Really Simple SSL

Manually insert .htaccess redirect http to https

Rogier

Rogier

Share on facebook
Share on twitter
Share on linkedin

Let Really Simple SSL handle the .htaccess redirect

In most cases you can let Really Simple SSL handle the .htaccess redirect. The plugin has an option which inserts the detected .htaccess redirect rules. To select it, log in to your WordPress admin, and navigate to:

Settings / SSL / settings

There you will find the option “enable .htaccess 301 redirect”. If you enable it, Really Simple SSL will detect the best .htaccess redirect for your situation. Please note that in a few edge cases the server does not respond as expected, so you should know how to remove the redirect when that happens.

There are several server configurations, which each require their own .htaccess redirect. The plugin tries to detect which rule applies, and then tests the result. In some cases the test fails, or the .htaccess was not writable. In that case, you’ll have to insert the .htaccess redirect yourself. I would always recommend to redirect with .htaccess, as this is a slightly faster redirect than the default interal 301 redirect.

Automatic detected .htaccess redirect not available or causing issues?

If the plugin can’t test the .htaccess redirect rule, it writes an empty set of rules to the .htaccess when you load the settings page. To prevent overwriting your manually added .htaccess, enable this setting.

SSL test page

If you go to https://www.yourdomain.com/wp-content/plugins/really-simple-ssl/ssl-test-page.php (use https, not http), you will see a page with some test results. This will look something like this:

This page is used purely to test for ssl availability.

#SERVER-HTTPS-ON# (on)
#SERVERPORT443#

#SUCCESFULLY DETECTED SSL#

In this case, you can see ssl is functioning, and the server variable server[“https”]=on.

Depending on this output, you should add a corresponding redirect rule to your .htaccess file

  • If this page is not working for your for some reason, you’ll have to find out by trial and error.
  • If this page shows “successfully detected SSL”, but you do not see any detected variables, no server configuration I know about  was found, so none of the below may apply. You’ll just have to try!
  • If you find another redirect rule which is not listed here but does the job for you, please let me know so I can improve the plugin and this documentation.

Where do I find the .htaccess file?

Open your FTP client (for example FileZilla, or any other). Connecting via FTP requires FTP credentials. If you don’t know these credentials you can contact your hosting provider. They can provide you the server and can help you reset your FTP username/password.

go to your webroot (usually the public_html folder, where you can see the WordPress files like wp-admin, wp-content), and look for the .htaccess file.

First we navigate to the website root folder (usually public_html). Once there we see the .htaccess file

 

To edit the .htaccess file in FileZilla, right click on the .htaccess file and click View/Edit:

This will open the .htaccess file. Paste the relevant code snippet above the # BEGIN WordPress lines like this:

Finally, press CTRL + S (on Windows) or COMMAND + S (on mac) to save the file.

Be sure to check that your ftp client shows hidden files as well. The .htaccess file you need also contains the WordPress .htaccess rules. Make your changes above the # BEGIN WordPress .htaccess lines., otherwise they will be overwritten by WordPress.

What codesnippet do I need to add?

Add the code snippet above the # BEGIN WordPress htaccess lines. If Really Simple SSL added any rules which caused a redirect loop, remove them and set the Really Simple SSL settings to “stop editing the .htaccess file”.

If you see #SERVER-HTTPS-ON# (on), add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
If you see  #SERVER-HTTPS-ON# (1), add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=1
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>

If you see #SERVERPORT443#, add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>

If you see #LOADBALANCER#, add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>

If you see #CDN#, add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>

If you see #Cloudflare#, add

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:CF-Visitor} ‘”scheme”:”http”‘
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>

If you see #ENVHTTPS#, add
<IfModule mod_rewrite.c>
RewriteEngine on   RewriteCond %{ENV:HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>

On the bottom of the ssl test page, you will see HTTP HOST. This should be the same as your domain. If not, you might need to hardcode your domain to prevent redirect issues, like this:

RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]

Related articles

56 Responses

  1. Hi,

    I’ve followed all the troubleshooting steps I can find when trying to solve the “Https redirect was set in javascript because the htaccess redirect rule could not be verified. Set manually if you want to redirect in .htaccess.”-issue.

