Excluding/including SSL on specific pages Redirect rules SSL certificate

Preventing subdomains or add on domains from getting forced to https

If you have several subdomains, or add-on domains, but do not use WordPress Multisite, you’ll need a way to prevent Really Simple SSL from forwarding all subdomains to https. That is, if these subdomains do not have an SSL certificate of course.

1. Go to Really simple ssl settings and check Stop editing the .htaccess file. save this setting. Alternatively you can add this line to your wp-config.php

define( 'RLRSSSL_DO_NOT_EDIT_HTACCESS' , TRUE );.

They both do the same same thing; they stop Really simple ssl from editing the your .htaccess file henceforth.

2. Now add Add the following conditions to the rewrites currently existing in your .htaccess, between the Really Simple SSL markers. Add them after the first SSL RewriteCond, but before the actual RewriteRule:

RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com

So your really simple ssl rule changes from this below

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.8]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL

to this below here.

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.8]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL

Where domain.com and http://www.domain.com is the domain you still want ssl on.

Note your version number may be different the one here is at the time of writing this. The first rewrite condition, which is here HTTP:X-Forwarded-Proto, may differ from site to site.

Related Articles

  • Redirect rules in Nginx

    Use the following to redirect to https on nginx. server { listen 80; server_name my-domain.com; return 301 https://$server_name$request_uri; }
  • Disabling ssl for one page only

    The problem: services that don’t support SSL I think the best way to go is to get your entire site on SSL. But sometimes there are services that are not...
  • SSL working on desktop, but not on mobile (android) devices

    If the SSL certificate on your site works fine on desktop but gives an error on mobile devices (specifically Android):  this certificate isn’t from a trusted authority, there is probably...
  • Remove .htaccess redirect on site lockout

    When you enable the setting “htaccess redirect” in settings/ssl/settings, Really Simple SSL detects the best redirect, then opens a testpage to verify this option won’t result in redirect loops. Even...

2 Comments

  • Djordje Petković

    This was great solution, how ever it stopped working for me.

    This is my code:
    # BEGIN rlrssslReallySimpleSSL rsssl_version[2.4.3]

    RewriteEngine on
    RewriteCond %{HTTPS} !=on [NC]
    RewriteCond %{HTTP_HOST} ^domain.com [OR]
    RewriteCond %{HTTP_HOST} ^www.domain.com
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    # END rlrssslReallySimpleSSL

    Can you help me? Stop editing the .htaccess file is checked and not changed.

    • Rogier Lankhorst

      Is it possible you accidentally visited the subdomain over SSL? In that case all you need to do is clear the browser cache, and try again.

      Your htaccess code looks good. Were there any changes on the server recently? Does the problem go away when you remove those lines altogether?

Leave a Comment