If you mess up your htaccess file you can end up with a white screen and a dead WordPress site. So use this simple 2 line ‘copy & paste’ way of redirecting HTTP to HTTPS, and don’t let typos blow up your site ever again!
Why Use This HTTP to HTTPS Redirect?
Two big shiny reasons:-
- No editing is required – you don’t have to type/edit the domain name. This avoids those embarassing occasions where you accidentally redirect to the wrong domain because you forgot to change it. And it avoids typos where you 301 to an invalid mistyped domain, or break the code and end up with a dead site.
- It’s faster and uses less server resources – redirecting using htaccess means things happen at the web server level, instead of forcing the server to start running lots of WordPress code just to tell the server to redirect the page!
Note: this can be used for pretty much any type of website hosted on Apache (the web server that uses .htaccess files – e.g. Nginx doesn’t), so it’s not just for WordPress.
OK, so here it is, explanation below.
IMPORTANT: Put this in your .htaccess file before the ‘# BEGIN WordPress’ section.
How Does This Redirect Work?
The short explanation of what this does is:-
- The 1st line turns on the Apache rewriting function, so it’s not necessary if you already have it.
- The 2nd line basically says ‘only do this if the page is being accessed using HTTP’
- Then the 3rd line says: if it is, ‘send them to the HTTPS version of this page instead’.
Redirect HTTP to HTTPS Not Working?
Make sure you have pasted the code before the ‘# BEGIN WordPress’ section. And that you haven’t broken the code over too many lines – it’s just 3 lines, or 2 if you don’t need the ‘RewriteEngine on’ line.
For WordPress How Do I Replace HTTP With HTTPS ?
The short answer is to change both the ‘WordPress Address’ and ‘Site Address’ in the ‘Settings’ menu under ‘General’ (here’s how to login to the WordPress admin page). But also see below as this is really only one step in a much bigger process.
Moving a WordPress Site From HTTP to HTTPS?
This is a much bigger question than just a redirect. You need to first add an SSL certificate for your site. Then change both the ‘WordPress Address’ and ‘Site Address’ in Settings/General. This will fix some of your links, but it’s extremely likely you will still have pages and images linked to ‘HTTP’. This causes the ‘broken’ padlock (or mixed content error). So you then need to update all internal links that you have manually created, plus links to images you have inserted. You may also need to update code in your theme or child theme and/or widgets too. It is a bit of a headache, so get in touch if you would like us to provide a quote for taking care of all this for you.
Is There a WordPress Plugin to Redirect HTTP to HTTPS?
Yes, but WordPress plugins are really not a good solution here. This is something that should be done once and fixed properly. Plugins for tasks like this add unnecessary complication and ongoing security risks. Depending on exactly what they are doing they may also permanently slow your site down until a proper fix is applied. Needless to say, we never use plugins for this purpose and don’t recommend you do either.