: Force ssl - 301 redirect not working I created a 301 redirect in my cPanel to force ssl. It is not working. The last two lines were created with the cpanel for the redirect. RewriteOptions

@Jamie184

I created a 301 redirect in my cPanel to force ssl.


Unfortunately, cPanel's "redirect feature" is a bit notorious for making a mess. And since an incorrect directive can bring down a site, it's difficult to recommend. If you are going to try and use it then you really need to read the cPanel documentation to make sure of the expected inputs and some caveats. (The on-page instructions with the tool itself are a bit lacking IMO.)

However, the redirect feature provided by cPanel is a bit limited. You can only really do simple redirects. A "force SSL" type redirect is not possible using this tool.


Why isn't this working?


Well, to be frank, it's completely wrong. (The cPanel docs linked to above would have helped here.)


"The last two lines" - The first fundamental error here is that these directives are placed at the end of the file. Because of the WordPress front-controller at the top of the file, these directives will never be processed (even if they were correct). (This is covered in the cPanel docs.)
RewriteRule ^example.com/$ - The RewriteRule directive matches against the URL-path only, not the hostname. So, this will never match. (Again, the cPanel docs covers the expected input.)
"https://example.com/" - To implement this properly you would need some kind of "wildcard" redirect, redirecting all URLs like for like. This directive would redirect to the home page only. (It's also an example of cPanel's "mess" - there is never a need to backslash escape colons, slashes and dots in the RewriteRule substitution. The surrounding quotes are also unnecessary here, but that's forgivable given the automated nature of this generated output.)
In order to redirect from HTTP to HTTPS, you need to first check that the current request is not already for HTTPS, otherwise you'll get a redirect loop.
RewriteCond %{HTTP_HOST} ^.*$ - This is just nonsense - it doesn't do anything. This directive will always evaluate to true on any system.



RewriteOptions inherit



This directive is also suspicious. Do you need this? If you do, then this can influence where this "force SSL" redirect should go (before, after, or in a different config file altogether).

The appropriate redirect code will need to go near the start of your .htaccess file, before the existing WordPress directives (ie. before the front controller). In its simplest form, this would be something like:

RewriteCond %{HTTPS} !on
RewriteRule (.*) example.com/ [R=301,L]


This assumes that example.com is the canonical hostname (as in your code snippet). To incorporate a www to non-www redirect as well, then change this to:

RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} ^www.
RewriteRule (.*) example.com/ [R=301,L]

Vote Up Vote Down

@Goswami781

What version of preferred HTTPS URL would you like to have?

Let's say if you would like to have: www.example.com then do, following and it should work.

Change the setting accordingly in Wordpress (Site / WordPress Address) and then change your .HTACCESS as below:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ www.example.com/blog/ [R=301,L]
RewriteCond %{http_host} ^example.com/blog/ [NC]
RewriteRule ^(.*)$ www.example.com/blog/ [R=301,L]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>

# END WordPress


Note: Here WordPress installation is on /blog/ so you can change it as per your need.

Vote Up Vote Down