Really Simple SSL

Disabling SSL for one page only

The problem: services that don’t support SSL

The best way to go is to get your entire site on SSL. But sometimes, there are services that are not really up to date: they don’t provide an SSL certificate on their service.

Especially iFrames cause this problem. Browsers simply won’t load a http iframe on a https site. But even if that were possible, like with images, this wouldn’t be a good idea: mixed content errors, insecure page warnings, and so on would flash in front of the user’s eyes, scaring them away. That is why Really Simple SSL changes all these resources to https, forcing them all to load securely.

The result is: when the iFrame is loaded over http, the browser blocks it. When the iFrame is loaded over https, the browser won’t load it because there’s no SSL certificate.

How to solve this?

In most cases, I would try contacting the service provider to try and get them to start providing a service that supports SSL. Simply adding an SSL certificate resolves it in most cases. If that is not possible, you can try disabling SSL for one page.

Solution with a plugin

To do this, I’ve developed a plugin that handles this for you. You’ll have to deactivate the free plugin and then install Really Simple SSL per page. This will give you the option to enable SSL per page explicitly, or, when you use the “exclude pages” option, to set all pages to SSL, except the pages you have selected.

Manual solution

You can also do this manually:

Step 1:

  • Activate Really Simple SSL in safe mode
  • Activate .htaccess redirect in settings/SSL
  • Enable “Stop editing the .htaccess file”

Step 2:

Open an FTP client like FileZilla, and go to the root of your website. Look for the .htaccess file. You may have to enable the “Show hidden files” option.

Open this file (make a backup first), and look for the

# BEGIN rlrssslReallySimpleSSL  comment

Some rows below this comment, you will see something like:
RewriteCond %{HTTPS} !=on [NC]

Right after this entry, insert the following:
RewriteCond %{REQUEST_URI} !/your-page

The end result should be something like:

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.8]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
#this line may be different on other servers
RewriteCond %{REQUEST_URI} !/your-page #add your excluded page here
RewriteCond %{HTTP_HOST} ^ [OR]
RewriteCond %{HTTP_HOST} ^
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
# END rlrssslReallySimpleSSL

This means that the redirect will be used, but this page will be excluded.



Related articles

49 Responses

  1. Hi,for my website not working or need to use other code.I have a games website and I want to remove https on the play game page.I can not use “your page” in that part, because are thousand of pages.I try it with play_page.php, is call like that in themplate folder.Can you help me .Thanks in advance.

    1. If those pages all follow some sort of generic url structure, like you could use something like this:
      RewriteCond %{REQUEST_URI} !^/(games/.*)$

      1. Hello I have a similar problem, I have to disable all of template pages “gallery” for example look at this link https: https: // can you help? Thank you

  2. Hi Rogier, first of all thank you for your plugin and support!

    I followed your steps but it seems doesn’t work for me. I need to disable SSL on this page: s t u d i o p i n c e l l a [dot] it / f i n a n z a – a g e v o l a t a

    What am I doing wrong?

    Thank you so much!

  3. How could I do to place an external link that leads to an http site? It’s possible? When I put a link to an external site http always changes to https. Thank you.

  4. tried it but must be doing something wrong, when i go to page as non-ssl / http it redirects to home page? below is line i added to htaccess – website has one page with frame in that is not available under ssl

    RewriteCond %{REQUEST_URI} !/view-our-inventory-online/

  5. My app developer refuses to add https on all APIs made by wordpress. so he needs a http reply to a http request and not a https.

    all my APIs are in one folder /api/
    for example

    when i enable SSL these APIs get converted to https and my app stops working
    I want to exclude all the urls with[anything here]

    I tried

    RewriteCond %{REQUEST_URI} !^/(api/.*)$
    RewriteCond %{REQUEST_URI} !/api
    RewriteCond %{REQUEST_URI} !/api/get_category_index/
    RewriteCond %{REQUEST_URI} !/

          1. i tried this but its not working.
            i guess i am not using wp_rest_api

            i am using a plugn called json api.

            i even edited this line to replace https with http in the class front end .php file
            $redirect_url = “http://” . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’];


            what can i do ?

            can i add some custom code in htaccess so that all the links with base urls will not be redirected to https ?

          2. If you have disabled both redirect types in settings/ssl, and you don’t use the rest_api, Really Simple SSL is not redirecting. Maybe the json api plugin is using the home_url or site_url, which is https. I think it’s best to contact the author of the json api plugin developer and check if there’s a filter that can be used to override the https.

  6. Greetings. I have purchased and installed “Really Simple SSL pro” and “Really Simple SSL on specific pages” and have selected the option to exclude pages from ssl – I have added two separate pages to be excluded from ssl and it is not functioning as expected. Both pages are showing with https in the url.

    Thanks in advance for your attention to this.

    1. Hi Steve,

      there is probably something else forcing the pages over https://. This could be HSTS, a plugin or for example a force ssl option from your hosting or CDN provider. If you can provide the address of your website I might be able to give you some more information.


        1. Hi Steve,

          when I visit your site now both /search/ and the /real-estate-search/ pages are being excluded from SSL. On the homepage of your site the first menu item is Search, which links to the /real-estate-search/ page, also has a www link instead of a https:// link. Could you try to clear your browsers cache and visit the site again to see if that resolves the issue?


