If you have several subdomains or add-on domains but do not use WordPress Multisite, you’ll need a way to prevent Really Simple SSL from forwarding all subdomains to https. That is, if these subdomains do not have an SSL certificate of course.
1. Under Settings -> SSL & Security -> “Settings” in the top menu bar -> SSL, disable the 301 PHP Redirect and enable the .htaccess 301 redirect.
2. Navigate to the “General” tab on the Really Simple SSL settings page, and enable the option Stop editing the .htaccess file, and save the changes. Alternatively, you can add this line to your wp-config.php file:
define( 'RLRSSSL_DO_NOT_EDIT_HTACCESS' , TRUE );
.
They will both do the same same thing; they prevent Really Simple SSL from editing your .htaccess file henceforth.
3. Now add the following conditions to the rewrites currently existing in your .htaccess, between the Really Simple SSL markers. Add them after the first SSL RewriteCond, but before the actual RewriteRule:
RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com
So, your Really Simple SSL rules will change, from these rules (note that the exact lines can differ between different servers, this is an example):
#Begin Really Simple Security
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https #this line might be different on your site
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
#End Really Simple Security
To the rules below:
#Begin Really Simple Security
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
#End Really Simple Security
Where domain.com and http://www.domain.com is the domain where you still want SSL on.
Note that the first rewrite condition, which in this case is HTTP:X-Forwarded-Proto, can differ from site to site.