Title: Force HTTPS Last modified: September 15, 2020 --- # Force HTTPS * Resolved [bclaim](https://wordpress.org/support/users/bclaim/) * (@bclaim) * [5 years, 8 months ago](https://wordpress.org/support/topic/force-https-14/) * Hi, * I was wondering when you enable Force HTTPS, it says it will modify the database. What modifications does it make to the database, exactly? * I have enabled HTTPS Enforce in my Site Tools area and have HTTPS rules in my. htaccess file. If I’ve done this, do I need to enable the Force HTTPS option in the plugin too? If not, in what situation should this toggle be enabled in the plugin? * Thanks. Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [Hristo Pandjarov](https://wordpress.org/support/users/hristo-sg/) * (@hristo-sg) * SiteGround Representative * [5 years, 8 months ago](https://wordpress.org/support/topic/force-https-14/#post-13407969) * We replace all instances of your hostname through http to https. * Disable the HTTPS Enforce from Site Tools and enable it through the SG Optimizer. The tool in Site Tools is designed for apps that are not easily configurable as WordPress. * Thread Starter [bclaim](https://wordpress.org/support/users/bclaim/) * (@bclaim) * [5 years, 8 months ago](https://wordpress.org/support/topic/force-https-14/#post-13411199) * Thank you for the reply. I have disabled HTTPS Enforce in Site Tools and am using the Force HTTPS feature in the plugin now only. * We will be looking to get an app developed for the website. I assume there should be no way to get around the HTTPS protocol (meaning to bypass the Forced HTTPS) once the HTTPS rewrite code is placed in the .htaccess by SG Optimizer? I am referring to direct HTTP requests to the API endpoints (as opposed to direct HTTPS) or would the Site Tools HTTPS Enforce feature be required for API/app use (to prevent any bypass of HTTPS). * Hope this all makes sense. Thanks. * Thread Starter [bclaim](https://wordpress.org/support/users/bclaim/) * (@bclaim) * [5 years, 8 months ago](https://wordpress.org/support/topic/force-https-14/#post-13411448) * Hi again, * Just did some quick tests using Postman and it seems a HTTP connection is possible( bypassing HTTPS), unless HTTPS Enforce is enabled in Site Tools. * Plugin Author [Hristo Pandjarov](https://wordpress.org/support/users/hristo-sg/) * (@hristo-sg) * SiteGround Representative * [5 years, 8 months ago](https://wordpress.org/support/topic/force-https-14/#post-13411741) * The plugin adds rules in the .htaccess file and configures WordPress to properly work through HTTPS. Third party applications may require additional restriction. Not sure how Postman works, I’d suggest getting in touch with their support for additional info. * Thread Starter [bclaim](https://wordpress.org/support/users/bclaim/) * (@bclaim) * [5 years, 8 months ago](https://wordpress.org/support/topic/force-https-14/#post-13411948) * Okay, no problem. Here’s some extra info – this is also true when using the WordPress API through a web browser. Without the Site Tools HTTPS Enforce, it does not redirect to HTTPS (even with the redirect rules in place in the .htaccess). Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Force HTTPS’ is closed to new replies. * ![](https://ps.w.org/sg-cachepress/assets/icon-256x256.gif?rev=2971889) * [Speed Optimizer - The All-In-One Performance-Boosting Plugin](https://wordpress.org/plugins/sg-cachepress/) * [Support Threads](https://wordpress.org/support/plugin/sg-cachepress/) * [Active Topics](https://wordpress.org/support/plugin/sg-cachepress/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/sg-cachepress/unresolved/) * [Reviews](https://wordpress.org/support/plugin/sg-cachepress/reviews/) ## Tags * [HTTPS](https://wordpress.org/support/topic-tag/https/) * 5 replies * 2 participants * Last reply from: [bclaim](https://wordpress.org/support/users/bclaim/) * Last activity: [5 years, 8 months ago](https://wordpress.org/support/topic/force-https-14/#post-13411948) * Status: resolved