• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
NameHero Blog

NameHero Blog

Web Hosting Tips & Resources From NameHero

  • Hosting
    • Web Hosting
    • VPS Hosting
    • WordPress Hosting
    • WooCommerce Hosting
  • Reseller
  • Enterprise
  • Domains
  • Account
  • Blog Home
  • Categories

How To Enforce HTTPS With “WWW” After Installing An SSL Certificate

Bhagwad Park

Published on: September 24, 2018

Categories: Website Development, WordPress 3

The war on HTTP has been won. With Google now enforcing HTTPS on all sites, under penalty of a ranking hammer, most serious web admins have migrated their sites to SSL. This has also been helped along by two things.

First, Chrome now treats non-https sites as dangerous, scaring users into expecting SSL protection at all times. Since Chrome has the dominant market share, this is a pretty effective tactic. More importantly however I think, is the rush by hosting providers to make HTTPS easy for everyone to implement on their site for free.

NameHero for example, allows users to install AutoSSL on their sites by default. Not all Auto-SSL certificates cover wildcard subdomains however, so that’s something to look out for. But the other major initiative in addition to AutoSSLs, is Let’s Encrypt. This has now become ubiquitous across all hosting providers (except for GoDaddy). Let’s Encrypt now automatically includes wildcards as well.

But Installing HTTPS Isn’t Enough!

Having an SSL enabled site is great! But it’s not enough. There are several things you need to do before your site works properly with HTTPS. Just because SSL is enabled, doesn’t mean that every connection will automatically use it. Your site is still accessible over plain HTTP.

This means that any existing links to your site using HTTP will show the unencrypted version. Your users will still see the scary message. It’s up to you to redirect all requests from HTTP to HTTPS.

Maintaining a Consistent URL with www

This is a matter of choice. Some web owners don’t care whether or not their users access the site with “www”, or without. However, from a technical point of view, these are viewed as different properties (though there are some who are trying to change that).

It’s good to have just one version of your site. Taken together with the HTTPS issue, any given URL on your site can be accessed in four ways like this:

  1. http://example.com
  2. http://www.example.com
  3. https://example.com
  4. https://www.example.com

What we’re going to do is to use htaccess to redirect all URLs to the last version. The one with https, and with www.

The Wrong Way to Do it

If you check on the Internet, many sites will give a two-step approach to the problem. For example, rules like this:

#Redirect to HTTPS
RewriteCond %{HTTPS} off [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

#Add www to all non www http requests
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

This will work, but it’s wasteful, and leads to more redirects than are necessary. If a visitor comes to your site with the URL:

http://example.com

The following will happen:

  1. The user will first be redirected to https://example.com
  2. The user will again be redirected to https://www.example.com

Two redirects are wasteful. It increases the response time, and no one is happy – including Google.

What we want is just one htaccess redirect to solve both problems. But first, we need to change a setting in WordPress itself.

Step 1: Changing the Site URL in WordPress

In your WordPress dashboard, go to Settings -> General, and ensure that your site URLs reflect both “https”, as well as “www” like this:

 

Change the Name of the Site in General Settings

If you omit this step, and say leave out the “www”, then the following code will lead to an infinite loop and you’ll get an error saying that the page redirected you too many times. So first make this change.

Step 2: Add the Following Code to .htaccess

Your .htaccess file is found in the root directory of your WordPress installation. It may or may not have code already inside it (most likely it will). Open it up for editing either through FTP, or via your cPanel file manager and add the following code at the beginning:

RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$
RewriteRule ^ https://www.%1%{REQUEST_URI} [NE,L,R=301]

This is general purpose code that will work on any site. There’s no need to replace anything. More importantly, it rewrites the URL to include both www and https in a single stroke and uses just one redirect to solve both problems. This avoids extra load and increases response times!

So if you’ve just enabled SSL on your site, make sure you follow the above steps to ensure that your WordPress installation is properly secured, even when someone deliberately tries to access your site using an incorrect URL.

Bhagwad Park Profile Picture
Bhagwad Park

I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!

Reader Interactions

Comments

  1. Rene says

    March 4, 2020 at 5:17 pm

    Thanks this did fix a cookie set problem on my website!

    Reply
  2. Josiah says

    May 24, 2020 at 7:03 pm

    This was helpful in 2020 🙂 Thanks so much

    Reply
    • J Matlock says

      June 20, 2020 at 11:44 am

      Great Article, straight to the point, Thank you!

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Follow & Subscribe

Exclusive promos, content and more!

Most Popular Posts

Speed up your site: solving the WordPress slowdown

NameHero’s Recommended WordPress Plugin and Theme Setup (2023)

How To Increase The InnoDB Buffer Pool Size

How To Fix A Stuck All-in-One WP Migration Import

How To Add A Subdomain In Cloudflare

Top Categories

  • WordPress
  • WordPress Tutorials
  • Enterprise Hosting
  • WooCommerce
  • Web Hosting
  • Resellers
  • Website Security
  • Website Development
  • Website Performance
  • VPS Hosting
  • SEO Tips
  • Announcements
  • Domain Registration
NameHero

NameHero proudly provides web hosting to over 40,000 customers with 99.9% uptime to over 750,000 websites.

  • Master Card
  • Visa
  • American Express
  • Discover
  • Paypal
Products
  • Web Hosting
  • VPS Hosting
  • WordPress Hosting
  • WooCommerce Hosting
  • Reseller Hosting
  • Enterprise Hosting
  • Domains
Help & Support
  • NameHero Blog
  • Support
  • Knowledgebase
  • Announcements
  • Affiliates
Company
  • About Us
  • Contact Sales
  • Reviews
  • Uptime
  • We're Hiring

Copyright © 2023 NameHero, LLC. All rights reserved.

  • Privacy Policy
  • Terms of Use
  • Acceptable Use Policy
  • Payment Policy
  • DMCA