diff --git a/docs/patterns/mongoengine.rst b/docs/patterns/mongoengine.rst
index 624988e423..86bfc483c9 100644
--- a/docs/patterns/mongoengine.rst
+++ b/docs/patterns/mongoengine.rst
@@ -9,7 +9,7 @@ A running MongoDB server and `Flask-MongoEngine`_ are required. ::
 
     pip install flask-mongoengine
 
-.. _MongoEngine: http://mongoengine.org
+.. _MongoEngine: https://mongoengine.org
 .. _Flask-MongoEngine: https://flask-mongoengine.readthedocs.io
 
 
diff --git a/docs/web-security.rst b/docs/web-security.rst
index 4118b5ec67..4037b399f1 100644
--- a/docs/web-security.rst
+++ b/docs/web-security.rst
@@ -116,7 +116,7 @@ application's users with social engineering to do stupid things without
 them knowing.
 
 Say you have a specific URL that, when you sent ``POST`` requests to will
-delete a user's profile (say ``http://example.com/user/delete``).  If an
+delete a user's profile (say ``https://example.com/user/delete``).  If an
 attacker now creates a page that sends a post request to that page with
 some JavaScript they just have to trick some users to load that page and
 their profiles will end up being deleted.