Once upon a time, I was installing a new WordPress on my new domain. After installing WordPress I have to install SSL and I have also installed SSL on my new domain.
But I have found an issue. When I was trying to visit my new website it still serves over HTTP. I was shocked. So I tried to visit my new website using HTTPS and it works. Then I realized that I have to force redirect HTTP to HTTPS using the .htaccess file. But I didn’t know how to do it.
The .htaccess file is a very important WordPress core file that is used for adding, modifying, and overriding server-level configurations, security, and performance parameters. So I started to search on Google about this issue and I have found a solution.
The solution was:
- I have to open the .htaccess file as editing mode
- Then I have to add the following code at the very first of the file.
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] Header always set Content-Security-Policy "upgrade-insecure-requests;"
After adding the above code the .htaccess file looks as follows:
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] Header always set Content-Security-Policy "upgrade-insecure-requests;" # BEGIN WordPress # The directives (lines) between "BEGIN WordPress" and "END WordPress" are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. <IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress
That’s how I solved my issue force redirect HTTP to HTTPS using the .htaccess file.