Use .htaccess to redirect HTTP to HTTPs
Solution 1
Problem solved!
Final .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Solution 2
On Dreamhost, this worked:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Solution 3
It works for me:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Solution 4
In my case, the htaccess file contained lots of rules installed by plugins like Far Future Expiration and WPSuperCache and also the lines from wordpress itself.
In order to not mess things up, I had to put the solution at the top of htaccess (this is important, if you put it at the end it causes some wrong redirects due to conflicts with the cache plugin)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
This way, your lines don't get messed up by wordpress in case some settings change. Also, the <IfModule>
section can be repeated without any problems.
I have to thank Jason Shah for the neat htaccess rule.
Solution 5
For your information, it really depends on your hosting provider.
In my case (Infomaniak), nothing above actually worked and I got infinite redirect loop.
The right way to do this is actually explained in their support site:
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://your-domain.com/$1 [R=301,L]
So, always check with your hosting provider. Hopefully they have an article explaining how to do this. Otherwise, just ask the support.
Related videos on Youtube
Cristiano Maia
Updated on July 02, 2020Comments
-
Cristiano Maia almost 4 years
Please, don't recommend me the long and very detailed thread with more than 173 upvotes. It didn't work for me. I have also tried many others (1, 2, 3, 4). They all give me TOO_MANY_REDIRECTS or error 500. So, here is my issue:
With my current .htaccess, this is what happens:
https://www.dukescasino.com/ - works perfectly
https://dukescasino.com/ - redirects to the above which is great
The two options below loads fine, but it should be redirecting to the https version:
Here is the current .htaccess:
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / # BEGIN WordPress RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
I don't believe it is relevant, but if so, here is the list of current active plugins:
- Advanced Custom Fields
- All In One SEO Pack
- Bop Search Box Item Type For Nav Menus
- Contact Form 7
- Disable Comments
- Google XML Sitemaps
- Jetpack by WordPress.com
- Search & Filter
- Slider WD
- TablePress
- UpdraftPlus - Backup/Restore
- Wordfence Security
- WPide
- WP Smush
- WP Super Cache
Edit 1 - Tests performed:
Test A:
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTPS} off # First rewrite to HTTPS: # Don't put www. here. If it is already there it will be included, if not # the subsequent rule will catch it. RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Now, rewrite any request to the wrong domain to use www. RewriteCond %{HTTP_HOST} !^www\. RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # BEGIN WordPress RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
Result: ERR_TOO_MANY_REDIRECTS
Test B:
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] # BEGIN WordPress RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
Result: ERR_TOO_MANY_REDIRECTS
Test C:
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] # BEGIN WordPress RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
Result: ERR_TOO_MANY_REDIRECTS
Test D:
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # BEGIN WordPress RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
Result: ERR_TOO_MANY_REDIRECTS
Test E:
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L] RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1 # BEGIN WordPress RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
Result: 302 found. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
-
MrWhite almost 9 yearsMaybe just a typo, but you have spelt
.htaccess
wrong (the same way) 3 times? Your current .htaccess file is not complete, you are missing aRewriteEngine On
directive. Presumably, when you add the canonical redirect you are adding this to the very top of your .htaccess file? You state thathttps://example.com
redirects OK, however, this is not indicated in your config file? Where/how is this happening? It would be useful to know what you have actually tried - that is not working. -
Cristiano Maia almost 9 yearsSorry, the .htaccess was a typo, I've fixed it now. I've also updated the current .htaccess code and all the test I've done with the result of each. I don't know how the https without www is redirecting to the www version though. Thanks
-
MrWhite almost 9 yearsYou would normally expect the server variable
HTTPS
to be set (your results suggest otherwise). Are you behind a proxy? (Test E is likely to result in some kind of "recursive" 404?) -
Cristiano Maia almost 9 yearsI've just contacted 123-reg (hosting company) to check if they have anything set up on their side that is messing things up. Even if I have the working .htaccess and set up redirect tool inside their (123reg) control panel I get the ERR_TOO_MANY_REDIRECTS.
-
Jason Shah about 8 yearsThis change resulted in "[www.domain.com] redirected you too many times" for a domain I host on Dreamhost. No luck. However, this worked: RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
-
Liakat Hossain almost 8 yearsThis one is worked for me on namecheap shared hosting.
-
lucaferrario over 7 yearsI had to change just the
RewriteCond
to the following one to avoid thetoo many redirects
:RewriteCond %{HTTPS} !=on
-
Aleksandar Pavić over 7 yearsFor me on virtualmin apache 2.4 caused forbidden. The solution from @jason-shah worked.
-
Henrik Petterson about 7 yearsThis is essential information. Thanks for posting it!
-
crazy_in_love about 7 yearsWorked on asmallorange.com too
-
zhekaus about 7 yearsDoesn't work for me. This solution redirects "you too many times." chrome says.
-
Melroy van den Berg about 7 yearsJust these 2 lines are added. Work great! Thanks..
RewriteCond %{ENV:HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
-
John Smith about 7 yearsWorked for me on a LAMP server with Wordpress 4.7.4 on provider Time4VPS
-
john p about 7 years@zhekaus you also have to change the values of 'siteurl' and 'home' options in wp_options table from http:// to https://
-
Webkraft Studios almost 7 yearsNot entirely sure yet, my guess is it will remain the same depending on the reason Google might have index it as the HTTPS version to begin with.
-
delrocco almost 7 yearsMake sure to get the exact ordering of the rules correct. I had put the rewrite rule under the existing WordPress rules, but then only the root domain rerouted and not any HTTP URI requests. This correct ordering above the existing WordPress rules routes all HTTP requests properly.
-
Vit Kovalcik over 6 yearsThis is the only one solution that worked for me. (Tested far too many.) The "ENV:" was crucial. From the replies and other solutions, it seems that on some host you either have to include it while on others you have to leave it out. BTW For anybody wanting to use this, consider using
R=301
instead of justR
(which means 302 redirect). -
jcdarocha over 6 yearsI'm not sure it does any redirection for SEO :)
-
Ste_95 over 6 yearsThe WordPress part should go after the HTTPS one, or it won't work. Or, at least, this is what happened for me :)
-
Rafael about 6 yearssure it does. redirection 301 ( permanent ), google will reindex
-
Phill Healey about 6 yearsThere's no need to point out every single host that this works on! It's a straightforward bit of code for .htaccess so it should work on most system them accept .htaccess. If it doesn't work then it's because of an odd case scenario.
-
Hexodus about 6 yearsKeep in mind that this is not working with Google Search Console!
-
Justin Tilson about 6 yearsConfirming what @Ste_95 said. I had to put the HTTPS rewrite block ahead of the default WP permalink config.
-
christostsang almost 6 yearsWorking on shared hosting Godaddy just fine!
-
Rafael over 5 yearsit will work just fine.... wordpress will do a redirection (301). keep in mind this: rtfm
-
LegendLength over 5 yearsI'm gonna ignore Phill and point out it worked on 1and1 hosting. You can't use the root directory htaccess with their cheap plan for some reason so this is the only option.
-
Harish ST over 5 yearsThe Above Code Results in "Error: Too many redirects"! Removing the ENV does the trick!
-
Bersan over 5 yearsThank you, it worked! I'm using hostgator+wordpress v4.9.8+goDaddy