New Installations & SSL

  • I install WordPress alot because I’m a web designer. I just installed the latest version of WordPress. When I go to the url without specifying https it will load the insecure version of the website.

    Refreshing will go to the secure version. Also, clicking the home link will reftesh load it securely. But it still is able to be loaded insecurely

    The site url is set to https. Also, I have installed manually and using a cpanel installer, both with the same results.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter jason_hayes

    (@jason_hayes)

    The version is WordPress 5.3.2.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Add this to your .htaccess file, at the very top.

    RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    Thread Starter jason_hayes

    (@jason_hayes)

    The fix has worked. But why hasn’t it done this before? I’ve have had to add that code to the .htaccess file on other non-Worpdress websites I’ve built in the past. I never thought I’d need it for WordPress.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    dunno. I always do this for SSL sites.

    Thread Starter jason_hayes

    (@jason_hayes)

    Is anyone else having the same issue?

    I always add the SSL code to my .htaccess file as well.

    The fix has worked. But why hasn’t it done this before? I’ve have had to add that code to the .htaccess file on other non-Worpdress websites I’ve built in the past. I never thought I’d need it for WordPress.

    It hasn’t done it because that’s the way it’s supposed to work. “It’s not an issue, it’s a feature”. ??

    Most browsers, when you type say “example.com” will first go to
    https://example.com
    then try
    https://www.example.com
    Only then giving up and returning an error if there’s nothing there.

    If you want visitors to be redirected to httpS:// – you must do it “manually”, .htaccess rule being a nice and practical way for that.

    Should WordPress do that automatically when you set its address to https://example.com?

    That would take some thinking and consideration. Depending on one’s setup, it could create problems to some people, some of the time. Here’s one example (not related to https, but nonetheless):
    https://stackoverflow.com/questions/9924987/how-to-stop-sub-directory-inheriting-parents-htaccess-rules

    The way it’s implemented now with WordPress (ie. no automatic .htaccess edits related to redirections to https): it is all under user’s control, though it requires some action on their part.

    I wrote more on redirects in a blog post, primarily for my own future reference when fixing problems:
    https://io.bikegremlin.com/5561/optimization-02-redirects/

    Thread Starter jason_hayes

    (@jason_hayes)

    Thanks for the info.

    I also noticed that multisite installations aren’t affected.

    Thread Starter jason_hayes

    (@jason_hayes)

    I think there is mixed content errors caused by content served insecurely in the latest version.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘New Installations & SSL’ is closed to new replies.