Support » Plugin: s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) » Redirecting entire website from http to https …

  • CookingFat69

    (@cookingfat69)


    Hi all,

    Apologies for what might be a really stupid question, but I’d really appreciate some help please … 🙂

    Suppose that I have the website “http://example.com” (running WordPress and s2Member Pro) and I install an SSL certificate. Now, I know that in WordPress I need to go to “Settings” > “General” and change both the “WordPress Address (URL)” and the “Site Address (URL)” from “http://example.com” to “https://example.com”. I also know that I need to modify the “.htaccess” file (i.e. the one in my “public_html” folder) to ensure that if someone clicks on a link (e.g. displayed on my website, or on another website) to an “http” page on my website then they’ll be redirected to the corresponding “https” page on my website.

    However, what I’m confused about is exactly what code I need to insert into the “.htaccess” file to achieve the above.

    For example, an article on the s2Member website indicates that I need to insert the following code …

    # BEGIN Force SSL
    <IfModule rewrite_module>
      RewriteEngine on
      RewriteBase /
      RewriteCond %{HTTPS} !^on$ [NC]
      RewriteCond %{HTTP:X-Forwarded-Proto} !^https$ [NC]
      RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    </IfModule>
    # END Force SSL

    … whereas another website indicates that I need to insert the following code …

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule .* https://example.com/%{REQUEST_URI} [R,L]

    … whereas another website indicates that I need to insert the following code …

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://example.com/$1 [R,L]
    </IfModule>

    Does anyone know why the above pieces of code are all different? Are they all different ways of achieving exactly the same thing, or is one of them correct and the others incorrect?

    Thanks very much in advance,
    Steve

    https://wordpress.org/plugins/s2member/

Viewing 6 replies - 1 through 6 (of 6 total)
  • KTS915

    (@kts915)

    Actually, you shouldn’t need to touch the .htaccess file at all. That’s the point of changing the two settings in WordPress. They handle everything for you.

    Thread Starter CookingFat69

    (@cookingfat69)

    Hi KTS915,

    Thanks very much for your really quick reply 🙂

    I did try simply changing the two settings in WordPress (i.e. and not changing the “.htaccess” file), but it resulted in various problems. For example, although doing this changes all of the menu links to “https”, it doesn’t change any of the existing “http” links that I’ve inserted within the pages of the website, and it doesn’t redirect these links to “https”. In other words, it leaves the website in a state where some links (i.e. menu links) go to “https” whereas other links (i.e. existing links within pages) go to “http”. It also caused problems with the s2Member Pro Login Widget – e.g. sometimes this box would show me as not logged in even though I was logged in. Furthermore, when logging in using the “wp-login.php” page, it would then redirect me to the “Membership Options Page” (i.e. rather than to the “Login Welcome Page”). Similarly, when trying to download a restricted file, it would redirect me to the “Membership Options Page”.

    For info, I then subsequently added the first piece of code shown in my post above to the “.htaccess” file, and now everything seems ok. For reference, this piece of code is set out by the following s2Member Knowledgebase article …

    Implementing SSL (HTTPS) on an s2Member Site

    … and appears to have been written by Jason as shown by the following Github page …

    Implementing SSL (HTTPS) on an s2Member Site

    As the above code appears to be working ok, I’m happy, although I’m still confused as to why the piece of code written by Jason appears to be different to the equivalent pieces of code that I’ve seen on other websites (as shown by the other two examples in my post above). Maybe they’re different ways of achieving the same thing, or maybe one of them is correct and the others are incorrect. Hopefully I’ve picked the “correct” one!

    Thanks,
    Steve

    KTS915

    (@kts915)

    Well, I’m glad it’s working for you, but I would never see this as a long-term fix. The .htaccess file gets written to (and therefore changed) by many different plugins, and is prone to getting corrupted, so I like to keep it as clean as possible.

    Instead, I use either relative links or protocol relative links so that redirects are unnecessary. And while changing links already in place can be a pain (I’ve done it), it’s absolutely guaranteed to work whatever happens in future to the .htaccess file. I prefer to do a bit more work up front in order to get a robust solution that I won’t have to tinker with again.

    Thread Starter CookingFat69

    (@cookingfat69)

    Thanks again KTS915.

    In my case, I’ve already previously sent out lots of emails with various “http” links to my website, so I felt that I needed a way to automatically redirect people.

    For info, I’ve now used the first piece of code shown in my post above for a couple of days, and so far no members have reported any problems. The other option that I was tempted by (and might use in the future) is a WordPress plugin – for example, the above s2Member Knowledgebase article (link) mentions a couple of plugins, or alternatively the WordPress plugin “Really Simple SSL” (link) appears to have decent reviews.

    Thanks again,
    Steve

    KTS915

    (@kts915)

    The other option that I was tempted by (and might use in the future) is a WordPress plugin

    Don’t be tempted — unless you want untold problems later on when you least expect them. You have only to look at the history of plugins that were recommended heavily in the past to see where that leads.

    And, if you continue to use your .htaccess code, beware of using caching or security plugins that also write to that file, or you will be likely to lock yourself out.

    This one is working like a charm:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !^on$ [NC]
    RewriteCond %{HTTP:X-Forwarded-Proto} !^https$ [NC]
    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    I have tried the other codes (available in all websites) but nothing is really working. If i typed for example: http://www.example.com/privacy/ it won’t redirect to: https://www.example.com/privacy/

    But when i used the above code it’s working. I think this will avoid duplicate entries for Google and other search engines.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Redirecting entire website from http to https …’ is closed to new replies.