20 November 2019,
Organic Traffic

You should always load your site with HTTPS. Aside from protecting your data integrity between your websites and your site users, HTTPS is now a requirement for many new browser APIs such as the Geolocation API.

HTTPS also carries on some weight in Google SERP ranking signal. So ensuring that your site will always load from HTTPS is crucial. We’ll show you how to do it with Apache in this tutorial.

Note that before proceeding this step, make sure that you’ve got the SSL cert installed and loaded in the server. Otherwise, check out our tutorial on Beginner’s Guide to Website SSL Certs.

If it is all set, you can proceed to the next step.


If your WordPress website can be accessed directly at http://www.domain.com and you want to direct all visitors from HTTP to HTTPS, then try either of the following .htaccess codes.

Option 1:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Option 2:
RewriteEngine On
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Both option 1 and 2 will redirect anyone accessing http://www.domain.com to https://www.domain.com

Option 1 codes will check if the connection whether it’s TLS/SSL, while Option 2 codes will check if the site runs on port 80 which, by default, is the port number of HTTP.

Note: Using Option 1 codes generally is preferable. The syntax is more expressive, and it will redirect to HTTPS regardless of the port number because the site can technically is able to load with HTTP outside port 80.

"non-www" > "www" & HTTP > HTTPS

If you want to force "non-www" to "www", and HTTP to HTTPS, then the .htaccess codes above will not suffice.

To put things into perspective, if your goal is to redirect the following URLS:

  • http://www.domain.com

  • http://domain.com


  • https://www.domain.com

Then you will need to use the .htaccess codes below.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
RewriteRule (.*) http://www.domain.com/$1 [R=301,L]

RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

First, it redirects any "non-www" to "www", then it checks for HTTPS, making sure the final result is: www + HTTPS.

"non-www" > "www" & HTTP > HTTPS (in subfolder)

Now, if you are – like us – hosting your WordPress website in a subfolder (i.e. www.domain.com/blog/), then the above mentioned .htaccess codes will not work perfectly.

The goal here is to redirect all URLs (regardless if the homepage, or the post pages) to a www + HTTPS URL.

Let’s take a look at all possibilities of URLs that we will need to redirect “from“, and redirect “to“.

Condition 1

We need to redirect all the following URLs from:

  • http://domain.com

  • http://www.domain.com

  • http://domain.com/blog/

  • http://www.domain.com/blog/

to an unify URL of:

  • https://www.domain.com/blog/

Condition 2

and post URLs from:

  • http://domain.com/blog/example-page/

  • http://www.domain.com/blog/example-page/


  • https://www.domain.com/blog/example-page/

When your WordPress is hosted in subfolder (E.g. /blog/), chances are you will have two .htaccess files, I.e. one .htaccess file outside the subfolder, and one inside the subfolder where WordPress is installed. And we will need to alter both of them.

.htaccess outside subfolder

Insert the following codes into .htaccess outside the subfolder.

RewriteEngine On
### non-www to www, http to https
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} ^domain.com$ [OR]
RewriteRule (.*) https://www.domain.com/$1 [R=301,L]

### subfolder
RewriteRule ^$ /blog/ [R=301]

Here’s what this part of the code does. First, it makes sure the domain is redirected to www with HTTPS, then it is redirected to the subfolder. This will satisfy #condition 1 mentioned above but it will not work for condition #2, not yet, at least.

.htaccess inside subfolder

Next, we will need to alter the .htaccess code inside the subfolder.

By default, it should look something like this:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Put the following .htaccess code on top, and before “# BEGIN WordPress”

RewriteEngine On
## http to https
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

With these two set of codes in place, it will ensure any URLs entered will be included with www and HTTPS.

I urge that you do not implement this on your live site. Try it out numerous times on a staging/test site, making sure you’re getting the results you want before deploying it live.

One more thing, to ensure your redirecting is accurate, be sure to clear browser cookies and cache before commencing every test.

The post Forcing HTTP to HTTPS in WordPress (Apache Server) appeared first on Hongkiat.

Buy Organic Traffic

Comments are closed.