IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • Globally force SSL on all pages

    • IT Nursery
    • May 16, 2022
    • 0

    Right now my domain www.example.com is setup to force HTTPS and it works. The site also correctly links everything to HTTPS. (there are no occurences of HTTP in the database anywhere).

    But if you are visiting a subpage, you can change the url to HTTP again, for example http://example.com/subpage/ and it will not enforce HTTPS.

    I have this rule in my .htaccess in the root:

    RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

    Any ideas what the cause of this is?

    2 Answers
    2

    To globally redirect all your pages to HTTPS add the following lines to your .htaccess:

    # Globally force SSL.
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    This should be placed directly after RewriteEngine on if you have no previous rewrites.

    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *