How to forward all WordPress pages from HTTP to HTTPS

Redirecting a WordPress website from HTTP to HTTPS is not as easy as it should be. I have yet to understand why there isn’t a simple checkbox to complete this task. There’s also numerous references which provide inaccurate information of how to accomplish this task. I’ll explain how to accomplish this with Apache, Nginx, IIS, as well as some popular web hosting control panels. These configuration changes are not WordPress-specific and can be referenced for any type of website.  If you don’t already have a certificate, check out Let’s Encrypt to obtain a trusted certificate at no cost. In most cases Let’s Encrypt…

Redirecting a WordPress website from HTTP to HTTPS is not as easy as it should be. I have yet to understand why there isn’t a simple checkbox to complete this task. There’s also numerous references which provide inaccurate information of how to accomplish this task. I’ll explain how to accomplish this with Apache, Nginx, IIS, as well as some popular web hosting control panels. These configuration changes are not WordPress-specific and can be referenced for any type of website. 

If you don’t already have a certificate, check out Let’s Encrypt to obtain a trusted certificate at no cost. In most cases Let’s Encrypt certificates can be easily requested from your CPanel or Plesk web hosting control panel. 

Nginx

Web server running Nginx can redirect HTTP traffic to HTTPS by adding the following code to the Nginx Configuration File. 

server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}

Apache

Web servers is running Apache can redirect HTTP traffic to HTTPS by adding the following code to the .htaccess file typically located at the root of your website or WordPress directory.  

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Assuming your WordPress .htaccess file has not been modified, it would look something like this:

# BEGIN WordPress
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

Once updated any request to HTTP should be redirected to HTTPS. 

IIS

Web servers running Microsoft’s IIS can leverage the URL Rewrite module. This applies to any type of website running on IIS (not just WordPress). 

  1. Install the URL Rewrite Module for IIS, https://www.iis.net/downloads/microsoft/url-rewrite. 
  2. Launch IIS, select the desired Website, select URL Rewrite, and then select Add Rule(s)… from the right. 
  3. Select Blank rule and then give the rule a name such as “HTTP to HTTPS”
  4. Under Match URL, enter the following criteria.
    Requested URL: Matches the Pattern
    Using: Wildcards
    Pattern: *
     
  5. Under Conditions, click Add…, enter the following criteria and click Ok.
    Condition input: {HTTPS}
    Check if input string: Matches the Pattern
    Pattern: off
  6. Under Action, enter the following criteria.
    Action type: Redirect
    Redirect URL: https://{HTTP_HOST}{REQUEST_URI}
    Append query string
    Redirect type: Found (302)
  7. Select Apply from the right and the rule will be instantly created. HTTP requests should now be forwarded to HTTPS. 

Web hosting control panel

It might be possible to enable an seo-friendly 301 redirect from within your web hosting control panel. With this option there’s no need to modify your .htaccess file or web server configuration. If you’ve previously tried to locate this option, check again as it may have been recently added.

Plesk Control Panel

  1. Login to your Plesk Control Panel.
  2. Under the domain you’d like to enable the HTTP-to-HTTPS forward, select Hosting Settings.
  3. Under the Security heading, enable “Permanent SEO-safe 301 redirect from HTTP to HTTPS“. 
  4. Click Apply

 

Leave a Reply