure content

Fact Maven

Ethan O'Sullivan

Remove HTTP: Fix Mixed Content Warning

Fixes all mixed content warnings. Removes both HTTP and HTTPS protocols from all links from the front-end and back-end.

Sentinel Headers Unlimited Extension

JS Morisset

A simple, safe, and reliable way to force HTTP URLs to HTTPS dynamically:
No setup required – simply activate the plugin to force HTTP URLs to HTTPS.
There are no plugin settings to adjust, and no changes are made to your WordPress configuration.
SIGNIFICANTLY FASTER than other popular plugins of this type:
Other well known plugins use <a href="https://secure.php.net/manual/en/function.ob-start.php" rel="nofollow ugc">PHP’s output buffer</a> to search & replace URLs in the rendered HTML, which is a technique that is error prone and negatively affects caching performance (as changes are not cached).
This plugin uses standard WordPress filters instead of PHP’s output buffer for maximum reliability, performance, caching compatibility, and uses 301 permanent redirects for best SEO results (<a href="https://en.wikipedia.org/wiki/HTTP_301" rel="nofollow ugc">301 redirects are considered best for SEO when moving from HTTP to HTTPS</a>).
Supports advanced proxy / load-balancing HTTP headers:
<ul>
<li><code>X-Forwarded-Proto</code> (aka <code>HTTP_X_FORWARDED_PROTO</code> server value)</li>
<li><code>X-Forwarded-Ssl</code> (aka <code>HTTP_X_FORWARDED_SSL</code> server value)</li>
</ul>
See <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto" rel="nofollow ugc">Web technology for developers > HTTP > HTTP headers > X-Forwarded-Proto</a> for more details.
<h4>Plugin Requirements</h4>
Your web server must already be configured with an SSL certificate and able to handle HTTPS connections. 😉

Alternatives to JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable

Top alternatives