My Wordpress directory is at www.example.com/blog
I recently changed my entire site to force HTTPS. So my .htaccess file in /blog/ looks like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I also changed the site URL in Wordpress settings to be HTTPS.
This works perfectly in the homepage, but in any post pages, the end user is able to change to non-secure HTTP, by changing the URL and pressing enter.
For example, they can type directly: http://www.example.com/blog/post-1/ and it will load as HTTP.
What is wrong with my .htaccess file? Where is the loose end?
The most common cause of the WordPress redirect loops or 'Too many redirects' issue is a plugin conflict. A plugin trying to set up a redirect in a way that conflicts with default WordPress redirects would end up causing this error. To fix this, you need to deactivate all WordPress plugins on your website.
In the Domains interface in cPanel (Home >> Domains), there's an option to enable Force HTTPS Redirection from the insecure version (HTTP) to the secure version (HTTPS) with a toggle switch.
Note: If your site is hosted on our Managed WordPress hosting platform you do not need to manually change these settings, the HTTPS protocol will be configured automatically.
Change the order of the rules. First redirect to https
and then let WP take over all of your requests.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With