The .htaccess is the fastest redirect, so why not enable it by default?
When you enable the setting “htaccess redirect” in settings/ssl/settings, Really Simple SSL detects the most suitable redirect, then opens a testpage to verify if this option won’t result in redirect loops. Even so, the detected redirect can cause a loop: there are a lot of server configurations, and some respond unexpectedly to the proposed rules. If this happens, you get locked out of the back-end, because of the redirect loop. For this reason, this setting is optional. I recommend using it, but you need to know how to remove it just in case.
This only happens on about 1% of the sites and is easily fixed, but make sure you have FTP access.
If you encounter an issue when this setting is enabled, just remove the rewrite rule from your .htaccess file:
- Open your ftp client (for example filezilla)
- In the root of your website, look for the .htaccess file. If you cannot find it, make sure filezilla shows hidden files
- Open it in a texteditor, and look for # BEGIN rlrssslReallySimpleSSL
- Remove all lines between # BEGIN and # END (from Really Simple SSL), and save
- Prevent Really Simple SSL from editing the htaccess any further:
- Look for wp-config.php in the root of your site.
- Open the wp-config, and add at the top, but after “
<?php":
define( 'RLRSSSL_DO_NOT_EDIT_HTACCESS', TRUE );
16 Responses
nice information thanks for sharing… very simple tutorial
Very helpful thank you
very goooooood
Quite informative.
My website crashed. I can’t upload photo or I can’t post anything. Please help me.
Hi Danis,
I don’t see any issues on your site at the moment. If you have any specific issues, please post a ticket, or start a forum thread. That way we can help you better.
My website still shows Info or Not secure.
Hi Dinesh,
this is usually caused by either an invalid SSL certificate or caching. Can you enter your domain on https://www.ssllabs.com/ssltest/ to test if the SSL certificate is valid? If so, try to clear all caches your website is using.
Mark
How can I fix this error:
Really Simple SSL has received no response from the webpage. See our knowledge base for instructions on how to fix this warning ordismiss1
Hi,
see https://really-simple-ssl.com/knowledge-base/how-to-fix-no-response-from-webpage-warning/ for instructions on how to fix this warning.
Hi, i installed ReallySimple SSL and enable the setting “htaccess redirect”.
But now i can’t log in. I edited htaccess file but then a get the internal server error. And i edited wp-config as you write it.
But still not work.
What should i do?
Thanks,
Daniel
It is solved with this article: https://really-simple-ssl.com/knowledge-base/uninstall-websitebackend-not-accessible/
Very Helpful, BUT!! why would you say to delete everything between Begin and End?
I have like 150 lines of code in there.
You reallly have no idea what other people put in there Htaccess file.
So maybe you should not just tell people to delete everthing in there htaccess file.
Hi,
you only need to delete the lines between the # BEGIN rlrssslReallySimpleSSL and # END rlrssslReallySimpleSSL tags. No code should be added between these tags as it’s automatically populated by Really Simple SSL. Any other modifications to your .htaccess file need to be made outside of these tags.
Mark
So I need to delete all of this?
# BEGIN Really_Simple_SSL_SECURITY_HEADERS
Header always set Strict-Transport-Security: “max-age=31536000” env=HTTPS
Header always set Content-Security-Policy “upgrade-insecure-requests”
Header always set X-XSS-Protection “1; mode=block”
Header always set X-Content-Type-Options “nosniff”
Header always set Referrer-Policy: “no-referrer-when-downgrade”
Header always set Expect-CT “max-age=7776000, enforce”
Header always set X-Frame-Options “sameorigin”
Header always set Feature-Policy: “accelerometer *; autoplay *; camera *; document-domain *; encrypted-media *; fullscreen *; geolocation *; gyroscope *; magnetometer *; microphone *; midi *; payment *; picture-in-picture *; sync-xhr *; usb *; ”
# END Really_Simple_SSL_SECURITY_HEADERS
Hi Steven,
Yes, if your site does not support SSL yet, you can remove these lines.