How to Set Up SSL and Force HTTPS in Joomla
Maintenance · Joomla 4, 5, 6 · Updated June 1, 2026
✅ Verified on Joomla 5.4.6: the Force HTTPS setting (Global Configuration → Server) matches the live admin.
HTTPS is expected for every site today — it protects logins and is a ranking signal. Two parts: get a certificate, then make Joomla use it everywhere.
Step 1 — Install an SSL certificate
Almost every host offers free Let’s Encrypt SSL in the control panel (cPanel:
“SSL/TLS Status” → AutoSSL; Plesk: “SSL It!”). Enable it for your domain and wait for
it to issue. After that, https://yourdomain.com should load with a padlock.
Step 2 — Force HTTPS in Joomla
Once the certificate works, make Joomla redirect all traffic to HTTPS:
- Go to System → Global Configuration → Server.
- Set Force HTTPS to Entire Site.
- Save.
⚠️ Only switch this on after the certificate is working. Forcing HTTPS without a valid certificate can lock you out of the site.
Alternative — Force HTTPS via .htaccess
If you’d rather do it at the server level (or need it before Joomla loads), add a
redirect rule to .htaccess. Our
.htaccess generator produces this for you (the
“Force HTTPS” option).
Step 3 — Fix mixed-content warnings
After switching, if the padlock shows a warning, you have mixed content (assets
still loaded over http://). Update hard-coded http:// links in articles, modules
and template settings to https:// (or protocol-relative //).