If you have added an SSL certificate to your domain, you can force all visits to your site to use HTTPS to ensure your traffic is secure.

Forcing the domain to serve securely using HTTPS (for any site)

The following forces any http request to be rewritten using https. For example, the following code forces a request to http://example.com to load https://example.com. It also forces directly linked resources (images, css, etc.) to use https:

If this isn’t working for you, first check your line endings. Copy/paste from your web browser into a text editor may not work right, so after pasting into your text editor you should delete each line break and add it back in (line break = return key).

 

Forcing HTTPS with WordPress

If your .htaccess file already contains some default WordPress code, enter the following above or below that code. Never enter code inside of the comment tags that start and end with:

It’s possible for a visitor to enter in a direct HTTP URL on your WordPress site, even when an SSL certificate is active. To force any HTTP request to redirect to HTTPS, you can add code to your WordPress .htaccess file. There are two code options below for you to use. The first should work as shown, but if not, try option two instead.

Option #1

Full example including the default WordPress code

Below is what your .htaccess file looks like with both the new HTTPS code and existing WordPress code.

Option #2

In this example, make sure to change ‘example.com’ to your actual domain name.

Full example including the default WordPress code

Below is what your .htaccess file looks like with both the new HTTPS code and existing WordPress code.