Certificates, Web, Wordpress

Redirect All HTTP to HTTPS in WordPress with .htaccess

I recently had a request from a client to transfer all web traffic on some WordPress site (www or no www) to all be forced over HTTPS. And with all of the up and coming security issues that stem from HTTP-only traffic it is a must. Why you ask? Well, unless you are explicitly doing this already users may able to browse and intercept traffic from your site with no encryption. If you have a SSL certificate but have not done this to your WordPress site then please do so!

Edit your .htaccess file and append this somewhere at the bottom (and change your website URL to the URL that is associated with the SSL certificate):

RewriteCond %{HTTPS} !^on$
RewriteRule (.*) https://www.example.com/$1 [R,L]

After this you should see all browsing of HTTP to your site to be automatically redirected to HTTPS. Note: in some cases you will have to update all the links and content of your site to use links that are HTTPS also. There are useful plugins out there that can assist with doing a bulk conversion of this. Otherwise you users will not get the padlock icon on the page (or even cases where the page will not render entirely). Happy securing! Hope this helps, questions are always welcome.

IIS, Web

Redirect All HTTP Requests To HTTPS With IIS URL Rewrite

Make sure you obtain the appropriate version of URL Rewrite for your version of IIS.

Once you have the URL Rewrite module installed then create a new blank inbound rule and give it a name (mine is Redirect to HTTPS).

Once you have the rule created select to match the pattern with regular expressions using .* as the pattern:

Capture1

For your conditions, add a condition with the input as {HTTPS} matching the pattern of OFF:

Capture2

For the action select Redirect and set your Redirect URL to https://{HTTP_HOST}/{R:0}. Select to append query string and indicate the Redirect type is a Permanent (301):

Capture3

Once this is completed (and assuming you have configured your sites for SSL) then you can test it by browsing any page or directory on your site with HTTP and watch it change to HTTPS. Easy enough, right? Hope this helps.