My website does a double redirect to https, or does not 301 redirect

Some users ask for a fix for a double redirect. But Really Simple Security does not perform a double redirect!

The plugin uses two methods to redirect: 1) a generic redirect in the .htaccess which redirects all incoming requests to https (but only if the request is not https – otherwise, a redirect loop would occur), and 2) the standard WordPress 301 redirect via PHP.

But you want your double redirect fixed, right?

You should check your .htaccess and other plugins carefully. Some caching plugins and security plugins also handle redirects to https, and maybe you or someone else added a redirect to the .htaccess independently of this plugin.

  1. Backup your .htaccess file and remove all rules concerning https that are not generated by Really Simple Security, and check the redirect behavior again.
  2. Deactivate your plugins one by one, clear your cache, and check again.

Simple and Performant Security.


Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.