404 pages on your WordPress site when migrating to SSL

Sometimes users have the issue that all pages get 404 errors when Really Simple SSL is activated. The cause is different from user to user and from server to server.

Re-save the permalinks

Even though Really Simple SSL flushes the internal rewrite rules, it sometimes helps to do this again. You can find the permalinks in settings/permalinks. Re-saving makes sure the WordPress rewrite rules get flushed.

Photon from JetPack

Photon uses a CDN service to speed up loading for your images. When these image paths are changed, this might lead to issues. If you see the image paths are changed into wp1.com etc, try deactivating Photon.

.htaccess files in subdirectories

If you have .htaccess files in your media directories, remove them, or adapt them to the https domain.

Other redirecting plugins

Check also if you have a multilanguage plugin, security, caching, or redirect plugins active. These especially multilanguage plugins often have strange effects when the URL has changed. Deactivate them, or re-save the settings, to flush the internal redirect rules of these plugins.

Security on your server

Check if you have hot link protection activated.

NGINX server settings

If you are on NGINX, there can be a different cause. Adding the following lines to the httpd-ssl.conf file often solves the issue.

Look for  <VirtualHost *:443>  which is for the DocumentRoot, and add these lines in this section
   <Directory C:/www-base/ >
        Options FollowSymLinks
        AllowOverride All
    </Directory>
    <Directory C:/www-base/site-dir > 
Options Indexes FollowSymLinks MultiViews 
AllowOverride All 
Order allow,deny 
allow from all 
</Directory>
Of course “C:/www-base/” and “C:/www-base/site-dir”  are only examples… would be whatever drive letter and path are used in your own environment.

This is a typical server configuration issue, so you might have to contact your hosting provider to fix it.

Simple and Performant Security.
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.