Remove https redirection from your WordPress website

When a website has a valid SSL certificate installed, it can be accessed via HTTPS protocol instead of HTTP. However, at times, your certificate may expire and you may not be ready to renew yet, thus may want to use the insecure HTTP protocol for a while – since using HTTPS while your site is insecure will always display a warning to your website visitors that the connection is untrusted. Of course your site may be safe, but people trust Google more!

So, here are the three steps you can use to remove the HTTPS .

Step 1. Uninstall the expired certificate.

When an SSL certificate expires, it’s important to uninstall it so that your website and email applications do not stop working. To uninstall an expired certificate:

  • Log in to the cpanel
  • Scroll down to find SSL/TLS icon which is under Security tab. Click it
  • Select Install and Manage SSL for your site (HTTPS).
  • A list of certificates and the domains protected will appear. Click Uninstall link on the certificate that you need to remove.

Step 2. Remove the https redirection in .htaccess

.htaccess is a very powerful file located in the File Manager in the cpanel. Here, we have to edit the .htaccess file so that the forced redirection for the domain to use https is removed.

  • Log in to the cpanel
  • Under File Manager, click public_html
  • Look for a file called .htaccess. If it cannot be seen, you need to enable hidden files in your cpanel. To do so, on the to right of the public_html folder, find Settings button and click it. Then click Show Hidden Files (dotfiles) and click Save . The file should now be visible.
  • Right click on the .htaccess file and select Edit. The file will open for editing on another tab.
  • Look for the following set of lines and delete them then save the file:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Step 3. Change your default wordpress settings from https:// to http://

This can be done from the wordpress dashboard. But we can still achieve the same form the cpanel via the following steps:

  • Log in to cpanel and go to phpMyAdmin which is under Databases
  • If you have more than one databases, you’ll need to ascertain which one your website uses. This can be done by checking the wp-config.php file located in public_html folder (or the root directory of your site)
  • Access the database and look for a table called options. e.g wp-options
  • In the options table, the first two rows, called site and home will have your domain name starting with https eg We need to edit these two values and remove only the s so that the URLs read

At this point your site should be okay now. It should not use https, so, it will not show untrusted connection error.

Step 4. If somehow, your site still redirects, then there must be a plugin installed in your wordpress dashboard that forces the redirection.

  • Log in to your wordpress dashboard.
  • Under plug ins, look for any plug in that has the term SSL. This is probably a plugin installed at some point that forces the site to use https://.
  • Uninstall the plug in.


Was this article helpful?

Leave A Comment?