    I’ve got the following diagnosis:
    #SERVER-HTTPS-ON# (on)
    #LOADBALANCER#

    #SUCCESFULLY DETECTED SSL#

    I tried adding this to my htaccess file without success (permission is 0644):

    # BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.13]

    RewriteEngine on
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    # END rlrssslReallySimpleSSL

    Please advice.

      1. Still got the WP error message which might have tricked me, but configuration now says “Editing of .htaccess is blocked in Really Simple ssl settings, so you’re in control of the .htaccess file.” so guess thats correct.
        Thanks!

  2. Hi Rogier – I’m having some challenges getting htaccess redirect setup. SSL is working fine, and at the moment your plugin is using Javascript redirect successfully. However your plugin didn’t write code to the htaccess file, it only wrote this:

    # BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.14]
    # END rlrssslReallySimpleSSL

    I’ve tried manually editing the htaccess file (after switching off the htaccess edit option in your plugin). I’ve also run your test page, and this is the result from the test page:

    #SERVER-HTTPS-ON# (on)
    #SUCCESFULLY DETECTED SSL#

    However, the code you advise to add to htaccess when this is the case does not work for me. It creates a connection error, and I have to revert the code by FTP to be able to access the site again.

    Furthermore – I’ve tried every single version of the code you’ve entered above in htaccess, and none of them work.

    Any ideas? My site is http://www.tidestream.net

    Thanks,

    Leon

    1. You could try to hardcode your domain in the htaccess:
      RewriteRule ^(.*)$ https://www.tidestream.net%{REQUEST_URI} [R=301,L]
      Just in case your server has trouble with the default one.

  3. Hello Rogier,

    Thank you for the great plugin.
    Im considering getting the premium version, but before i do have a question:

    I did follow your steps, in my case i added :

    RewriteEngine on
    RewriteCond %{HTTPS} !=on [NC]
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    I still have the alert message (i did try with and without the cache plugin i’m using, clearing it, etc.)

    I did check “stop editing the htaccess file”, the message is still there (i also still have the other alert icon but have ““Editing of .htaccess is blocked in Really Simple ssl settings, so you’re in control of the .htaccess file” now).

    I followed your others posts tips, and everything looks ok.
    But as it is a very important part for my website (seo is decisive), i just wanted to be sure that i didnt miss something.

    Thank you for your help.

    1. Hi Quentin,

      Your .htaccess looks good. The plugin looks for the rewriterule line, which is the same in all cases, I can’t say why it doesn’t pick it up. I’d have to see the debug log first. You can mail it to me as well, (you can use the contact form in the menu).

      To check if you have a correct 301 redirect, you can also use a redirect checker, like this one: http://www.redirect-checker.org/ If it’s 301, you’re good.

  4. Hey
    It says me this 🙁 .
    can you pls tell me what is the reason behind it?

    ————————————————
    SSL test page

    This page is used purely to test for ssl availability.

    #NO KNOWN SSL CONFIGURATION DETECTED#

    HTTP_HOST: http://www.ultimahub.cn
    REQUEST_URI: /wp-content/plugins/really-simple-ssl/ssl-test-page.php

  5. Hey, Rogier!
    I’m having issues getting this to work.
    This is my test page:
    #LOADBALANCER#

    #SUCCESFULLY DETECTED SSL#

    HTTP_HOST: http://www.trondsworld.com
    REQUEST_URI: /wp-content/plugins/really-simple-ssl/ssl-test-page.php

    So I added the following to my .htaccess file:

    RewriteEngine on
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    I also added the hardcore for my domain just to try.
    I have ticked off the “stop editing” box.
    I’m not sure if I might be editing the .htaccess file wrongly.
    Appreciate any help
    Thanks 🙂

  6. Hi Rogier

    If my test page shows multiple results (see below), do I need to add all 3 rules to my htaccess? The plugin only inserts the Loadbalancer rule. Thanks / Jen

    #SERVER-HTTPS-ON# (on)
    #SERVERPORT443#
    #LOADBALANCER#

    #SUCCESFULLY DETECTED SSL#

    1. Hi Jen,

      normally the loadbalancer rule should be enough. However, if that not works you can try adding the other rules to see if that makes a difference. Please let me know if it works for you!

