I have the following setup in my .htaccess
file, but I am still able to go to my site via http:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# Rewrite HTTP to HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
# END WordPress
Any idea what I could be doing wrong?
2 Answers
You’ve put the code in the wrong place. The HTTP to HTTPS directives must go before the WordPress front-controller, otherwise it’s simply never going to get processed for anything other than direct file requests.
Your custom directives should also be outside the # BEGIN WordPress
block, otherwise WordPress itself is likely to override your directives in a future update.
For example:
# Redirect HTTP to HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
It is a “redirect”, not a “rewrite”. Change the R
to R=301
when you are sure it’s working OK (as this should ultimately be a permanent redirect).