Remove .htaccess redirect on site lockout

The .htaccess is the fastest redirect, so why not enable it by default?

When you enable the setting “301 .htaccess redirect” under SSL & Security -> “Settings” in the top menu bar -> SSL, Really Simple SSL will detect the most suitable redirect and then opens a test page to verify if this option won’t result in redirect loops. Even so, the detected redirect could cause a loop: there are a lot of server configurations, and some respond unexpectedly to the proposed rules.

If this happens, you get locked out of the back-end because of the redirect loop. For this reason, this setting is optional. We do recommend using it, but you need to know how to remove it just in case.

This only happens on about 1% of the sites and is easily fixed, but make sure you have FTP access.

If you encounter an issue when this setting is enabled, just remove the rewrite rule from your .htaccess file:

  1. Open your FTP client (for example; FileZilla)
  2. In the root of your website, look for the .htaccess file. If you cannot find it, make sure that FileZilla shows hidden files. (Top menu bar -> “Server” tab -> Enable “Force showing hidden files”)
  3. Open the .htaccess file in a text editor, and look for the line #Begin Really Simple Security
  4. Remove all lines between #BEGIN and #END Really Simple Security, and save the changes
  5. Prevent Really Simple SSL from editing the .htaccess any further:
    • Look for wp-config.php in the root of your site.
    • Open the wp-config.php file, and add the following line at the top, but after the opening PHP tag:  <?php
      define( 'RSSSL_SAFE_MODE', TRUE );
  6. Change the redirect setting to ‘301 PHP redirect’
  7. Remove the safe mode constant from the wp-config.php file again
Simple and Performant Security.
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.