Reputation: 585
HTTPS Force Redirect not working in Wordpress
My Wordpress directory is at www.example.com/blog
I recently changed my entire site to force HTTPS. So my .htaccess file in /blog/ looks like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I also changed the site URL in Wordpress settings to be HTTPS.
This works perfectly in the homepage, but in any post pages, the end user is able to change to non-secure HTTP, by changing the URL and pressing enter.
For example, they can type directly: http://www.example.com/blog/post-1/ and it will load as HTTP.
What is wrong with my .htaccess file? Where is the loose end?
Upvotes: 15
Views: 12404
Answers (3)
Reputation: 4756
Problem
Recently we faced a similar problem, while we did everything as below:
- Installed active SSL (with Green Padlock icon)
- Updating Site Address in Admin Panel (Settings ’ General)
- Putting the following code into the
.htaccessfile:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
But still, the site was not forced to HTTPS and both the HTTP and HTTPS were working independently.
We tried disabling all the plugins, clearing the cache, etc. with no luck.
Solution
Then we just moved the above code snippet above all the lines in the .htaccess, and that worked for us.
# 1. HTTPS REDIRECTION CODE <----- ✅
# 2. WordPress Code
# 3. Any other htaccess directives
Upvotes: 0
Reputation: 470
You can also add these two lines to the wp-config.php
define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
So you could easily make conditions for http for dev environment and https for live like so:
if(strpos($_SERVER['HTTP_HOST'], 'livedomain.com') !== FALSE){
define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
} else {
define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST']);
}
Upvotes: 0
Reputation: 785541
Change the order of the rules. First redirect to https and then let WP take over all of your requests.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
Upvotes: 36
Related Questions
- How to change existed redirect in order to add redirecting to https
- Htaccess redirect https to another https
- apache .htaccess not redirecting to https in subfolder
- .htaccess http to https not working
- htaccess RewriteRule to https doesn't work combined with other rules
- htaccess rule not redirecting to https as expected
- Apache Redirect setting https to http and matching & not matching
- htaccess - redirect to https not working
- HTTPS to HTTP redirect doesn't keep custom URL
- not able to redirect HTTP to HTTPS using rewrite in htaccess