WordPress Issue

WordPress HTTPS not enforced

The homepage resolved over HTTP, indicating transport security is not consistently enforced.

Quick win: Force HTTP-to-HTTPS redirects at the edge or web server layer.

Run free scan Create account View Pro pricing All issue guides

Plan coverage for this workflow

Free includes SEO checks, crawl health, and WordPress security posture visibility. Pro unlocks full WordPress vulnerability intelligence, weekly vulnerability monitoring, and project-level security history.

Run free scan Compare Free vs Pro

Why it matters

Without enforced HTTPS, users and crawlers can hit insecure variants, increasing interception risk and weakening canonical trust signals.

How to fix

Force HTTP-to-HTTPS redirects at the edge or web server layer.
Set canonical WordPress site and home URLs to HTTPS.
After enforcing HTTPS, add strict-transport-security and update mixed-content references.

Related issue guides

Next best step

After transport is enforced, complete security headers so browser behavior is consistently hardened.

Close homepage header hardening gaps

Next step: run a fresh scan for current issue counts, then triage fixes in order. You can also browse by category in SEO checks and WordPress checks.