  7. Clearing my browser cache did the trick, Mark. I had tried everything but that and it worked like a charm. Thanks a bunch for your help and responsiveness. Much appreciated.

  8. Thanks so much for your help here. It took a few tweaks but finally got my tennis court bookings plugin/page coming up as http as it wouldn’t display the calendar because I think it’s using iframe. I don’t have many images to lock down so converting the site to SSL was a no-brainer for me. I only had this one page to worry about. All good now.

    1. Hi Mike,

      the plugin should redirect the same page to https://. It could be something else is doing a redirect to the home page, for example a plugin or .htaccess rule. You can check this by disabling plugins one by one to see if the issue persist and check if the .htaccess file might be doing a redirect to the homepage on https://.


      1. Hi Mark,

        Thanks for the reply, ok sure, i’ve done some further research.

        Essentially we redirected from http:// to https:// on our main site, our blog is a seperate wordpress but is on the same domain. Once we redirected everything worked fine apart from the blog. I installed the plugin thinking this would sort the issue.

        The https version of each page works, although when i change the url to http:// to test the redirect. the following happens

        redirects to :

        so it takes off the /blog/ part and creates a 404.

        How can I stop this happening?


          1. Hi Mark,

            – Auto-replace mixed content
            – Enable WordPress 301 redirection to SSL
            – Enable JavaScript redirection to SSL

            the above 3 are ticked.

            Checked the instiallation settings it has the /blog/ part so should redirect to the /blog/ section

            Any other ideas?

            Thanks 🙂

    1. Hi Manish,

      if your site uses an .htaccess file you should be able to this with the following rules:

      RewriteEngine on
      RewriteCond %{HTTPS} !=on [NC]
      #this line may be different on other servers
      RewriteRule !^index\.php/folder1/subfolder1
      RewriteCond %{HTTP_HOST} ^ [OR]
      RewriteCond %{HTTP_HOST} ^
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

      # END rlrssslReallySimpleSSL

      Be sure to make a back-up of your existing .htaccess first. If you experience any issues, check out the Really Simple SSL per page plugin, which is able to exclude pages and posts from SSL.

      You also have to exclude the url’s from the mixed content fixer, otherwise the links will still be replaced with https://. For that see:


  9. hey, we purchase Really Simple SSL per page install and active it, so we disable Really Simple SSL.
    check Exclude pages from SSL, on tab ssl pages we add a paga call “kelas2” we will specific this page http where our web is https, but it’s not working.
    please help.

    1. Hi Rozi,

      yes you can disable Really Simple SSL free. It could be there is another redirect to https:// being issued, for example in your hosting control panel or CDN provider. You can also try to clear any caches your website uses and your browser cache. If that doesn’t solve the issue, can you send us WordPress and FTP credentials via so we can check why it’s not working.


  10. Hello,
    I tried your instructions to remove https from only one page but it doesn’t work. It still load it as https.
    I disabled Really Simple SSL free ,add the rules in htaccess and clear cache but it still load it on https.
    My web page is and I want to disable it for
    Can you help me out?
    Here is my .htaccess as well

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    #Alternate default index page
    DirectoryIndex index.html index.php
    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.8]

    RewriteEngine on
    RewriteCond %{HTTPS} !=on [NC]
    #this line may be different on other servers
    RewriteCond %{REQUEST_URI} !/odigos-lipansis/
    RewriteCond %{HTTP_HOST} ^ [OR]
    RewriteCond %{HTTP_HOST} ^
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]

    # END rlrssslReallySimpleSSL
    # END WordPress

    1. Hi Euripidis,

      the code you are currently using should work, your .htaccess file looks good. Have you tried clearing any caches your website uses? If the page still redirects to https:// after clearing all caches, it’s possible there is another redirect to https:// active, for example from your hosting provider that sends all requests over https://. You can contact them so they can check if this is happening on your site.


          1. As I mention above I already have deactivated the plugin and I have added in wp-config.php define(“rsssl_safe_mode”, true);

          2. Now it seems to working. Altough it breaks all of my page I think it because of the .css?

          3. It only works if I mannually remove the https:// infront of the webpage and this is happening in all pages.
            But if I remove the https:// it breaks the page layout

  11. is using Really Simple SSL (thank you). is redirected to, but it gets the “Warning: Potential Security Risk Ahead” error, because I assume the Really Simple SSL plugin is forcing it to go to (which doesn’t have an SSL certificate).

    Is this an instance where “Really Simple SSL per page” is appropriate, or is there a better/simpler solution?


    1. Hi,

      you could add a .htaccess redirect rule on the domain to redirect is to the .com domain. Configuring the domain to load over http:// and setting the redirect as the first redirect in your .htaccess file should send traffic straight through without showing the warning.


  12. The way you showed it requires putting every single post/page link manually in .htaccess which is not a good solution. I don’t want to say this is a proper solution.

    Thanks, but I want an option in the post/page edit form dashboard. Can you bring this system please?

Leave a Reply

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!

Integrate with Really Simple SSL

Really Simple SSL offers a Free SSL Certificate from Let’s Encrypt. Do you want to integrate with Really Simple SSL as a hosting provider? Let us know!

Choose the answer that most closely resembles your proposed integration. Additional information can be entered below.
After sending the form. The pop-up will close automatically.