HTTPS Force Redirect not working in WordPress

1 Views

My WordPress directory is at www.example.com/blog

I recently changed my entire site to force HTTPS. So my .htaccess file in /blog/ looks like this:

Read More
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I also changed the site URL in WordPress settings to be HTTPS.

This works perfectly in the homepage, but in any post pages, the end user is able to change to non-secure HTTP, by changing the URL and pressing enter.

For example, they can type directly: http://www.example.com/blog/post-1/ and it will load as HTTP.

What is wrong with my .htaccess file? Where is the loose end?

Post Views: 1

Related posts

Leave a Reply

2 comments

  1. Change the order of the rules. First redirect to https and then let WP take over all of your requests.

    <IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteBase /blog/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>

  2. You can also add these two lines to the wp-config.php

    define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);

    So you could easily make conditions for http for dev environment and https for live like so:

    if(strpos($_SERVER['HTTP_HOST'], 'livedomain.com') !== FALSE){
  define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
  define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
} else {
  define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST']);
  define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST']);
}