Make Magento HTTPS

Once the SSL certificate is activated on the server do the following.

In the Backend of Magento:

  • System | Web | Unsecure | Base URL | change to
  • System | Web | Secure | Base URL | change to

(obviously change to your domain name)

And here are the .htaccess tweaks:

Add this code:

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Below this line:

RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

So that you get this:

RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Also so that you get proper redirection of the non www versions to the https://www. versions of the pages (rather than just to the homepage) add this code to the top of the .htaccess file:

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

This is the basic setup, there are many complications, if you have any questions please ask and I’ll try and help.

If for whatever reason the above doesn’t work and your site is inaccessible, undo the .htaccess modifications – and to undo the backend modification go into your databse via PHPmyadmin and change the https entries to http in the correct table: core_config_data

Fishpig / Wordpress / Subdomain Modifications

Further, if you are using the FishPig wordpress plugin for your blog in magento, you’ll need to do some more mods – this is assuming that you are using the blog on a subdomain which will need it’s own SSL certificate:

  • Firstly backup you wordpress database.
  • In the backend of Worpdress install the Search & Replace plugin and use it to automatically change all: to
  • Change the WordPress Address (URL) & Site Address (URL) to the https versions by adding the following lines to your wp-config.php file:

define(‘WP_SITEURL’, ‘’);

The reason I do it in here is that it is easy to undo if you need to… obviously change to your domain name, and blog to whatever your blog subdomain / directory is.

  • In the wordpress .htaccess file add the following (this will force the https – if you don’t uses this I have seen intermittant issues with images not showing):

RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Emptying Magento Related / Up-Sell / Cross-Sell Products

Next Post

Introducing our SEO, Support & Maintenance Packages

Related Posts