      Mark

      1. Thanks Mark – when I activated the plugin it enabled WordPress 301 redirects (our site runs through cloudlare). Should I also enable htaccss redirects or just leave WordPress 301?

        1. Htaccess is preferred, because the .htaccess file loads before WordPress the htaccess redirects are a bit faster. If you experience any issues with the .htaccess redirect you can use the WordPress 301.

          Mark

  7. Help please… I have the premium version and ran the scan… All OK Activated, and now cannot see any images on the site: https://www.ausgrills.com.au

    I host on servage.net

    The plugin did not make any changes to my .htaccess file and it is currently as follows:
    ——————-
    # Set SSL
    SetEnvIf SSL on HTTPS=on

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    # SET MEMORY
    php_value memory_limit 512M

    # SET EXECUTION TIME
    php_value max_execution_time 0
    ————————-

  8. Hi Rogier,

    Hope you’re well.

    I’m experiencing issues with images loading on my site (not appearing at all). If I deactivate the really simple ssl plugin, the images load fine.

    My test page returns the following result:

    RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://thebrandsociete.com.au/$1 [R=301,L]
    #SSL TEST PAGE#

    This page is used purely to test for ssl availability.

    #SERVER-HTTPS-ON# (on)
    #SERVERPORT443#

    #SUCCESFULLY DETECTED SSL#

    I’ve enabled the “stop editing the .htaccess file” in plugin settings & updated all the .htaccess files to reflect the codesnippets in your article.

    Do I need to enable any other options in settings?? (the only other ones enables are “auto replace mixed content” & “enable WP 301 redirection to SSL”.

    I’ve re-saved permalinks to flush & can’t see any other plugins that would be causing any conflict.

    Do you have any other suggestions?

    Appreciate your help.

    Cheers,

    George

    1. Hi George, This is not related to your .htaccess at all. The images and resources that do not load are loading over your www domain, which is not included in your SSL certificate. That is the problem here. You can either change those url’s to www, or acquire an SSL certificate for the www domain. Please note that currently, if you type in your www domain, the browser shows an insecure warning for this same reason.

  9. Hi,

    I want redirect http://www.domain.com, http://domain.com, https://domain.com to https://www.domain.com

    My code is
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    Using Strict-Transport-Security and Content-Securiy-Policy. With command curl -I -i I have this results

    http://domain.com or http://www.domain.com
    Code 301 => Go to https

    http://domain.com/blog/ or http://www.domain.com/blog/
    Code 200 => Go to http

    What’s wrong?

    1. Hi, if you want to use HSTS, you have to redirect first from http://domain.com to https://domain.com, then to www. This has to be done in two steps, otherwise the HSTS won’t be fully secure. The way Really Simple SSL inserts the redirect will do this for you.

      I can’t say why your redirect is not working, it depends on your server which one you need. That’s why I use the test page in the plugin to detect the redirect. One of the other snippets might work for you.

  10. Any idea how to implements SSL from my hosting comany with cloudflare?
    I used to have cloudflare and it worked great without SSL.
    Once I purchased SSL from my hosting I couldn’t add it to cloudflare.
    Is there a way to do it without an additinal charge?

    allthewayupmedia.com

  11. Hi Rogier,

    I activated the plugin and tested it and get the following message :

    #SSL TEST PAGE#

    This page is used purely to test for ssl availability.

    #SERVER-HTTPS-ON# (on)
    #SERVERPORT443#
    #ENVHTTPS#

    #SUCCESFULLY DETECTED SSL#

    Should I make any changes in htaccess or the plugin settings?

    1. Hi Nalin,

      you won’t have to make any changes to the htaccess file yourself. If you enable the ‘.htaccess redirect’ option in the plugin settings, the plugin will automatically detect your configuration and apply the necessary rules for you.

      Mark

  12. Hello!! in the main page I do not see the green padlock.

    Options:
    * htaccess redirect
    * WordPress redirect
    * Mixed content fixer
    SERVER: apache
    SSL is enabled for this site
    ** Detecting configuration **
    plugin version: 2.5.25
    Already on SSL, start detecting configuration
    SSL type: SERVER-HTTPS-ON
    ** Configuring SSL **
    testing htaccess rules …
    test page url, enter in browser to check manually: https://kodiandroid.es/wp-content/plugins/really-simple-ssl/testssl/serverhttpson/ssl-test-page.html
    htaccess rules tested successfully.
    checking if .htaccess can or should be edited …
    settings page, or network admin, updating htaccess …
    retrieving redirect rules
    starting insertion of .htaccess redirects.
    single site or networkwide activation
    converting siteurl and homeurl to https

    I would appreciate it if you could tell me what the problem may be. thank you very much. regards!

