Exclude RSS feed from HTTPS

Home Forums General issues Exclude RSS feed from HTTPS


This topic contains 23 replies, has 4 voices, and was last updated by  Thomas Thixton 8 months ago.

Viewing 24 posts - 1 through 24 (of 24 total)
  • Author
  • #23473 Reply


    I am trying to exclude RSS podcast feed from HTTPS, because iTunes didnt support Lets Encrypt Certificate.
    I change .htaccess to this:

    # BEGIN rlrssslReallySimpleSSL rsssl_version[2.4.3]
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTPS} !=on [NC]
    RewriteCond %{REQUEST_URI} !/feed/podcast
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    # END rlrssslReallySimpleSSL

    But unfortunately it is not working.
    page is redirected to homepage.

    What am I doing wrong?

    #23474 Reply

    What happens if you remove this redirect entirely? If it is still redirecting to https when these lines are removed (clear browser before you check), there’s something else redirecting to https.

    #23475 Reply


    Site / pages are still redirected to HTTPS. It might be because of WPFC cache plugin which added to .htaccess these lines:

    RewriteBase /
    RewriteCond %{HTTPS} =on
    RewriteCond %{HTTP_HOST} ^travelbible.cz


    #23480 Reply

    I’d try to deactivate it for the moment, to see if that helps.

    #23481 Reply


    Problem solved. It was cache.

    #23482 Reply

    Great! Thanks for the update.

    #95057 Reply


    This is the closest I’ve seen to trying to figure out how to bypass SSL for RSS feeds. I can’t seem to figure this out and need help.

    I just want to bypass http://www.enderbowen.com/category/operation-joy/feed/ so that Mail Chimp can read it again. It was fine before the change to SSL.

    #95108 Reply

    Mark Wolters

    Hi Joel,

    have you tried clearing the cache as well? Your site returns W3 Total Cache header. What happens when you try to disable that plugin temporarily? See https://really-simple-ssl.com/knowledge-base/disabling-ssl-for-one-page-only/ for more information and tips about excluding a page from SSL.


    #95388 Reply


    Hey Mark thanks for the response! I’m not sure why that comes up with W3 Total Cache, though I AM using the Fastest Cache just like Petr above. I tried doing a cache bypass in that particular plugin’s settings for this RSS and that didn’t make any difference. Though I know that won’t really bypass SSL. I have virtually the same things happening in my htaccess but don’t really know how to get around them. Also, I do clear cache any time I do practically anything on my site.

    #95471 Reply

    The header returns: X-Powered-By: W3 Total Cache/

    So it seems there’s still something returning a W3TC header. Maybe there’s still something in your .htaccess file that should be removed. Additionally, you might need to disable the WP redirect in settings/ssl. Otherwise the plugin will still redirect to https in PHP.

    #95559 Reply


    So I found this incredibly odd as I have no W3TC plugin. I did once, but not for a long time. And though my host will add that in the bg, only on new sites – I’ve had mine over a decade. I also verified this is not in the htaccess.

    Which got me curious. I have my root – enderbowen.com – but I also have my wordpress on /wordpress. So I checked htaccess there. Lo and behold there’s the W3TC. I commented it out but in doing so I kept getting 500 internal server errors and my pages wouldn’t load, so I don’t know where it’s coming from.

    #95560 Reply


    By the way just really quickly, I did track the directory path that it’s showing up there:


    It doesn’t exist. In wp-content there IS a w3tc-config directory and a w3-total-cache-config.php file but that’s it. I don’t understand why commenting this string out would have the effect it has when it’s not really even referencing something that’s there.

    #95561 Reply


    As an aside, if I put the initial code that Petr talks about in the /wordpress htaccess instead of the root one, will that work? Even if I change nothing about the W3TC?

    #95563 Reply


    My host deleted the W3TC code entirely and no 500 error.

    But now I can’t figure out how to do the bypass.

    #95593 Reply

    If you have added the exclude in the .htaccess, and disabled the wp redirect and javascript redirect, Really Simple SSL won’t be redirecting to https. If there’s still a redirect, you might try testing this in a redirect checker, to see where it comes from, for example with this one:

    #95596 Reply



    If I disable the SSL plugin then there is no redirect and there’s nothing (apart from the WP Fastest Cache and WordPress code) in the htaccess file(s). So if that’s disabled it doesn’t redirect.

    What I don’t seem to understand now is how I would 301 redirect to SSL within htaccess and then bypass for RSS. I’ve tried it many ways including the ways described in the attached links and I’m just not getting it for some reason.

    The SSL plugin is currently active and redirecting as I need to have that happening but I’m otherwise confused about the rest, but I’m trying to work it out.

    My domain host (netfirms) said that they don’t “have” any code for bypassing SSL for any specific pages etc. But they provided me this for putting into htaccess to redirect to SSL:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    But I feel like it’s missing something. Should it have those “<IfModule mod_rewrite.c>” tags as noted at the top of the thread? And, if using this, how might I bypass SSL for the RSS within the code? I’m looking all over the place on Google and not having much luck.

    I apologize for the posts – I am not a fluent webmaster but learning every day. So there are some things that go above my head until I do it.

    Thanks for your patience – you’ve all been awesome!

    #95599 Reply


    I currently have the SSL plugin deactivated and verified after doing that that it did send me to http on everything. So I know nothing else is playing around with it.

