5

I am having some issues with multiple wordpress installations and .htaccess rewrite rules, mainly for forcing https but also removing www. from any domain.

Domains/Subdomains:

  • Wordpress 1: examplewebsite.com (/home/hostingacc/public_html/)
  • Wordpress 2: test.examplewebsite.com (/home/hostingacc/public_html/test/)
  • Wordpress 3: moretests.examplewebsite.com (/home/hostingacc/public_html/moretests)

.htaccess Rewrites

I've tried to use several rewrite rules that I've found across the internet, not sure what one is the best one to use but below are the main rewrite rules that I used

RewriteEngine On
RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]

That I got from https://github.com/h5bp/server-configs-apache/issues/48 but as previously mentioned, one of these may be better suited to be FORCING HTTPS and FORCEFULLY REMOVING WWW

RewriteEngine On
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{HTTP_HOST} ^www.examplewebsite.com
RewriteRule ^(.*)$ https://examplewebsite.com/$1 [L,R=301]

or

RewriteEngine On
RewriteCond %{HTTPS} !=on  [OR]
RewriteCond %{HTTP_HOST} !^examplewebsite\.com$ [NC]
RewriteRule ^ https://examplewebsite.com%{REQUEST_URI} [R=301,L]

or

RewriteEngine On
RewriteCond %{HTTPS} !=on  
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^www*\.(.*examplewebsite\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

or

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www*\.(.*examplewebsite\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

All of the above rules, seem to work in regards to forcing https and removing www on the main wordpress installation but the rules do not currently apply to subdomains or /wp-admin/ subdirectories for each of the wordpress installations, I assume that is because there is a .htaccess file in each of those directories.

Issue Recap

  • examplewebsite.com (main website) is correctly being forced to always uses https and is also being forced to remove www. BUT... the problem is located on examplewebsite.com/wp-admin/ which still correctly forces https (either by the rule or via the wp-config.php force admin ssl but it doesn't forcefully remove the www. for some reason, I guess it's because I have the following .htaccess file located under the /wp-admin/ folder so it looks like I need a rule for the htaccess in this folder to forcefully remove www. and to also force https.

  • test.examplewebsite.com and moretests.examplewebsite.com (subdomains) both have an issue where it is NOT forcing https and it is also NOT forcefully removing www.

  • test.examplewebsite.com and moretests.examplewebsite.com (subdomains) both also have the same issue as the first /wp-admin/ does not forcefully remove the www.

  • If I go into the settings or SQL for my subdomains or even edit the wp-config.php to override the SQL and change the site url and home url to have https and not to have www. (the https causes this issue) then the wordpress installations become inacessable, they vanish and visiting the links to the subdomains redirects/loads the main website instead

Configurations

  • examplewebsite.com - Current .htaccess files

Home: http://pastebin.com/raw/9RNuQZS5
WP Admin: http://pastebin.com/raw/8vVnDTRx

  • examplewebsite.com - SQL Variables

Site URL (Home): https://www.examplewebsite.com
Wordpress URL: https://www.examplewebsite.com

  • examplewebsite.com - WP Config (Overrides SQL)

Config:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);

define('WP_HOME','https://examplewebsite.com');
define('WP_SITEURL','https://examplewebsite.com');
define('DOMAIN_CURRENT_SITE', 'examplewebsite.com' );
define('COOKIE_DOMAIN', 'examplewebsite.com' );
define('ADMIN_COOKIE_PATH', '/wp-admin/');
  • test.examplewebsite.com and moretests.examplewebsite.com

The subdomains are all setup as below, however the wp-config isn't applied at the moment because the forced https is causing issue 4.

The .htaccess files are 99% identical to the ones on the main domain/site with the sole exception of that there is no custom code wp rewrite loop rules (redirect from www to non-www and redirect http to https)

  • test.examplewebsite.com and moretests.examplewebsite.com - SQL Variables

Site URL (Home): http://test.examplewebsite.com
Wordpress URL: http://test.examplewebsite.com

  • test.examplewebsite.com and moretests.examplewebsite.com - WP Config (Overrides SQL)

Config:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);

define('WP_HOME','https://test.examplewebsite.com');
define('WP_SITEURL','https://test.examplewebsite.com');
define('DOMAIN_CURRENT_SITE', 'test.examplewebsite.com' );
define('COOKIE_DOMAIN', 'test.examplewebsite.com' );
define('ADMIN_COOKIE_PATH', '/wp-admin/');

Setting the above, causes the same issue as the SQL change (issue 4)

