Support » Fixing WordPress » forcing whole site on ssl is it rightway?

  • [ Moderator note: decapped the topic title. Do not use all caps, it comes across as yelling and is considered to be rude. ]

    Hi All,

    I am working on one ecommerce site where i want to force every visitor on site to SSL rather that normal http:// connection. For doing this i went through the following two ways.
    1. Using .htaccess code to redirect.
    2. Template redirection.

    1. In First case, the code i wrote to .htaccess was:

    [ Moderator Note: Please post code or markup snippets between backticks or use the code button. ]

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} =off
    RewriteRule ^(.*) https://%{SERVER_NAME}/directoryname$1 [R,L]

    But in the above case, my redirection code works properly, only issue is if my client goes inside admin panel and updates the permalink setting of wordpress then the htaccess setting would be rewritten wiping out the above code. Making .htaccess read only is not at all a great solution. Because doing such settings, Plugins like YOST and ALL IN SEO will not be able to update their .htaccess rules.

    2.As the first case didn’t solve my purpose, template redirecting was the case I looked upon:

    function mysite_ssl_template_redirection(){
      if (!is_ssl()) {
        if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
          wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']), 301 );
        } else {
          wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
    add_action( 'template_redirect', 'mysite_ssl_template_redirection', 1 );

    And it works perfectly, it doesn’t matter even if my client updates permalink settings.

    But i just want to ask WP developers? Is it Good practice or right way to FORCE ANY website on SSL?

    Also would like to know if template redirecting is the correct way to do it or is there any better means to accomplish the task.

    I will be happy to hear about your opinions.


  • The topic ‘forcing whole site on ssl is it rightway?’ is closed to new replies.