Moving your site to HTTPS is not a nice SEO bonus. However, HSTS is a way to tell the browser that the connection should only be encrypted.
But HSTS is a bit difficult from a security standpoint as the browser needs to communicate before to known the site uses HSTS.
Before we head on you should know that in this we will target the send_headers action hook, which is used to add additional headers to your outgoing HTTP responses. Make sure that your site has a functioning SSL certificate for this implementation to work.
Paste the following to function.php in child theme.
/**
* Enables the HTTP Strict Transport Security (HSTS) header in WordPress.
*/
function wps_enable_strict_transport_security_hsts_header_wordpress() {
header( 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload' );
}
add_action('send_headers','wps_enable_strict_transport_security_hsts_header_wordpress' );