Recommended .htaccess redirect option

 

If you didn’t enable the .htaccess redirect in your site, you may see a new plus one, with a notice in your dashboard (since version 3.2):

“WordPress 301 redirect enabled. We recommend to enable the .htaccess redirect option on your specific setup.”

What is a 301 redirect?

After activating SSL, we want to redirect everyone who attempts to visit http URLs to https. A 301 redirect indicates that the page has been permanently moved to another URL, in this case, the http version. With Really Simple SSL, we distinguish two types of 301 redirects:

The PHP 301 redirect (also known as “WordPress 301 redirect”)

Really Simple SSL can issue a 301 PHP redirect, which is sometimes referred to as the ‘WordPress 301 redirect‘. We enable this redirect by default as it is unlikely to cause any conflicts once SSL is enabled. The downside of the PHP redirect is that it won’t work well on websites that use PHP caching.

The .htaccess 301 redirect

Because the WordPress 301 redirect is not always reliable, we recommend issuing the 301 redirect via your .htaccess file. Another benefit is that the .htaccess redirect is slightly faster than redirecting via PHP, because it is loaded even before the rest of the page. This is also a reason to be cautious: We recommend that you know how to edit your .htaccess manually, so you can remove the redirect if needed. The .htaccess 301 redirect can not be activated on sites that are hosted on NGINX servers. Really Simple SSL will warn you if your site is hosted on an NGINX server and provide you with an alternative method to activate the redirect and security headers.

You can enable the 301 .htaccess redirect under Settings -> SSL & Security -> “Settings” in the top menu bar -> SSL by selecting the “.htaccess 301 redirect” option here.

If you’re not comfortable with enabling this feature, you can dismiss the dashboard notice by clicking the “X” behind it. Rest assured that the standard WordPress 301 redirect works fine for the majority of the websites.

Simple and Performant Security.
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.