Howto force SSL for all requests?

February 13, 20234 Views

Is there a way to force SSL for all requests? Much like the option to use admin ssl, but for all requests, including the ones who are not logged in.

Post Views: 4

4 comments

Anonymous says:

February 13, 2023 at 10:45 am

Here is a complete guide – Enable Complete support for SSL on WordPress

Log in to Reply

A simple check for is_ssl() should do it:

add_action( 'plugins_loaded', 'wpse_2718_force_ssl' );

function wpse_2718_force_ssl()
{
    if ( is_ssl() )
        return;

    wp_redirect(
        'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] 
    );
    exit;
}

But I would do this in .htaccess to catch images too:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

For ISS see this answer on Stack Overflow.

Add this rule to the top of .htaccess:

# BEGIN Force SSL
# This should be the first rule before other rules
<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
# END Force SSL

This should be before WordPress’ rules.

Anonymous says:

February 13, 2023 at 10:46 am

I’ve used Really Simple SSL to my all of clients sites and it works very fine. If you dont want to modify code, simply install this plugin and config it.

Log in to Reply

Howto force SSL for all requests?

Leave a Reply Cancel reply

4 comments

Social Network

Related posts

Leave a Reply Cancel reply

4 comments

Social Network