If you have several subdomains or add-on domains, but do not use WordPress Multisite: you’ll need a way to prevent Really Simple Security from forwarding all subdomains to https. That is, if these subdomains do not have an SSL certificate and cannot work over HTTPS.
1. Under Security -> Settings -> SSL, disable the 301 PHP redirect and enable the .htaccess 301 redirect.
2. Navigate to the “General” tab on the Really Simple Security settings page, and enable the option Stop editing the .htaccess file, and save the changes. It prevents Really Simple Security from editing your .htaccess file henceforth.
3. Now add the following conditions to the rewrites that currently exist in your .htaccess, between the Really Simple Security markers. Add them after the first SSL RewriteCond, but before the actual RewriteRule:
RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com
So, your Really Simple Security redirect rules will change, from these rules (note: the exact lines can differ between different servers):
#Begin Really Simple Security
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https #this line might be different on your site
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
#End Really Simple Security
To the rules below:
#Begin Really Simple Security
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
#End Really Simple Security
Where domain.com and http://www.domain.com is the domain where you still want SSL on.
Note that the first rewrite condition, which in this case is HTTP:X-Forwarded-Proto, can differ from site to site.