I have SSL certificate activated on my website. I did change the settings:

setting > general 

and edit wp-config.php to force HTTPS:

define( 'FORCE_SSL_ADMIN', true );

The problem is, the redirect doesn't work and both versions of the site, HTTP and HTTPS, are accessible.

I checked my .htaccess file. It seems everything is correct:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} on [OR]
RewriteCond %{SERVER_PORT} ^443$ [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} https
RewriteRule .* - [E=WPR_SSL:-https]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=WPR_ENC:_gzip]
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} =""
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_.+|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]
RewriteCond %{REQUEST_URI} !^(/(.+/)?feed/?|/(?:.+/)?embed/|/checkout/(.*)|/cart/|/my-account/(.*)|/wc-api/v(.*)|/(index\.php/)?wp\-json(/.*|$))$ [NC]
RewriteCond %{HTTP_USER_AGENT} !^(facebookexternalhit).* [NC]
RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}.html%{ENV:WPR_ENC}" -f
RewriteRule .* "/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}.html%{ENV:WPR_ENC}" [L]
</IfModule>

UPDATE

I have WP-ROCKET plugin and I think this is the main source of the problem because whenever I clear the cache and refresh the site from HTTP address it redirects correctly but just one time

I have SSL certificate activated on my website. I did change the settings:

setting > general 

and edit wp-config.php to force HTTPS:

define( 'FORCE_SSL_ADMIN', true );

The problem is, the redirect doesn't work and both versions of the site, HTTP and HTTPS, are accessible.

I checked my .htaccess file. It seems everything is correct:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} on [OR]
RewriteCond %{SERVER_PORT} ^443$ [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} https
RewriteRule .* - [E=WPR_SSL:-https]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=WPR_ENC:_gzip]
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} =""
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_.+|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]
RewriteCond %{REQUEST_URI} !^(/(.+/)?feed/?|/(?:.+/)?embed/|/checkout/(.*)|/cart/|/my-account/(.*)|/wc-api/v(.*)|/(index\.php/)?wp\-json(/.*|$))$ [NC]
RewriteCond %{HTTP_USER_AGENT} !^(facebookexternalhit).* [NC]
RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}.html%{ENV:WPR_ENC}" -f
RewriteRule .* "/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}.html%{ENV:WPR_ENC}" [L]
</IfModule>

UPDATE

I have WP-ROCKET plugin and I think this is the main source of the problem because whenever I clear the cache and refresh the site from HTTP address it redirects correctly but just one time

• redirect
• ssl
• https
• http

Share Improve this question edited May 20, 2019 at 14:21 zEn feeLo asked May 20, 2019 at 13:52 zEn feeLozEn feeLo 20733 silver badges1818 bronze badges 7

• this problem appeared when I changed my server – zEn feeLo Commented May 20, 2019 at 13:54
• would you please explain or write the full answer ? what should be on? – zEn feeLo Commented May 20, 2019 at 14:09
• Issues with the plugin are off topic here, please contact the plugin maintainer directly. And give the help center a good read to get familiar with site guidelines. – Nicolai Grossherr Commented May 20, 2019 at 14:23
• 1 WordPress Development is nomen est omen mainly about development. Third party plugins are off topic as per guidelines. – Nicolai Grossherr Commented May 20, 2019 at 14:32
• 1 This already has an answer here: wordpress.stackexchange/a/334326/30597 – norman.lol Commented May 20, 2019 at 14:43

 |  Show 2 more comments

2 Answers 2

Sorted by: Reset to default 1

Your rewrite conditions, line 4 to 6 in your code, apply when https is active, so you are redirecting from https to https. Consquently you should change the conditions to check, if https is not active, ergo !on and !^443$ and !https. Additionally I'm not sure about the rule RewriteRule .* - [E=WPR_SSL:-https], probably something WP Rocket specific and out of scope here, which is why I suggest to possibly replace it with RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301].

In conclusion, I'd say, replace line 4 to 7 of your .htaccess with:

RewriteCond %{HTTPS} off
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

with adding this simple rules to your .htaccess file you can override any possible conflict with plugins and redirect issues

don't forget to add these lines to the beginning of .htaccess

RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://www.example/$1 [L]