Use .htaccess to redirect HTTP to HTTPs

wordpress .htaccess http redirect https

176,386

Solution 1

Problem solved!

Final .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Solution 2

On Dreamhost, this worked:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Solution 3

It works for me:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on           
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Solution 4

In my case, the htaccess file contained lots of rules installed by plugins like Far Future Expiration and WPSuperCache and also the lines from wordpress itself.

In order to not mess things up, I had to put the solution at the top of htaccess (this is important, if you put it at the end it causes some wrong redirects due to conflicts with the cache plugin)

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

This way, your lines don't get messed up by wordpress in case some settings change. Also, the <IfModule> section can be repeated without any problems.

I have to thank Jason Shah for the neat htaccess rule.

Solution 5

For your information, it really depends on your hosting provider.

In my case (Infomaniak), nothing above actually worked and I got infinite redirect loop.

The right way to do this is actually explained in their support site:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://your-domain.com/$1 [R=301,L]

So, always check with your hosting provider. Hopefully they have an article explaining how to do this. Otherwise, just ask the support.

View more solutions

176,386

Cristiano Maia

Updated on July 02, 2020

Comments

Cristiano Maia almost 4 years
Please, don't recommend me the long and very detailed thread with more than 173 upvotes. It didn't work for me. I have also tried many others (1, 2, 3, 4). They all give me TOO_MANY_REDIRECTS or error 500. So, here is my issue:

With my current .htaccess, this is what happens:

https://www.dukescasino.com/ - works perfectly

https://dukescasino.com/ - redirects to the above which is great

The two options below loads fine, but it should be redirecting to the https version:

http://www.dukescasino.com/

http://dukescasino.com/

Here is the current .htaccess:
```
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
```
I don't believe it is relevant, but if so, here is the list of current active plugins:
- Advanced Custom Fields
- All In One SEO Pack
- Bop Search Box Item Type For Nav Menus
- Contact Form 7
- Disable Comments
- Google XML Sitemaps
- Jetpack by WordPress.com
- Search & Filter
- Slider WD
- TablePress
- UpdraftPlus - Backup/Restore
- Wordfence Security
- WPide
- WP Smush
- WP Super Cache
Edit 1 - Tests performed:

Test A:
```
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
```
Result: ERR_TOO_MANY_REDIRECTS

Test B:
```
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
```
Result: ERR_TOO_MANY_REDIRECTS

Test C:
```
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{SERVER_PORT} ^80$
 RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
```
Result: ERR_TOO_MANY_REDIRECTS

Test D:
```
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
```
Result: ERR_TOO_MANY_REDIRECTS

Test E:
```
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
```
Result: 302 found. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
- MrWhite almost 9 years
  
  Maybe just a typo, but you have spelt .htaccess wrong (the same way) 3 times? Your current .htaccess file is not complete, you are missing a RewriteEngine On directive. Presumably, when you add the canonical redirect you are adding this to the very top of your .htaccess file? You state that https://example.com redirects OK, however, this is not indicated in your config file? Where/how is this happening? It would be useful to know what you have actually tried - that is not working.
- Cristiano Maia almost 9 years
  
  Sorry, the .htaccess was a typo, I've fixed it now. I've also updated the current .htaccess code and all the test I've done with the result of each. I don't know how the https without www is redirecting to the www version though. Thanks
- MrWhite almost 9 years
  
  You would normally expect the server variable HTTPS to be set (your results suggest otherwise). Are you behind a proxy? (Test E is likely to result in some kind of "recursive" 404?)
- Cristiano Maia almost 9 years
  
  I've just contacted 123-reg (hosting company) to check if they have anything set up on their side that is messing things up. Even if I have the working .htaccess and set up redirect tool inside their (123reg) control panel I get the ERR_TOO_MANY_REDIRECTS.
Jason Shah about 8 years

This change resulted in "[www.domain.com] redirected you too many times" for a domain I host on Dreamhost. No luck. However, this worked: RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Liakat Hossain almost 8 years

This one is worked for me on namecheap shared hosting.
lucaferrario over 7 years

I had to change just the RewriteCond to the following one to avoid the too many redirects: RewriteCond %{HTTPS} !=on
Aleksandar Pavić over 7 years

For me on virtualmin apache 2.4 caused forbidden. The solution from @jason-shah worked.
Henrik Petterson about 7 years

This is essential information. Thanks for posting it!
crazy_in_love about 7 years

Worked on asmallorange.com too
zhekaus about 7 years

Doesn't work for me. This solution redirects "you too many times." chrome says.
Melroy van den Berg about 7 years

Just these 2 lines are added. Work great! Thanks.. RewriteCond %{ENV:HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
John Smith about 7 years

Worked for me on a LAMP server with Wordpress 4.7.4 on provider Time4VPS
john p about 7 years

@zhekaus you also have to change the values of 'siteurl' and 'home' options in wp_options table from http:// to https://
Webkraft Studios almost 7 years

Not entirely sure yet, my guess is it will remain the same depending on the reason Google might have index it as the HTTPS version to begin with.
delrocco almost 7 years

Make sure to get the exact ordering of the rules correct. I had put the rewrite rule under the existing WordPress rules, but then only the root domain rerouted and not any HTTP URI requests. This correct ordering above the existing WordPress rules routes all HTTP requests properly.
Vit Kovalcik over 6 years

This is the only one solution that worked for me. (Tested far too many.) The "ENV:" was crucial. From the replies and other solutions, it seems that on some host you either have to include it while on others you have to leave it out. BTW For anybody wanting to use this, consider using R=301 instead of just R (which means 302 redirect).
jcdarocha over 6 years

I'm not sure it does any redirection for SEO :)
Ste_95 over 6 years

The WordPress part should go after the HTTPS one, or it won't work. Or, at least, this is what happened for me :)
Rafael about 6 years

sure it does. redirection 301 ( permanent ), google will reindex
Phill Healey about 6 years

There's no need to point out every single host that this works on! It's a straightforward bit of code for .htaccess so it should work on most system them accept .htaccess. If it doesn't work then it's because of an odd case scenario.
Hexodus about 6 years

Keep in mind that this is not working with Google Search Console!
Justin Tilson about 6 years

Confirming what @Ste_95 said. I had to put the HTTPS rewrite block ahead of the default WP permalink config.
christostsang almost 6 years

Working on shared hosting Godaddy just fine!
Rafael over 5 years

it will work just fine.... wordpress will do a redirection (301). keep in mind this: rtfm
LegendLength over 5 years

I'm gonna ignore Phill and point out it worked on 1and1 hosting. You can't use the root directory htaccess with their cheap plan for some reason so this is the only option.
Harish ST over 5 years

The Above Code Results in "Error: Too many redirects"! Removing the ENV does the trick!
Bersan over 5 years

Thank you, it worked! I'm using hostgator+wordpress v4.9.8+goDaddy