Force entire WordPress website over SSL/HTTPS

Force entire WordPress website over SSL/HTTPS enable SSL WordPress

Force entire WordPress website over SSL/HTTPS using .htaccess file/ enable SSL WordPress

This tutorial is for you if you are searching for Force entire WordPress website over SSL/HTTPS or Force entire website over SSL/HTTPS or Redirect all request from http to https

Its is very easy using .htaccess file. If you have access to server files and you are using apache server for your website. Go to server web root directory. Edit .htaccess file and add below lines of code before WordPress rewrite code which starts with # BEGIN WordPress Or if you running a non WordPress website, then add this code before any rewrite code or at start of .htaccess file. enable SSL WordPress


# Begin Force website over SSL by MakarandMane.com

RewriteEngine On
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,QSA,L]

# End Force SSL

Force entire WordPress website over SSL/HTTPS using WordPress Coding

If you are not familiar with htaccess or you don’t want to touch htaccess file or You want to handle WordPress, then you can also force website to https using php header funciton or WordPress wp_redirect. You can use any one method to redirect page.

PHP Header function

header('HTTP/1.1 301 Moved Permanently');
header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);

WordPress wp_redirect function:

wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );

You have to use WordPress template_redirect action to redirect web-pages.

add_action('template_redirect', 'force_ssl');

We have write a function for this action. In function force_ssl we will check whether current page is opening on ssl using is_ssl() WordPress conditional function. I am writing same function using both method we discussed above. Both works same way.

function force_ssl()
{
if (!is_ssl () )
{
header('HTTP/1.1 301 Moved Permanently');
header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
exit();
}
}
function force_ssl()
{
if (!is_ssl () )
{
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
exit();
}
}

If you want to disable to force SSL you have to comment or remove code. But every time you to go theme files and make changes. So better way if we make a switch which can help us to enable and disable SSL mode by doing small change. So for this purpose we can define a constant in wp-config file.

define('FRONT_END_SSL' , false);

We will add action if contrast FRONT_END_SSL is defined. Then if website is not running on ssl and constant is set to true we will redirect visitor to https.

if (defined('FRONT_END_SSL'))
  add_action('template_redirect', 'force_ssl');

function force_ssl(){

if ( FRONT_END_SSL && !is_ssl () )
 {
  wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
  exit();
 }
}

References:

https://yoast.com/wordpress-ssl-setup/
http://www.wpwhitesecurity.com/wordpress-security/definitive-guide-wordpress-ssl-setup/

2 thoughts on “Force entire WordPress website over SSL/HTTPS enable SSL WordPress”

    1. Yes I know there are other plugin also exist which can do same thing. But if we can do without using plugin by adding 3 line of code, then it will help to improve website performance.
      Avoid maximum use of plugins.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top