If you have noticed that your WordPress site is displaying both http:// and https:// in the canonical URL, this can be confusing and concerning from an SEO perspective. Duplicate content issues should be avoided and only the correct version of the web pages should be indexed. Canonical URLs serve a crucial purpose at this point. Ideally, your canonical URL should reflect only one version (http:// or https://) to maintain consistency and improve your SEO performance.
In this article, we will discuss why this happens and how to fix it so that your WordPress site follows SEO best practices.
What is a Canonical URL?
Before we explain why this happens, let’s first define what a canonical URL is. A canonical URL is a tag in the HTML <head> section of a web page. This tag helps prevent duplicate content issues when the same content is available through different URLs by telling search engines which version of the page is the primary version. For example, a page may be accessible via http://yourdomain.com and https://yourdomain.com. If you don’t have a canonical tag, search engines may consider them as two separate pages, which would split the SEO value and hurt your rankings.
The canonical tag helps aggregate all of these ranking signals and helps that page rank better in search engines because the page is consolidated around the preferred URL. Ideally, this tag should always point to https: if you’ve migrated to HTTPS for added security, especially if you have an https:// version of your website.
Why does my WordPress site include both http:// and https:// in the canonical URL?
There are several common reasons why a WordPress site may include both http:// and https:// in the canonical URL. Here are the most common causes:
1. Mixed content issues
One of the main reasons why both are visible is that http:// and https:// are considered mixed content in the canonical URL. Mixed content occurs when you load a page over HTTPS, but some of the content (like images, scripts, or links) is still loaded over HTTP.
For example, your homepage may be served over HTTPS (which is secure), but an internal link, embedded image, or external resource may still be linked to over HTTP. As a result, you end up with inconsistent canonical URLs. WordPress, not knowing which version to prioritize, may include both http:// and https:// in the canonical link.
2. Incorrect WordPress Configuration
Another common reason for the problem is incorrect settings in WordPress general settings.
In WordPress, there are two key fields that control your website URLs:
• WordPress Address (URL): This is where WordPress files are stored.
• Site Address (URL): This is how others will see your site and what your public URL is.
If these settings are not configured to use https: WordPress can generate mixed canonical URLs. For example, if your WordPress address is set to http://, but your site address is https://, WordPress can generate canonical URLs using both protocols.
3. SSL Installation Issues
If you recently installed an SSL certificate and changed your website from HTTP to HTTPS, but did not configure it correctly, this can cause both http:// and https:// to appear in the canonical tag versions of your pages. This happens because you have not configured HTTP to HTTPS redirects correctly or you are still dealing with mixed content on the website.
4. SEO plugin conflicts
Most WordPress sites use SEO plugins like Yoast SEO, Rank Math, or All in One SEO to manage their canonical URLs. If these plugins are not configured properly or if there is a conflict between multiple SEO-related plugins, they can generate canonical URLs with http:// and https://.
For example, the plugin could read your site URL as http://yourdomain.com and automatically add it to the canonical tag while the page itself is displayed via https://. In this case, it means that the protocol of the page will not match the canonical URL you have.
5. Incorrect .htaccess redirects
If you have switched from HTTP to HTTPS and have not set up the proper redirects, both versions of the site may still be available. Without 301 redirects, search engines and visitors can still access your website using HTTP:// and the canonical URL may display both versions.
How to Fix
To fix the issue of having both http:// and https:// in canonical URLs, follow these steps:
1. Force HTTPS for all pages
Make sure that all pages on your WordPress site are served over HTTPS. Luckily, simply adding a redirect in your .htaccess file or using a plugin like Really Simple SSL will do the trick. This way, all traffic will be redirected to HTTPS and the canonical URL will also be HTTPS.
Example .htaccess redirect code:
Rewrite Engine Enabled
RewriteCond %{HTTPS} Disabled
Rewrite Rule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
2. Update WordPress Settings
Count the number of characters in these two fields: WordPress Address (URL) and Site Address (URL), displayed under Settings > General in your WordPress dashboard. Make sure both are set to https://.
• WordPress Address (URL): https://yourdomain.com
• Site Address (URL): https://yourdomain.com
WordPress will use the appropriate protocol when creating URLs.
3. Fix Mixed Content Issues
Mixed content issues can be fixed with tools like SSL Insecure Content Fixer. This plugin will automatically upgrade any HTTP content to HTTPS. You can also manually check your website and make sure all your assets (images, scripts, and CSS files) are loaded over HTTPS.
4. Check SEO Plugin Settings
If you are using Yoast SEO, go to the plugin settings and make sure the correct canonical URL is generated. The canonical URL should always use the https:// version of your site.
5. Set up proper 301 redirects
If you are moving from HTTP to HTTPS, make sure to set up 301 redirects from the old http:// redirect pages to the new https:// pages. This tells search engines that the page has been moved permanently and that the HTTP version is still valuable for SEO (Search Engine Optimization).
Final Thoughts
Ensuring that your WordPress site uses only one protocol (HTTPS) in the canonical URL is critical for SEO and website performance. Your search engine rankings can suffer because of duplicate content issues which may occur when your website displays mixed content or when settings are incorrect or redirects are misconfigured. The resolution of this issue and proper implementation of SEO best practices becomes possible when you understand these common causes and follow these steps. Your website should always follow HTTPS because it serves both security needs and user experience requirements.
