Wordpress: Redirection from http: // to https: // with the .htaccess file

/ From / SEO & Homepage / Post a comment
Photo: Switching from http to https via htaccess file

I don't know how many domains I've fought my way through in the last few weeks to get them GDPR compliant. As soon as there is only one e-mail form on the page, the switch to SSL encryption is also mandatory.

In order to be able to call up these domains only via “https://” and no longer via “http://”, you have to set up a redirect that redirects calls via http directly to https. And not just on the start page, but on all subpages - especially the subpage with the contact form, because otherwise there are such nice warnings that, depending on the creativity of the warning lawyer, can sometimes reach 12.500 EUR (source: Dealer association).

Solution via the .htaccess file

The All-Incl.com, where I host all my projects and customers, you can also activate an option when setting up the Let's Encrypt certificate so that the domain is only accessed via https://. But if you have a hoster that doesn't offer this as an option, you have to find an alternative. In this case - especially if you run a Wordpress blog - I would tend to implement the https redirection via .htaccess file. This file can be found in the main directory of every Wordpress blog and can easily be supplemented with a few lines.

If you don't have Wordpress, you can still write the following lines of code in a file and then upload it to the root directory of the domain under the name ".htaccess" (the dot is important!). The redirection works with all editorial systems I know and of course also with static HTML pages.

Code for copy and paste

To activate the redirection, you can simply copy and paste the following code:

RewriteEngine On RewriteCond% {HTTPS}! = On RewriteRule ^ https: //% {HTTP_HOST}% {REQUEST_URI} [L, R = 301]

Analyze mixed content alerts

When changing from http:// to https:// in a Wordpress blog, you should also change all internal links and references to graphics, CSS files or blog scripts. Since the whole procedure is quite cumbersome manually, I always use a plugin called “Better Search Replace“. With it you can search all Wordpress database tables in one go and replace values.

Before using the plugin, please make a backup of the database. I can "updraft” Highly recommend as this plugin can also upload the backup to Dropbox (and many other cloud storages) so doesn't take up local disk space.

The Wordpress plugin Better-Search-Replace allows searching and replacing in all Wordpress database tables.
The Wordpress plugin Better-Search-Replace allows searching and replacing in all Wordpress database tables.

I then always search (as an example in this blog) for “https://www.sir-apfelot.de” and enter “https://www.sir-apfelot.de” as the value to be used to replace the locations . Then you select all tables and start the search. First of all, a test run is carried out, in which it is displayed how many positions were found. However, no changes are made in this run.

After the test run, you can uncheck the “Test Run” box below and get serious about it. Now all occurrences in the database are actually replaced. If everything went well, the protocol in the address bar of your blog will always be “https://” in the future. This means that the website is SSL-encrypted and, according to the GDPR, may also contain contact or inquiry forms.

Mixed content warning

It is important that you click through a few pages of your domain and look at the top of the address line to see whether there is a green or gray, closed lock and there is no warning sign. For example, the warning sign in Firefox is a small yellow icon. With Safari it could be that only the gray lock is not completely closed.

If you see a closed lock in the address line (here in Firefox), then there is no mixed content error.
If you see a closed lock in the address line (here in Firefox), then there is no mixed content error.

If you have a warning there, it is usually the “Mixed Content Warning”. This means that graphics, scripts or other elements of your website are still integrated via "http://", while the website itself is encrypted via SSL. Everyone raises the mixed content warning Browser out, but unfortunately they don't directly show you the elements that prevent you from seeing a green lock.

Although you can use developer tools in browsers to track down these “unsafe” elements, it is much easier with an online tool. To find the problematic places in the code or the problematic elements, you can use the service "Why no padlock?" to use. This runs a check and then shows you either a green tick if everything is ok, or the corresponding elements that prevent you from getting a clean SSL encryption.

If everything went smoothly with the SSL switch, you will receive an online test from "Why no padlock?" this ad: everything in butter, so to speak. :)
If everything went smoothly with the SSL conversion, you will get the online test of “Why no padlock?” this ad: all in butter, so to speak. :)

Need help?

If you don't dare to convert your website or blog to SSL / https, feel free to write to me. I have been looking after a number of customer websites for many years and have switched most of them to https: // in the past few months without anything going wrong.

And if, in addition to switching to SSL, you are also looking for someone to check that your Wordpress site is technically up-to-date and secure, then I am also happy to help. mail me please via the address in the imprint, if interested.

Related Articles

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.

sir appleot
Specials
Shopping