Let Really Simple Security handle the .htaccess redirect
In most cases, you can let Really Simple Security handle the .htaccess redirect. The plugin has an option that inserts the detected .htaccess redirect rules. To select it, log in to your WordPress admin, and navigate to: Security -> Settings -> SSL.
This is where you can select the Redirect Method and set it to “.htaccess 301 redirect”. If you enable this, Really Simple Security will detect the appropriate .htaccess redirect for your set-up. Please note: in rare instances when the server does not respond as expected to these redirect rules, you should know how to manually remove the redirect.
There are several server configurations which require their own set of rules. The plugin tries to detect which rules apply, and then tests the result. In some cases, the test fails or the .htaccess was not writable and you’ll have to insert the .htaccess redirect yourself (or select the WordPress 301 redirect method instead).
Automatically detected .htaccess redirect not working or causing issues?
SSL test page
If you navigate to https://www.yourdomain.com/wp-content/plugins/really-simple-ssl/ssl-test-page.php (make sure to use https, not http), you will see a page with some test results. It will look something like this:
This page is used purely to test for ssl availability. #SERVER-HTTPS-ON# (on) #SERVERPORT443# #SUCCESFULLY DETECTED SSL#
In this case, you can see SSL is functioning, and the server variable server[“https”]=on.
Depending on the output, you should add a corresponding redirect rule to your .htaccess file
- If this page is not working for your for some reason, you’ll have to find out by trial and error.
- If this page shows “successfully detected SSL”, but you do not see any detected variables, no known server configuration was found so none of the below may apply. You’ll just have to try!
- If you find another redirect rule which is not listed here but does the job for you, please let me know so I can further improve the plugin and documentation.
Where do I find the .htaccess file?
Open your FTP client (for example FileZilla, or any other). Connecting via FTP requires FTP credentials. If you don’t know these credentials you can contact your hosting provider. They can provide you with the server and can also help you reset your FTP username/password.
Go to your webroot (usually the public_html folder, where you can see the WordPress files like wp-admin, wp-content), and look for the .htaccess file.
To edit the .htaccess file in FileZilla, right-click the .htaccess file and click View/Edit:
This will open the .htaccess file. Paste the relevant code snippet above the # BEGIN WordPress lines like this:
Finally, press CTRL + S (on Windows) or COMMAND + S (on Mac) to save the file.
Be sure to check that your FTP client shows hidden files as well. The .htaccess file you need also contains the WordPress .htaccess rules. Make your changes above the # BEGIN WordPress .htaccess lines., otherwise, they will be overwritten by WordPress.
What code snippet do I need to add?
Add the code snippet above the # BEGIN WordPress htaccess lines. If Really Simple SSL added any rules which caused a redirect loop, remove them and set the Really Simple SSL settings to “stop editing the .htaccess file”.
If you see #SERVER-HTTPS-ON# (on), add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
If you see #SERVER-HTTPS-ON# (1), add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=1
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
If you see #SERVERPORT443#, add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
If you see #LOADBALANCER#, add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
If you see #CDN#, add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
If you see #Cloudflare#, add
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:CF-Visitor} ‘”scheme”:”http”‘
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
If you see #ENVHTTPS#, add
<IfModule mod_rewrite.c>
RewriteEngine on RewriteCond %{ENV:HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
On the bottom of the SSL test page, you will see HTTP HOST. This should be the same as your domain. If not, you might need to hardcode your domain to prevent redirect issues, like this:
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]