Use .htaccess to redirect HTTP to HTTPs

Please, don't recommend me the long and very detailed thread with more than 173 upvotes. It didn't work for me. I have also tried many others (1, 2, 3, 4). They all give me TOO_MANY_REDIRECTS or error 500. So, here is my issue:

With my current .htaccess, this is what happens:

https://www.dukescasino.com/ - works perfectly

https://dukescasino.com/ - redirects to the above which is great

The two options below loads fine, but it should be redirecting to the https version:

http://www.dukescasino.com/

http://dukescasino.com/

Here is the current .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

I don't believe it is relevant, but if so, here is the list of current active plugins:

• Advanced Custom Fields
• All In One SEO Pack
• Bop Search Box Item Type For Nav Menus
• Contact Form 7
• Disable Comments
• Google XML Sitemaps
• Jetpack by WordPress.com
• Search & Filter
• Slider WD
• TablePress
• UpdraftPlus - Backup/Restore
• Wordfence Security
• WPide
• WP Smush
• WP Super Cache

Edit 1 - Tests performed:

Test A:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: ERR_TOO_MANY_REDIRECTS

Test B:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 
# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: ERR_TOO_MANY_REDIRECTS

Test C:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{SERVER_PORT} ^80$
 RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
 
# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: ERR_TOO_MANY_REDIRECTS

Test D:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: ERR_TOO_MANY_REDIRECTS

Test E:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Result: 302 found. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

On Dreamhost, this worked:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Problem solved!

Final .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

It works for me:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on           
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

In my case, the htaccess file contained lots of rules installed by plugins like Far Future Expiration and WPSuperCache and also the lines from wordpress itself.

In order to not mess things up, I had to put the solution at the top of htaccess (this is important, if you put it at the end it causes some wrong redirects due to conflicts with the cache plugin)

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

This way, your lines don't get messed up by wordpress in case some settings change. Also, the <IfModule> section can be repeated without any problems.

I have to thank https://stackoverflow.com/users/449670/jason-shah">Jason Shah for the neat https://stackoverflow.com/a/36475195/531524">htaccess rule.

For your information, it really depends on your hosting provider.

In my case (Infomaniak), nothing above actually worked and I got infinite redirect loop.

The right way to do this is actually explained in their support site:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://your-domain.com/$1 [R=301,L]

So, always check with your hosting provider. Hopefully they have an article explaining how to do this. Otherwise, just ask the support.

This is tested and safe to use

Why?: When Wordpress editing your re-write rules, so make sure your HTTPS rule should not be removed! so this is no conflict with native Wordpress rules.

<IfModule mod_rewrite.c>
   RewriteCond %{HTTPS} !=on
   RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
  #Your our Wordpress rewrite rules...
</IfModule>
# END WordPress

Note: You have to change WordPress Address & Site Address urls to https:// in General Settings also (wp-admin/options-general.php)

I found all solutions listed on this Q&A did not work for me, unfortunately. What did work was:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^/?$ "https\:\/\/www\.example\.com\/" [R=301,L]
</IfModule>
# End Wordpress

Note, the above Wordpress rules are for Wordpress in multi user network mode. If your Wordpress is in single site mode, you would use:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^/?$ "https\:\/\/www\.example\.com\/" [R=301,L]
</IfModule>
# End Wordpress

Nothing of the above worked for me. But those lines solved the same problem on my WordPress site:

RewriteEngine On

RewriteCond %{HTTP:HTTPS} !on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

easyest way to redirect http to https in wordpress it to modify site_url and home from http://example.com to https://example.com. Wordpress will do the redirection. ( that is why you get "too many redirects" error, wordpress is redirecting to http while .htaccess will redirect to https )

Here is an alternative solution you can use if you don't want to edit .htaccess:

add_action( 'template_redirect', 'nonhttps_template_redirect', 1 );

function nonhttps_template_redirect() {

	if ( is_ssl() ) {
	
		if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'https' ) ) {
		
			wp_redirect( preg_replace( '|^http://|', 'https://', $_SERVER['REQUEST_URI'] ), 301 );

			exit();
			
		} else {
		
			wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );

			exit();
			
		}
		
	}
	
}

You can place this at the bottom of your theme functions.php

Add this in the WordPress' .htaccess file:

RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]

Therefore the default WordPress' .htaccess file should look like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]
</IfModule>

The above final .htaccess and Test A,B,C,D,E did not work for me. I just used below 2 lines code and it works in my WordPress website:

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.thehotskills.com/$1 [R=301,L]

I'm not sure where I was making the mistake but this page helped me out.

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^digitalsoftwaremarket.com [NC]
    RewriteRule ^(.*)$ http://www.digitalsoftwaremarket.com/$1 [L,R=301]
</IfModule>

None if this worked for me. First of all I had to look at my provider to see how they activate SSL in .htaccess my provider gives

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTP:HTTPS} !on
   RewriteRule (.*) https://%{SERVER_NAME}/$1 [QSA,L,R=301]
</IfModule>

But what took me days of research is I had to add to wp-config.php the following lines as my provided site is behind a proxy :

/**
 * Force le SSL
 */
define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';

Just add or replace this code in your .htaccess file in wordpress

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Redirect from http to https://www

> RewriteEngine On > RewriteCond %{HTTP_HOST} ^example.com [NC] > RewriteCond %{SERVER_PORT} 80 > RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

This will work for sure!

Just add this code, And it will work like charm:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
    RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]
</IfModule>