SEOLZ

How to fix https not available on WooCommerce

Enable HTTPS by installing a valid SSL/TLS certificate and redirecting all HTTP traffic to the secure HTTPS version of your store.

Steps for WooCommerce

  1. Log in to your hosting control panel (cPanel, Plesk, or your host's dashboard).
  2. Locate the SSL/TLS section and install a free Let's Encrypt certificate for your domain — most hosts (SiteGround, Kinsta, WP Engine, Bluehost) offer a one-click Let's Encrypt install.
  3. Once the certificate is active, in your WordPress Admin go to Settings → General and change both 'WordPress Address (URL)' and 'Site Address (URL)' from http:// to https://.
  4. Install the free 'Really Simple SSL' plugin (Plugins → Add New → search 'Really Simple SSL') and activate it — it handles the 301 redirect, mixed-content fixes, and can enable HSTS.
  5. Alternatively, add redirect rules manually: in your .htaccess file (root of your WordPress install), add: RewriteEngine On / RewriteCond %{HTTPS} off / RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  6. Flush any caching plugin's cache (e.g. WP Super Cache, W3 Total Cache, WP Rocket) after making changes.
Official WooCommerce documentation ↗
<!-- Apache .htaccess — force HTTPS with a 301 redirect -->
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

<!-- Optional: add HSTS via an HTTP header in .htaccess -->
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" "expr=%{HTTPS} == 'on'"
</IfModule>

What is https not available?

HTTPS (HyperText Transfer Protocol Secure) encrypts the connection between your store and every visitor's browser, so that passwords, payment details, and personal data cannot be intercepted in transit. When a site "does not respond on HTTPS," it means your store is either serving pages only over unencrypted HTTP, or its SSL/TLS certificate is missing, expired, or invalid. The padlock icon customers expect in their browser address bar will be absent — or replaced with a security warning.

Google has used HTTPS as a ranking signal since 2014 and Chrome actively labels HTTP sites as "Not Secure," which destroys visitor trust and tanks conversion rates — shoppers who see that warning leave immediately. Without HTTPS, payment card data, login credentials, and personal information travel over the network in plain text, making your store trivially easy to eavesdrop on and putting you in violation of PCI-DSS requirements for accepting card payments. Regulators and payment processors can fine or de-platform stores that transmit cardholder data without encryption. This is classified as OWASP A02:2021 — Cryptographic Failures, one of the most critical vulnerability categories in web security.

See the complete Https not available guide for every platform and the full background.

Not sure if your WooCommerce store has this?

Run a free SEOLZ audit — we’ll find https not available and every other issue across your whole site.

Scan my site free

Fix https not available on another platform