Ryflex
  • 5,559
  • 25
  • 79
  • 148
  • Where should the subdomains redirect to if not https? To main domain or to subdomain with https? – Panama Jack Dec 21 '15 at 22:36
  • Subdomains should be https instead of http. – Ryflex Dec 21 '15 at 22:50
  • You said the wp-admin doesn't do https? are there other rules in your .htaccess that would do this? – Panama Jack Dec 21 '15 at 23:08
  • Just that one and the generic wordpress one, I do run BPS's .htaccess, what do i need to do to make http://pastebin.com/raw/aedeHp6L from my wp-admin folder not stop it from working? – Ryflex Dec 21 '15 at 23:20
  • It's still unclear how the subdomains fit in with this (though I think I understand, and they're unrelated to stripping www.) Can you edit to include some exact input and output URLs, showing what the browser sends and what it is redirected to, for both examples that would be changed and those which would be left unmodified? – Michael Berkowski Dec 22 '15 at 02:26
  • I believe you just need a small variation [on this one](http://stackoverflow.com/questions/13977851/htaccess-redirect-to-https-www/13997498#13997498) to do the opposite and remove www. instead of enforce it. – Michael Berkowski Dec 22 '15 at 02:28
  • are all the domains have same ip address? – Allen Dec 30 '15 at 20:08
  • @Allen Yep, all on same IP. – Ryflex Dec 30 '15 at 20:26
  • @Ryflex, you need to configure the SNI for the multiple subdomains hosted on one IP, check your hosting company's apache setting, the .htaccess won't be able to handle the problem you have. – Allen Dec 30 '15 at 20:34
  • @Allen The subdomains have been setup via cPanel so they have the DNS/A names setup. The rest of it is all .htaccess clashes. – Ryflex Dec 30 '15 at 20:47
  • refer this http://stackoverflow.com/questions/28942479/sni-multiple-domain-ssl-apache-iis, SNI is needed, so please check your cPanel and OS to make sure they are supported. – Allen Dec 30 '15 at 21:11
  • @Allen My hosts have checked and that part is all correct, they've confirmed that it's wordpress/htaccess issues which they don't provide support for. – Ryflex Dec 31 '15 at 16:48
  • @Ryflex can you access `https://examplewebsite.com` and `https://test.examplewebsite.com` and `https://moretests.examplewebsite.com` ? – Allen Jan 01 '16 at 17:13

1 Answers1

0

steps to check(I just illustrate for one site):

  1. ping www.examplewebsite.com expected result: you should see ip address of your site
  2. ping examplewebsite.com expected result: you should see ip address of your site
  3. browse to https://examplewebsite.com to make sure you can broswe the site

  4. add the follow as the start of your CUSTOM CODE WP REWRITE LOOP START in your root .htaccess:

    # CUSTOM CODE WP REWRITE LOOP START
# WP REWRITE LOOP START
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://examplewebsite.com/$1 [R,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]

    the above is to ensure redirect all non-ssl access to ssl access while rename all non-ssl access to site to examplewebsite.com, now you should be redirected to https://examplewebsite.com if you type http://www.examplewebsite.com or http://examplewebsite.com in the browser

  5. the last part is have your wp-config.php file to include the following:

    define('WP_HOME','https://examplewebsite.com');
define('WP_SITEURL','https://examplewebsite.com');
define('DOMAIN_CURRENT_SITE', 'examplewebsite.com' );
define('COOKIE_DOMAIN', 'examplewebsite.com' );
define('ADMIN_COOKIE_PATH', '/wp-admin/');

    this part is to ensure even the ssl access to your www.examplewebsite.com gets rewrited to examplewebsite.com by wordpress

because you have full site enabled as ssl access only, so the following is not necessary in your wp-config.php file:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
Allen
  • 6,505
  • 16
  • 19
  • Regarding 1 & 2, they do show my server IP. Regarding 3, yes my normal site loads... Regarding 4, I've given several working examples of forcing ssl and removing www and they all work, but it doesn't resolve the issue. Re 5, I already include that as mentioned in my original post. As for your minor point at the end, with or without it makes no difference. – Ryflex Jan 05 '16 at 23:48
  • @Ryflex number 3 is the most important issue, you need to have access to the site with https, otherwise it means it has no ssl access! – Allen Jan 06 '16 at 00:11
  • Yes, I said the site loads like normal. My SSL certs are fine and they work. – Ryflex Jan 06 '16 at 00:14
  • I do unfortunately, is it possible to go private to discuss somehow? – Ryflex Jan 06 '16 at 00:20