HTTPS Force Redirect not working in Wordpress

2020-05-19 02:38发布

问题:

My Wordpress directory is at www.example.com/blog

I recently changed my entire site to force HTTPS. So my .htaccess file in /blog/ looks like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I also changed the site URL in Wordpress settings to be HTTPS.

This works perfectly in the homepage, but in any post pages, the end user is able to change to non-secure HTTP, by changing the URL and pressing enter.

For example, they can type directly: http://www.example.com/blog/post-1/ and it will load as HTTP.

What is wrong with my .htaccess file? Where is the loose end?

回答1:

Change the order of the rules. First redirect to https and then let WP take over all of your requests.

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>


回答2:

You can also add these two lines to the wp-config.php

define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);

So you could easily make conditions for http for dev environment and https for live like so:

if(strpos($_SERVER['HTTP_HOST'], 'livedomain.com') !== FALSE){
  define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
  define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
} else {
  define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST']);
  define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST']);
}