Use .htaccess to redirect HTTP to HTTPs

Question

I have tried this post, and many others (1, 2, 3, 4), but they all give me TOO_MANY_REDIRECTS or error 500. So, here is my issue:

With my current .htaccess, this is what happens:

https://www.dukescasino.com/ - works perfectly

https://dukescasino.com/ - redirects to the above which is great

The two options below loads fine, but it should be redirecting to the https version:

http://www.dukescasino.com/

http://dukescasino.com/

Here is the current .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

I don't believe it is relevant, but if so, here is the list of current active plugins:

Advanced Custom Fields
All In One SEO Pack
Bop Search Box Item Type For Nav Menus
Contact Form 7
Disable Comments
Google XML Sitemaps
Jetpack by WordPress.com
Search & Filter
Slider WD
TablePress
UpdraftPlus - Backup/Restore
Wordfence Security
WPide
WP Smush
WP Super Cache

Tests performed:

Test A:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: ERR_TOO_MANY_REDIRECTS

Test B:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 
# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: ERR_TOO_MANY_REDIRECTS

Test C:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{SERVER_PORT} ^80$
 RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
 
# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: ERR_TOO_MANY_REDIRECTS

Test D:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: ERR_TOO_MANY_REDIRECTS

Test E:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: 302 found. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

Maybe just a typo, but you have spelt `.htaccess` wrong (the same way) 3 times? Your current .htaccess file is not complete, you are missing a `RewriteEngine On` directive. Presumably, when you add the canonical redirect you are adding this to the very top of your .htaccess file? You state that `https://example.com` redirects OK, however, this is not indicated in your config file? Where/how is this happening? It would be useful to know what you have actually tried - that is not working. — MrWhite, Aug 17 '15 at 13:26
Sorry, the .htaccess was a typo, I've fixed it now. I've also updated the current .htaccess code and all the test I've done with the result of each. I don't know how the https without www is redirecting to the https://www version though. Thanks — Cristiano Maia, Aug 17 '15 at 15:19
You would normally expect the server variable `HTTPS` to be set (your results suggest otherwise). Are you behind a proxy? (Test E is likely to result in some kind of "recursive" 404?) — MrWhite, Aug 17 '15 at 16:44
I've just contacted 123-reg (hosting company) to check if they have anything set up on their side that is messing things up. Even if I have the working .htaccess and set up redirect tool inside their (123reg) control panel I get the ERR_TOO_MANY_REDIRECTS. — Cristiano Maia, Aug 17 '15 at 17:21

score 144 · Answer 1 · answered Apr 07 '16 at 11:43

144

On Dreamhost, this worked:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

answered Apr 07 '16 at 11:43

Jason Shah

2,595
3
23
25

1

This one is worked for me on namecheap shared hosting. – Liakat Hossain Jul 02 '16 at 19:24
1

Worked on asmallorange.com too – Leonardo Herrera Mar 17 '17 at 18:19
Worked for me on a LAMP server with Wordpress 4.7.4 on provider Time4VPS – John Smith Apr 29 '17 at 11:06
Make sure to get the exact ordering of the rules correct. I had put the rewrite rule under the existing WordPress rules, but then only the root domain rerouted and not any HTTP URI requests. This correct ordering above the existing WordPress rules routes all HTTP requests properly. – delrocco Jun 20 '17 at 21:52
3

There's no need to point out every single host that this works on! It's a straightforward bit of code for .htaccess so it should work on most system them accept .htaccess. If it doesn't work then it's because of an odd case scenario. – Phill Healey Apr 06 '18 at 11:43
Working on shared hosting Godaddy just fine! – christostsang Jun 30 '18 at 13:37
I'm gonna ignore Phill and point out it worked on 1and1 hosting. You can't use the root directory htaccess with their cheap plan for some reason so this is the only option. – LegendLength Oct 06 '18 at 17:24
Thank you, it worked! I'm using hostgator+wordpress v4.9.8+goDaddy – Bersan Oct 26 '18 at 19:28

score 93 · Accepted Answer · answered Aug 18 '15 at 09:36

93

Problem solved!

