Hack: Force Everyone To Use HTTPS

If your server is configured so that people can access your site using both http and https, then you may want to force them all to use https. There’s really no reason not to. Plus, for users logging on to your site (including you) they should definitely be using https for security. You can get a plugin for this, but it is easy to add a few lines of code to your .htaccess file that covers users, non-users, and even people going to non-WordPress pages you may have on other parts of your site.

Here is the code. I put it at or near the top of the .htaccess file in the site’s main directory. Naturally, the domain name should be charged to your site.

# Redirect Non-HTTPS
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://wptipsandhacks.com/$1 [R,L]

That’s it. The “80” refers to people using port 80, which is the non-SSL http way to connect to your site. So if they are using port 80, then redirect them to the https URL instead.

Leave a Reply

Your email address will not be published. Required fields are marked *