Really Simple SSL

Remove .htaccess redirect on site lockout

The .htaccess is the fastest redirect, so why not enable it by default?

When you enable the setting “htaccess redirect” in settings/ssl/settings, Really Simple SSL will detect the most suitable redirect and then opens a test page to verify if this option won’t result in redirect loops. Even so, the detected redirect can cause a loop: there are a lot of server configurations, and some respond unexpectedly to the proposed rules. If this happens, you get locked out of the back-end, because of the redirect loop. For this reason, this setting is optional. I recommend using it, but you need to know how to remove it just in case.

This only happens on about 1% of the sites and is easily fixed, but make sure you have FTP access.

If you encounter an issue when this setting is enabled, just remove the rewrite rule from your .htaccess file:

  1. Open your FTP client (for example FileZilla)
  2. In the root of your website, look for the .htaccess file. If you cannot find it, make sure FileZilla shows hidden files
  3. Open the .htaccess file in a text editor, and look for # BEGIN rlrssslReallySimpleSSL
  4. Remove all lines between # BEGIN and # END (from Really Simple SSL), and save
  5. Prevent Really Simple SSL from editing the htaccess any further:
    • Look for wp-config.php in the root of your site.
    • Open the wp-config, and add at the top, but after  “<?php":


Related articles

16 Responses

    1. Hi Danis,

      I don’t see any issues on your site at the moment. If you have any specific issues, please post a ticket, or start a forum thread. That way we can help you better.

  1. How can I fix this error:
    Really Simple SSL has received no response from the webpage. See our knowledge base for instructions on how to fix this warning ordismiss1

  2. Hi, i installed ReallySimple SSL and enable the setting “htaccess redirect”.
    But now i can’t log in. I edited htaccess file but then a get the internal server error. And i edited wp-config as you write it.
    But still not work.
    What should i do?

  3. Very Helpful, BUT!! why would you say to delete everything between Begin and End?

    I have like 150 lines of code in there.
    You reallly have no idea what other people put in there Htaccess file.
    So maybe you should not just tell people to delete everthing in there htaccess file.

    1. Hi,

      you only need to delete the lines between the # BEGIN rlrssslReallySimpleSSL and # END rlrssslReallySimpleSSL tags. No code should be added between these tags as it’s automatically populated by Really Simple SSL. Any other modifications to your .htaccess file need to be made outside of these tags.


  4. So I need to delete all of this?

    Header always set Strict-Transport-Security: “max-age=31536000” env=HTTPS
    Header always set Content-Security-Policy “upgrade-insecure-requests”
    Header always set X-XSS-Protection “1; mode=block”
    Header always set X-Content-Type-Options “nosniff”
    Header always set Referrer-Policy: “no-referrer-when-downgrade”
    Header always set Expect-CT “max-age=7776000, enforce”
    Header always set X-Frame-Options “sameorigin”
    Header always set Feature-Policy: “accelerometer *; autoplay *; camera *; document-domain *; encrypted-media *; fullscreen *; geolocation *; gyroscope *; magnetometer *; microphone *; midi *; payment *; picture-in-picture *; sync-xhr *; usb *; ”


Leave a Reply

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!

Integrate with Really Simple SSL

Really Simple SSL offers a Free SSL Certificate from Let’s Encrypt. Do you want to integrate with Really Simple SSL as a hosting provider? Let us know!

Choose the answer that most closely resembles your proposed integration. Additional information can be entered below.
After sending the form. The pop-up will close automatically.