Final .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

answered Aug 18 '15 at 09:36

Cristiano Maia

2,012
1
18
14

19

This change resulted in "[www.domain.com] redirected you too many times" for a domain I host on Dreamhost. No luck. However, this worked: RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] – Jason Shah Apr 07 '16 at 11:37
11

I had to change just the `RewriteCond` to the following one to avoid the `too many redirects`: `RewriteCond %{HTTPS} !=on` – lucaferrario Nov 23 '16 at 13:36
For me on virtualmin apache 2.4 caused forbidden. The solution from @jason-shah worked. – Aleksandar Pavić Dec 23 '16 at 11:06
Doesn't work for me. This solution redirects "you too many times." chrome says. – zhekaus Mar 22 '17 at 05:23
Just these 2 lines are added. Work great! Thanks.. `RewriteCond %{ENV:HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]` – Melroy van den Berg Apr 12 '17 at 15:44
@zhekaus you also have to change the values of 'siteurl' and 'home' options in wp_options table from http:// to https:// – john p May 05 '17 at 14:04
3

This is the only one solution that worked for me. (Tested far too many.) The "ENV:" was crucial. From the replies and other solutions, it seems that on some host you either **have to include** it while on others you **have to leave it out**. BTW For anybody wanting to use this, consider using `R=301` instead of just `R` (which means 302 redirect). – Vit Kovalcik Oct 01 '17 at 08:49
The Above Code Results in "Error: Too many redirects"! Removing the ENV does the trick! – Harish ST Oct 24 '18 at 05:00

score 15 · Answer 3 · answered Oct 19 '16 at 21:44

It works for me:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on           
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Huseyin Yagli · Answer 4 · 2018-12-13T07:05:33.410

In my case, the htaccess file contained lots of rules installed by plugins like Far Future Expiration and WPSuperCache and also the lines from wordpress itself.

In order to not mess things up, I had to put the solution at the top of htaccess (this is important, if you put it at the end it causes some wrong redirects due to conflicts with the cache plugin)

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

This way, your lines don't get messed up by wordpress in case some settings change. Also, the <IfModule> section can be repeated without any problems.

I have to thank Jason Shah for the neat htaccess rule.

This is essential information. Thanks for posting it! – Henrik Petterson Mar 17 '17 at 17:10 — Henrik Petterson, Mar 17 '17 at 17:10

score 4 · Answer 5 · edited Jun 20 '20 at 09:12

4

This is tested and safe to use

Why?: When Wordpress editing your re-write rules, so make sure your HTTPS rule should not be removed! so this is no conflict with native Wordpress rules.

<IfModule mod_rewrite.c>
   RewriteCond %{HTTPS} !=on
   RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
  #Your our Wordpress rewrite rules...
</IfModule>
# END WordPress

Note: You have to change WordPress Address & Site Address urls to https:// in General Settings also (wp-admin/options-general.php)

edited Jun 20 '20 at 09:12

Community

1
1

answered Jul 19 '17 at 08:11

l2aelba

21,591
22
102
138

The WordPress part should go after the HTTPS one, or it won't work. Or, at least, this is what happened for me :) – Ste_95 Feb 16 '18 at 07:52
Confirming what @Ste_95 said. I had to put the HTTPS rewrite block ahead of the default WP permalink config. – Justin Tilson Apr 28 '18 at 17:41

score 4 · Answer 6 · answered Nov 30 '17 at 09:27

For your information, it really depends on your hosting provider.

In my case (Infomaniak), nothing above actually worked and I got infinite redirect loop.

The right way to do this is actually explained in their support site:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://your-domain.com/$1 [R=301,L]

So, always check with your hosting provider. Hopefully they have an article explaining how to do this. Otherwise, just ask the support.

score 1 · Answer 7 · answered Oct 02 '16 at 04:02

I found all solutions listed on this Q&A did not work for me, unfortunately. What did work was:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^/?$ "https\:\/\/www\.example\.com\/" [R=301,L]
</IfModule>
# End Wordpress

Note, the above Wordpress rules are for Wordpress in multi user network mode. If your Wordpress is in single site mode, you would use:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^/?$ "https\:\/\/www\.example\.com\/" [R=301,L]
</IfModule>
# End Wordpress

score 1 · Answer 8 · answered Apr 24 '17 at 16:31

1

Nothing of the above worked for me. But those lines solved the same problem on my WordPress site:

RewriteEngine On

RewriteCond %{HTTP:HTTPS} !on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

answered Apr 24 '17 at 16:31

lundgren

55
6

score 1 · Answer 9 · answered Sep 19 '17 at 08:33

1

easyest way to redirect http to https in wordpress it to modify site_url and home from http://example.com to https://example.com. Wordpress will do the redirection. ( that is why you get "too many redirects" error, wordpress is redirecting to http while .htaccess will redirect to https )

answered Sep 19 '17 at 08:33

Rafael

2,138
2
16
10

I'm not sure it does any redirection for SEO :) – jcdarocha Feb 13 '18 at 20:09
1

sure it does. redirection 301 ( permanent ), google will reindex – Rafael Feb 27 '18 at 14:23
Keep in mind that this is not working with Google Search Console! – Hexodus Apr 17 '18 at 12:12
it will work just fine.... wordpress will do a redirection (301). keep in mind this: rtfm – Rafael Sep 25 '18 at 11:47

score 0 · Answer 10 · answered May 24 '17 at 00:44

Here is an alternative solution you can use if you don't want to edit .htaccess:

add_action( 'template_redirect', 'nonhttps_template_redirect', 1 );

function nonhttps_template_redirect() {

    if ( is_ssl() ) {

        if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'https' ) ) {

            wp_redirect( preg_replace( '|^http://|', 'https://', $_SERVER['REQUEST_URI'] ), 301 );

            exit();

        } else {

            wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );

            exit();

        }

    }

}

You can place this at the bottom of your theme functions.php

Not entirely sure yet, my guess is it will remain the same depending on the reason Google might have index it as the HTTPS version to begin with. — Webkraft Studios, May 26 '17 at 05:05

score 0 · Answer 11 · answered Jul 28 '17 at 09:08

Add this in the WordPress' .htaccess file:

RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]

Therefore the default WordPress' .htaccess file should look like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]
</IfModule>

score 0 · Answer 12 · edited Aug 04 '17 at 10:47

0

The above final .htaccess and Test A,B,C,D,E did not work for me. I just used below 2 lines code and it works in my WordPress website:

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.thehotskills.com/$1 [R=301,L]

I'm not sure where I was making the mistake but this page helped me out.

edited Aug 04 '17 at 10:47

Cody Gray - on strike

239,200
50
490
574

answered Aug 02 '17 at 10:56

Raj Singh

1
2

score 0 · Answer 13 · edited Aug 04 '17 at 09:25

0

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^digitalsoftwaremarket.com [NC]
    RewriteRule ^(.*)$ http://www.digitalsoftwaremarket.com/$1 [L,R=301]
</IfModule>

edited Aug 04 '17 at 09:25

Sneh Pandya

8,197
7
35
50

answered Aug 04 '17 at 08:00

Saurabh Panchal

1
1

score 0 · Answer 14 · answered May 25 '18 at 14:23

None if this worked for me. First of all I had to look at my provider to see how they activate SSL in .htaccess my provider gives

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTP:HTTPS} !on
   RewriteRule (.*) https://%{SERVER_NAME}/$1 [QSA,L,R=301]
</IfModule>

But what took me days of research is I had to add to wp-config.php the following lines as my provided site is behind a proxy :

/**
 * Force le SSL
 */
define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';

score 0 · Answer 15 · answered May 28 '18 at 09:51

Just add or replace this code in your .htaccess file in wordpress

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

score 0 · Answer 16 · answered Jul 02 '19 at 08:46

0

Redirect from http to https://www

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

This will work for sure!

answered Jul 02 '19 at 08:46

Kundan roy

3,082
3
18
22

score -1 · Answer 17 · edited Jun 03 '17 at 21:49

-1

Just add this code, And it will work like charm:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
    RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]
</IfModule>

edited Jun 03 '17 at 21:49

Paul Roub

36,322
27
84
93

answered Jun 03 '17 at 21:36

Aman

1

Use .htaccess to redirect HTTP to HTTPs

17 Answers17

This is tested and safe to use

Linked