How to disable HTTPS in WordPress?

In 2014, Google announced that HTTPS is a ranking signal. A user who is learning SEO and has come across the post where Google announced this might feel that every Hypertext Transfer Protocol Secure enabled website has some advantage over HTTP-only sites. Is this so? Well, most search results on the 1st 2/3 pages of search engines will feature HTTPS results. Thus, using SSL thinking that your site’s search engine ranking will boost doesn’t make sense.

If you’ve enabled Hypertext Transfer Protocol Secure for your site and want to disable it, follow the steps we’ve shared below to deactivate HTTPS on a WordPress site safely.

Letsencrypt SSL directory

HTTPS might be a ranking signal, but it may or may not be easy to implement. Shared hosting users can enable it from the cPanel. Unmanaged hosting users must install the SSL certificate by themselves. Although you can deactivate an SSL certificate with a few clicks of a button or remove the certificate by executing a single Linux command, there are some things that you should be careful of while doing so. Here are the things you should do immediately after disabling the SSL certificate:

Disable HTTPS plugin

There are plugins in the WordPress repository that can automatically redirect URLs from the HTTP version to its secure version and update the URL protocol to prevent mixed content errors. The plugins can also add a security header to the HTTP response header. If you’re using one such plugin, you should disable it.

Bulk replace URL in the database

WordPress CMS saves the post data to a table. If the Hypertext Transfer Protocol Secure has been active on your site for a long time, you must change the protocol of the internal links in the post to ensure that the post is accessible to the users when the user clicks on the URL. If your site has hundreds of posts, manually changing the URL protocol is impossible. To quickly update the protocol, use the search and replace plugin.

The plugin has a dry run function that will show the records likely to be affected after you run the bulk replacer tool. Before using the tool, don’t forget to back up the database. Using the plugin is easy. If you have access to the database, you can use the MySQL replace function to bulk update the URL protocol in the database.

Redirect all HTTPS URLs to HTTP one

This is the most important step on this page. When you install an SSL certificate, the website traffic won’t be encrypted unless your website is accessible with the secure version of the Hypertext Transfer Protocol. The web server will listen to port 443 and efficiently handle Hypertext Transfer Protocol Secure requests. You also configure the webserver to redirect HTTP traffic to HTTPS.

When you remove the SSL certificate, you should redirect HTTPS URLs to their HTTP version to ensure that your site doesn’t lose traffic and that visitors can read your site’s content. SEO plugins add a canonical tag to the page’s HTML code between the <head></head> tags. Unless the server redirects the page from Hypertext Transfer Protocol Secure to HTTP, they won’t be able to see this tag.

What if you don’t redirect? When the user opens the HTTPS link in the browser, the browser will display an SSL-related error instead of the page. If people have linked the page to their site, they may replace your site’s link if it throws an error and the admin finds this. Like humans, search bots will encounter an error when they try to access the HTTP version of your page. As they won’t find content on the site and you don’t fix this problem, your site’s ranking will plummet in search results.

Note: You can follow the steps in any order but make sure that you don’t miss any step.

Side effects

Browsers may display the warning “this site is not secure” when you access an HTTP-only site on a browser. Users may get scared seeing this error and may close the tab or open another site. If this happens, the bounce rate of your site will reduce.

Should you make a switch

No. If you were using a paid SSL certificate and the certificate has expired, you can install Let’s encrypt Certbot on your server and let it take care of HTTPS or use Cloudflare. In our Cloudflare vs Letsencrypt article, we’ve shared the similarities/differences between the two SSL service providers. You can go through the article to find out which free Secure Sockets Layer certificate you should use.

Does SSL slow down your website? SSL reduces the latency of a website, but there are tips you can follow to improve the same. For example, if Nginx powers your site, you can use the ssl_buffer_size and enable ssl_stapling module to improve the Secure Sockets Layer performance. You can read more about these two modules here on the official Nginx website.


Pramod is the founder of wptls. He has been using WordPress for more than nine years. He builds web applications, and writes about his experiences with various WP products on this site.

Leave a Reply

Your email address will not be published. Required fields are marked *