Forcing HTTP to HTTPS in WordPress (Apache Server)

You must at all times load your web site with HTTPS. Apart from defending your information integrity between your web sites and your web site customers, HTTPS is now a requirement for a lot of new browser APIs such because the Geolocation API.

HTTPS additionally carries on some weight in Google SERP rating sign. So guaranteeing that your web site will at all times load from HTTPS is essential. We’ll present you methods to do it with Apache on this tutorial.

Be aware that earlier than continuing this step, just be sure you’ve obtained the SSL cert put in and loaded within the server. In any other case, try our tutorial on Newbie’s Information to Web site SSL Certs.

If it’s all set, you possibly can proceed to the following step.

HTTP to HTTPS

In case your WordPress web site could be accessed instantly at http://www.area.com and also you need to direct all guests from HTTP to HTTPS, then attempt both of the next .htaccess codes.

Possibility 1:
RewriteEngine On
RewriteCond % !on
RewriteRule (.*) https://%%REQUEST_URI [R=301,L]
Possibility 2:
RewriteEngine On
RewriteCond % ^80$
RewriteRule ^.*$ https://%%REQUEST_URI [R=301,L]
Rationalization

Each choice 1 and a pair of will redirect anybody accessing http://www.area.com to https://www.area.com

Possibility 1 codes will verify if the connection whether or not it’s TLS/SSL, whereas Possibility 2 codes will verify if the positioning runs on port 80 which, by default, is the port variety of HTTP.

Be aware: Utilizing Possibility 1 codes typically is preferable. The syntax is extra expressive, and it’ll redirect to HTTPS whatever the port quantity as a result of the positioning can technically is ready to load with HTTP outdoors port 80.

“non-www” > “www” & HTTP > HTTPS

If you wish to pressure “non-www” to “www”, and HTTP to HTTPS, then the .htaccess codes above won’t suffice.

To place issues into perspective, in case your purpose is to redirect the next URLS:

  • http://www.area.com

  • http://area.com

to:

  • https://www.area.com

Then you have to to make use of the .htaccess codes under.

RewriteEngine On
RewriteCond % ^area.com$ [NC]
RewriteRule (.*) http://www.area.com/$1 [R=301,L]

RewriteCond % !on
RewriteRule (.*) https://%%REQUEST_URI
Rationalization

First, it redirects any “non-www” to “www”, then it checks for HTTPS, ensuring the ultimate result’s: www + HTTPS.

“non-www” > “www” & HTTP > HTTPS (in subfolder)

Now, in case you are – like us – internet hosting your WordPress web site in a subfolder (i.e. www.area.com/weblog/), then the above talked about .htaccess codes won’t work completely.

The purpose right here is to redirect all URLs (regardless if the homepage, or the submit pages) to a www + HTTPS URL.

Let’s check out all prospects of URLs that we might want to redirect “from“, and redirect “to“.

Situation 1

We have to redirect all the next URLs from:

  • http://area.com

  • http://www.area.com

  • http://area.com/weblog/

  • http://www.area.com/weblog/

to an unify URL of:

  • https://www.area.com/weblog/

Situation 2

and submit URLs from:

  • http://area.com/weblog/example-page/

  • http://www.area.com/weblog/example-page/

to:

  • https://www.area.com/weblog/example-page/

When your WordPress is hosted in subfolder (E.g. /weblog/), likelihood is you’ll have two .htaccess recordsdata, I.e. one .htaccess file outdoors the subfolder, and one contained in the subfolder the place WordPress is put in. And we might want to alter each of them.

.htaccess
weblog/
weblog/.htaccess
.htaccess outdoors subfolder

Insert the next codes into .htaccess outdoors the subfolder.

RewriteEngine On
### non-www to www, http to https
RewriteCond % !on
RewriteCond % ^area.com$ [OR]
RewriteRule (.*) https://www.area.com/$1 [R=301,L]

### subfolder
RewriteRule ^$ /weblog/ [R=301]

Right here’s what this a part of the code does. First, it makes certain the area is redirected to www with HTTPS, then it’s redirected to the subfolder. This may fulfill #situation 1 talked about above however it won’t work for situation #2, not but, at the very least.

.htaccess inside subfolder

Subsequent, we might want to alter the .htaccess code contained in the subfolder.

By default, it ought to look one thing like this:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond % !-f
RewriteCond % !-d
RewriteRule . /index.php [L]

# END WordPress

Put the next .htaccess code on high, and earlier than “# BEGIN WordPress”


RewriteEngine On
## http to https
RewriteCond % !on
RewriteRule (.*) https://%%REQUEST_URI [R=301,L]

With these two set of codes in place, it can guarantee any URLs entered will likely be included with www and HTTPS.

I urge that you don’t implement this in your reside web site. Attempt it out quite a few instances on a staging/check web site, ensuring you’re getting the outcomes you need earlier than deploying it reside.

Yet another factor, to make sure your redirecting is correct, make sure you clear browser cookies and cache earlier than commencing each check.

 

NTH Secure

A gamer myself, A Open Source hobbyists, A IT Security professional, A WordPress Blogger. I fully understand privacy and boosted speeds are what those who take online hosting seriously seek. Fast, secure and reliable, I've found that a VPS and Web hosting is common nowadays. Bringing extensive IT experience to the table, I enjoy helping others fine-tune their hosting services by sharing industry tips, high tech tricks and useful advice here on my website. Check back often to learn new skills of the trade, including how to perform a VPS and Web hosting setup from start to finish. Ready to level up your skill with NTHsecure? Forego the wait … it’s time to crate!

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.