WordPress: Redirection from http: // to https: // with the .htaccess file

Photo: Switching from http to https via htaccess file

I don't know how many domains I've fought my way through in the last few weeks to get them GDPR compliant. As soon as there is only one e-mail form on the page, the switch to SSL encryption is also mandatory.

So that you can really only call these domains via "https: //" and no longer via "http: //", you have to set up a redirection that redirects the calls via http directly to https. And not only on the home page, but on all sub-pages - especially on the sub-page with the contact form, because otherwise there are nice warnings that, depending on the creativity of the warning attorney, can sometimes reach EUR 12.500 (source: Dealer association).

Solution via the .htaccess file

The All-Incl.com, where I host all my projects and customers, you can also activate an option when setting up the Let's Encrypt certificate so that the domain is only accessed via https: //. But if you have a hoster where this is not available as an option, you have to find an alternative. In this case - especially if you run a WordPress blog - I would tend to implement the https redirection via .htaccess file. This file can be found in the main directory of every WordPress blog and can easily be supplemented with a few lines.

If you don't have WordPress, you can still write the following lines of code in a file and then upload it to the main directory of the domain under the name ".htaccess" (the point is important!). The redirection works with all editing systems I know and of course with static HTML pages.

Code for copy and paste

To activate the redirection, you can simply copy and paste the following code:

RewriteEngine On RewriteCond% {HTTPS}! = On RewriteRule ^ https: //% {HTTP_HOST}% {REQUEST_URI} [L, R = 301]

Analyze mixed content alerts

When changing from a WordPress blog from http: // to https: // you should also change all internal links and references to graphics, CSS files or scripts of the blog. Since the whole procedure is rather cumbersome manually, I always use a plugin called "Better Search Replace"With this you can search through all WordPress database tables in one go and replace values.

Before you use the plugin, please make a backup of the database. I can "updraft"Highly recommend, as this plugin can also upload the backup to Dropbox (and many other cloud storage devices) and thus does not take up any local disk space.

The WordPress Plugin Better-Search-Replace allows searching and replacing in all WordPress database tables.

The WordPress Plugin Better-Search-Replace allows searching and replacing in all WordPress database tables.

I then always search (as an example on this blog) for "https://www.sir-apfelot.de" and enter "https://www.sir-apfelot.de" as the value by which the references are to be replaced . Then you select all tables and start the search. First of all, a test run is made to show how many positions have been found. Changes are not made in this run.

After the test run you can uncheck "Test run" below and get started in earnest. Now all occurrences in the database are actually replaced. If everything went well, the log in the address line of your blog will automatically always be "https: //" in the future. This means that the website is SSL-encrypted and, according to the GDPR, may also contain contact or inquiry forms.

Mixed content warning

It is important that you click through a few pages of your domain and look at the top of the address line to see whether there is a green or gray, closed lock and there is no warning sign. For example, the warning sign in Firefox is a small yellow icon. With Safari it could be that only the gray lock is not completely closed.

If you see a closed lock in the address line (here in Firefox), then there is no mixed content error.

If you see a closed lock in the address line (here in Firefox), then there is no mixed content error.

If you have a warning there, it is usually the "Mixed Content Warning". This means that graphics, scripts or other elements of your website are still integrated via "http://", while the website itself is encrypted via SSL. Everyone raises the mixed content warning Browser out, but unfortunately they don't directly show you the elements that prevent you from seeing a green lock.

You can find these "unsafe" elements in the browser with developer tools, but it is much easier with an online tool. To find the problematic places in the code or the problematic elements, you can use the service "Why no padlock?"Use. This runs a check and then shows you either a green tick, if everything is ok, or the corresponding elements that prevent you from getting a clean SSL encryption.

If everything went smoothly with the SSL switch, you will receive an online test from "Why no padlock?" this ad: everything in butter, so to speak. :)

If everything went smoothly with the SSL switch, you will receive an online test from "Why no padlock?" this ad: everything in butter, so to speak. :)

Need help?

If you don't dare to convert your website or blog to SSL / https, feel free to write to me. I have been looking after a number of customer websites for many years and have switched most of them to https: // in the past few months without anything going wrong.

And if, in addition to switching to SSL, you are also looking for someone who makes sure that your WordPress site is technically up-to-date and secure, then I am also happy to be at your disposal. Email me please via the address in the imprint, if interested.

-

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published.