    That being said, tried this in my htaccess:

    RewriteEngine On
    RewriteCond %{HTTPS} !=on [NC]
    RewriteCond %{REQUEST_URI} !^/category/operation-joy/feed/$ [NC]
    RewriteRule ^(.*)$ https://www.enderbowen.com/$1 [R=301,L]

    But doing this threw me into a redirect loop. If I remove the “!” before “^/category/operation-joy/feed/$ [NC]” then I still end up on http.

    I feel like I’m getting close but still don’t understand all of how this works so it’s hard to really gage what it is I think I’m doing beyond trial and error.

    #95603 Reply

    If deactivating the plugin helps, the problem is the site_url() in settings/ssl. If that is https, WordPress will probably redirect to the site_url(). If you want to use the plugin, you can use safe mode to prevent your site_url from becoming https:

    You should drop the ^, like this:
    RewriteCond %{REQUEST_URI} !/category/operation-joy/feed/$ [NC]

    #95612 Reply


    Okay thank you! I’ll see what I can do and report back soon. Again, really appreciate the help!

    #95797 Reply

    Thomas Thixton

    Was told by management to turn on SSL on all of our sites a few weeks ago and it has been a rough ride.

    Used Really Simple SSL multisite to get us started; nice plugin, but it did not catch all of the Mixed-Content; we were failing all of the tests.

    Added HTTP / HTTPS Remover: SSL Mixed Content Fix, which did a very nice job of cleaning our Mixed-Content issues by removing all http/https’s and leaving all of the URL’s with //, which leaves it up to the browsers to choose which one to use. This got us a very nice passing grade on all Mixed-Content tests, but we found out later that it broke our Mailchimp RSS feed (for two weeks) since it was also cleaning up some of the URL’s in the RSS feed (namely the images). Mailchimp simply re-wraps the RSS HTML feed into MIME and most email readers have yet to cautch up with the browsers on what to do with URL’s that just start with //.

    So, we tried SSL Insecure Content Fixer, another cleaning plugin and much more popular than the Remover plugin. We found that Remover trumped the Fixer in our tests, leaving //’s in places. Next, we tried turning Remover off only to find out that now, we were locked out of all of our sub-site’s admin portals. Fixer did restore all of the URL’s on our RSS feed back to having https: prefixes, so the Mailchimp campaigns looked good, but none of our web designers could login to do their work on our sites now. Not a great tradeoff. So, Remover got turned back on and Fixer was now basically useless.

    Trying to figure a way to have RSS exempt from the cleaning plugins proved fruitless, but thankfully, Mailchimp is not requiring SSL everywhere since Mixed-Content in email is not a sin, yet. For the moment, and until the WP community comes up with a far more idiot-proof solution (for idiots like me) for sites wanting/required to move to SSL, we have left Really Simple and Remover on and Fixer off and, embarrassingly, we have setup a background cleaner to pre-process our RSS feed to Mailchimp to correct the URL’s.

    We now have SSL across all of our sub-sites with Mailchimp campaigns going out with working image links and our designers able to login to do their work. Upper management thought this should have been a flip of a switch, and I spent two+ harrowing weeks trying to make it work. I am not happy with my hacked solution, but it is meeting the business needs of upper management which for now is good enough.

    #96019 Reply

    Hi Thomas, thanks for sharing your experiences. Sorry to hear you were having so much trouble! Those mixed content issues you were having, were those hardcoded http URL’s in css/js files by any chance? There are some things that can’t be dynamically fixed, like http links in css or js files, but if it’s something else, that would be good to know.

    If you run into any issues in the future, feel free to contact our support!

    #96470 Reply

    Thomas Thixton

    Rogier, Thanks for the reply. Well, it seemed like we had two types of mixed content. 1) simple includes for third party (fonts googleapis.com) in a theme file, and 2) complaints in forms about internal/self referencing urls that were not https (e.g. http://nowfindflutenfree.com/wp-admin login form).

    The fonts were cleaned manually easily enough. The brain buster was the second class which I had no idea how to find since I figured they were all dynamically generated; i.e. not a simple file or db search.

    Lastly, it seemed that one of the cleaner plugins simply could not be turned off without breaking the site (broke all sub-site logins), so I have both cleaners installed for now.

    Still would like to see some means of excluding the RSS feed as needed.

    thx, Cal

    #96554 Reply

    Depending on your setup, this sometimes can be done by excluding the RSS feed in the .htaccess, and disabling the wp redirect, as described above. But in some cases WordPress redirects to https anyway, because the site_url is https. In that case you might need to have the site_url http to accomplish this, but I would not recommend that. As Really Simple SSL changes it to https, you would need to enable safe mode to accomplish that. Generally I think it bad practice to leave some parts of the site accessible over http, so I would avoid that if possible.

    #96720 Reply

    Thomas Thixton

    > Generally I think it bad practice to leave some parts of the site accessible over http…

    Agreed, which is why we opted for staying with everything SSL. Trying to make it all happen overnight was a mistake. If anyone is planning on migrating aWP multisite to SSL, they should first start with a clone of the site for staging to test things out. Our first attempt caused all sorts of outages, making upper management very irritated.

Viewing 24 posts - 1 through 24 (of 24 total)
Reply To: Exclude RSS feed from HTTPS
Your information: