Take a look at the URL your browser displays when you access the Permalinks page in the admin panel. If that URL includes https://, WordPress will automatically use https:// for all URLs. You need to access the page without https:// for this to change. The setting under General > Settings is the only place where you can change the URLs for all your visitors.
Keep in mind that without an SSL certificate, you could make your visitors feel uneasy about their data, and you’ll also face disadvantages in search engine rankings compared to other websites that prioritize sites secured with SSL. I would recommend using an SSL certificate. If your hosting provider no longer offers this for free, you can always switch providers.
Moderator
Yui
(@fierevere)
永子
Its advised to do full search and replace in the database
https://yourhost
to
http://yourhost
You can use plugin like this one https://ww.wp.xz.cn/plugins/better-search-replace/
Make sure to backup database dump before you proceed.
However, you often can use free SSL certificates, like LetsEncrypt, most shared hosts are supporting it. For VPS/dedicated you can install scripts that will install and update certificates, like certbot or acme.sh
PS: If you have used HSTS headers, then your visitors are bound to forcibly use https:// , cant switch back unless everyone will do “Forget about this site” in their browser. So you have to obtain SSL certificate and install it somehow, WordPress permalinks is not a major issue in that case.
-
This reply was modified 1 month ago by
Yui.
@fierevere search-replace handles the body content URLs. The specific symptom you describe (General set to http, Permalinks page showing https) usually means there’s a WP_HOME and/or WP_SITEURL constant hard-coded in wp-config.php. Those constants take precedence over the database and over Settings > General. The Permalinks page renders URLs through home_url(), which honors those constants, so the two screens end up disagreeing.
Open wp-config.php and look for:
define('WP_HOME', 'https://...'); define('WP_SITEURL', 'https://...');
If they’re there, swap them to http or delete the lines so General becomes the source of truth again.
Worth checking before you flip back: if anything ever sent an HSTS header on the https response (most free-SSL setups turn this on), browsers that already loaded the site on https will refuse to load it over http for as long as max-age lasts. No way to clear that remotely. You’d have to keep the https response alive long enough to serve max-age=0, wait for browsers to re-cache, then switch.
If this is mainly about avoiding the renewal fee, LetsEncrypt via your host (cPanel/Plesk one-click on most shared hosts) or Cloudflare’s free tier in front of the site usually solves it without the rest.
Moderator
Yui
(@fierevere)
永子
When you create posts. URLs are saved by address you use to access site (editor), it is always recommended to run search-replace to make URLs and image links consistant, despite settings one may use in wp-config.php (btw its fully optional to define WP_SITEURL in wp-config.php and its not the default, default is wp_option.siteurl )