  13. Hi Rogier,

    I get this test page result.

    #SSL TEST PAGE#

    This page is used purely to test for SSL availability.

    #NO KNOWN SSL CONFIGURATION DETECTED#

    and now I can’t logon to the WP admin

    Peter

  14. Hi Rogier,

    After activating “enable .htaccess 301 redirect” option, the plugin automatically added the following code in .htaccess:
    RewriteEngine on
    RewriteCond %{HTTPS} !=on [NC]
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

    But in some sites I see the following recommended code:
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    I am wondering what is the difference between HTTPS on and off. Can I apply any one of them?

    Thanks for help.

    1. Hi Taswir,

      The one checks if https is not on, the other checks if it’s off. It’s amounts to the same thing, so it doesn’t matter which you use.

  15. Hello,

    I have the following errors:

    #SSL TEST PAGE#

    This page is used purely to test for SSL availability.

    #SERVER-HTTPS-ON# (on)
    #SERVERPORT443#
    #ENVHTTPS#
    #LOADBALANCER#

    #SUCCESFULLY DETECTED SSL#

    As per the instructions above I added the code to “stop editing the htaccess file” in the wp-config file?

    I added all the codes listed in the article for these errors. I checked my website after adding the code for each error. My website broke after adding the following code for #ENVHTTPS#.

    if you see #ENVHTTPS#, add

    RewriteEngine on RewriteCond %{ENV:HTTPS} !=on
    RewriteRule (.*) https://%{HTTP_HOST}%/$1 [R=301,L]

    I noticed the code is different from all the other codes. Could the code be wrong or am I doing something wrong?

    Also, I noticed after rechecking my website again for ssl (https://www.nikaousa.com/wp-content/plugins/really-simple-ssl/ssl-test-page.php) that the errors were still there.

    I would greatly appreciate your help.

    1. Hi,

      since the SSL test page also returns SERVER-HTTPS-ON, you could try to add the following code:


      RewriteEngine on
      RewriteCond %{HTTPS} !=on [NC]
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]

      You can also try to add the tags around the current code.

  16. [02-May-2019 06:03:01 America/Chicago] PHP Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set ‘always_populate_raw_post_data’ to ‘-1’ in php.ini and use the php://input stream instead. in Unknown on line 0 (using 5.6 php)

  17. My host asked me to use flexible SSL and hence I am using it. With cloudflare’s Always use HTTPS, the redirect works perfectly but since I have mobile theme and desktop theme on same url, it doesn’t load correctly. So, I had to disable Cloudflare’s Always use HTTPS. Also, I wanted to mention that I use wp super cache.

    I used you cloudflare rules but it doesn’t work. I searched online for htaccess rules regarding http to https and non-www to www and I was able to come up with this.

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteCond %{HTTP:CF-Visitor} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^www.example.com [NC]
    RewriteCond %{HTTP_HOST} !^$
    RewriteRule ^/?(.*) https://www.example.com/$1 [L,R=301]

    I added it to the htaccess, it works correctly and I am able to see mobile theme on mobile devices and desktop theme on desktops.
    Here are the 301 jumps on how it is working
    example.com -> https://example.com -> https://www.example.com

    But the problem is with http://www.example.com url.
    Most of the time 301 works correctly like
    http://www.example.com -> https://www.example.com
    But sometimes the 301 redirect goes wrong, like http://www.example.com doesn’t redirect any further(http to https). I am thinking if there is any way to correctly order the above code in htaccess?
    Thank you in advance.

    1. Hi Tinu,

      you can let Really Simple SSL handle the .htaccess redirect. If you enable the ‘301 .htaccess redirect’ option in the plugin settings, the plugin will automatically enter the correct .htaccess redirect. You can then remove your own .htaccess redirect rules.

      Mark

Leave a Reply

Subscribe