Forcing HTTPS with .htaccess on site with Wordpress in subfolder
I would argue you should put your new .htaccess file in public_html folder.
Try the following with mod_rewrite in your .htaccess file
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf or .htaccess context
These three lines also have to be added to the .htaccess file in the blog folder, modifying the RewriteRule to reflect that subfolder:
RewriteRule ^/?(.*) https://%{SERVER_NAME}/blog/$1 [R,L]
It might be also useful to apply mod_ssl to force SSL with the SSLRequireSSL Directive:
This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for the current connection. This is very handy inside the SSL-enabled virtual host or directories for defending against configuration errors that expose stuff that should be protected. When this directive is present all requests are denied which are not using SSL. Keep in mind that this will not do a redirect to https by itself.
Jan Doggen
Updated on September 18, 2022Comments
-
Jan Doggen over 1 year
I can't get my .htaccess file to work to force HTTPS traffic
Site structure that I see if I ftp to my hosting provider:
/ domains mydomainname.com public_html blog- The files for my site start in
public_html(index.htmletc) - I have a WordPress installation in
blog - Wordpress settings have been set to https: (General settings mention
https://www.mydomainname.com/blogas the Wordpress URL). - SSL certificate is working fine if I go to the domain
- Initially there was only a
.htaccessinblog, containing:
# BEGIN WordPress
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
# END WordPressAll kinds of tutorials I see mention that I should add this to the start of
.htaccess:RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.mydomainname.com/$1 [R,L].. and that I should place this file 'in the root of my site'.
If I have no (other)
.htaccessfile:- I can browse go to
https://www.mydomainname.com, follow links into the WP blog and browse around there, all https: - If I go to
http://www.mydomainname.com, follow links into the WP blog, these will turn into https:
If I place a modified htaccess in several locations I get issues like (depending on what
.htaccesscontents/locations I'm trying):- If I go to
www.mydomainname.comit redirects tohttps://www.mydomainname.comand I get "Server not found"; or: - No forcing from http: to https:
Questions:
- Should the
.htaccessbe placed inmydomainname.comorpublic_html(i.e. which folder is that famous 'root of my site')? I have tried both. - Must it also be placed in
blog? If so, do they need to be identical? - What are the proper contents of the
.htaccessfile(s)?
I have tried all kinds of variations, but can't get it to work - obviously not the right variation yet.
FWIW: I assume my hosting provider uses Apache. I have no control over its configuration.
- The files for my site start in
-
Jan Doggen almost 7 yearsThis is basically it. I have added what also needs to be done to the .htaccess file in the blog subfolder
-
iamsmug almost 5 yearsCan you past your htaccess file from your blog directory please?
