Title: Redirect Entire Site to HTTPS
Last modified: August 31, 2016

---

# Redirect Entire Site to HTTPS

 *  Resolved [James Hall](https://wordpress.org/support/users/putarguygmailcom/)
 * (@putarguygmailcom)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/)
 * I moved a 300+ page WP site from http to https about 6 months ago and have been
   experiencing weird bouncing around in the SERPS for all engines. Today I decided
   to look closer because my smaller sites don’t do this. I ran the IIS SEO bot/
   tool to crawl it for errors. I found it had about 5000 redirect loop errors that
   aren’t noticeable on the frontend – it usually loads in under 3 seconds.
 * I used the headers output tool at [AskApache](http://www.askapache.com/online-tools/http-headers-tool/)
   to see the output, and get a definite redirect loop error that closes with: “
   HTTP/1.1 400 Bad Request”
 * My htaccess code looks like this:
 *     ```
       <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteCond %{HTTPS} !=on
       RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R=301,L]
       RewriteBase /
       RewriteRule ^index\.php$ - [L]
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteRule . /index.php [L]
       </IfModule>
       ```
   
 * I’ve tried about 200 changes to this code today trying to resolve the loop problem.
   When I ran the tool against wordpress.org it redirects http requests via a 301
   and stops as it should, but the wordpress.org server is using NGINX instead of
   Apache or I would ask for a copy of that code.
 * I have edited the general settings for my install to both point to https:// and
   have had a “green address bar” for months until today. When I started playing
   around with the htaccess, it caused all of my images on the site to revert to
   http:// URI’s??
 * Two separate problems that are somehow connected, but I’d be glad to know how
   to resolve the redirect loop most of all. I read a ton of articles here about
   how to configure this, and every one I checked had an invisible redirect loop
   problem as well. Both Google and Bing say this will severely affect rankings 
   in a bad way.

Viewing 8 replies - 1 through 8 (of 8 total)

 *  [Dipak Gajjar](https://wordpress.org/support/users/dipakcg/)
 * (@dipakcg)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/#post-7043700)
 * **James,** Try to update your `.htaccess` with the following code.
 *     ```
       # BEGIN WordPress
       <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteBase /
       RewriteRule ^index\.php$ - [L]
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteRule . /index.php [L]
       </IfModule>
       # END WordPress
   
       # BEGIN Force http to https
       RewriteEngine On
       RewriteCond %{HTTPS} off
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
       # END Force http to https
       ```
   
 * Let me know how this goes.
 *  Thread Starter [James Hall](https://wordpress.org/support/users/putarguygmailcom/)
 * (@putarguygmailcom)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/#post-7043705)
 * Same result – HTTP/1.1 400 Bad Request.
    Here are my “Response Headers”:
 *     ```
       * Connected to www.wake-up.org (143.95.34.102) port 443 (#0)
       > GET / HTTP/1.1
       > Host: www.wake-up.org
       > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
       > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
       > Accept-Language: en-US,en;q=0.5
       > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
       > Accept-Encoding: gzip, deflate
       > Connection: keep-alive
       > Referer: http://www.askapache.com/online-tools/http-headers-tool/
       > Cache-Control: max-age=0
       > Keep-Alive: 115
   
       < HTTP/1.1 302 Found
       < Date: Tue, 09 Feb 2016 04:27:09 GMT
       < Server: Apache
       < Location: https://www.wake-up.org/
       < Vary: Accept-Encoding
       < Content-Encoding: gzip
       < Content-Length: 186
       < Keep-Alive: timeout=5, max=256
       < Connection: Keep-Alive
       < Content-Type: text/html; charset=iso-8859-1
       --------------------------------------------------------------------------------
   
       > GET / HTTP/1.1
       > Host: www.wake-up.org
       > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
       > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
       > Accept-Language: en-US,en;q=0.5
       > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
       > Accept-Encoding: gzip, deflate
       > Connection: keep-alive
       > Referer: http://www.wake-up.org/
       > Cache-Control: max-age=0
       > Keep-Alive: 115
   
       < HTTP/1.1 400 Bad Request
       < Date: Tue, 09 Feb 2016 04:27:10 GMT
       < Server: Apache
       < Content-Length: 347
       < Connection: close
       < Content-Type: text/html; charset=iso-8859-1
       ```
   
 *  [Dipak Gajjar](https://wordpress.org/support/users/dipakcg/)
 * (@dipakcg)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/#post-7043736)
 * I understand about _HTTP/1.1 400 Bad Request_. but that seems the different issue
   than what the title says “Redirect Entire Site to HTTPS”.
 * The code I provided above is what redirects the whole site to https.
 *  Thread Starter [James Hall](https://wordpress.org/support/users/putarguygmailcom/)
 * (@putarguygmailcom)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/#post-7043782)
 * Thanks for looking at the issue Dipak. However, if I remove the “force ssl” code(
   yours or mine) the response headers are perfect with no “Bad Request” error. 
   That is a generic Apache error, and what is shown when a redirect loop is happening.
 * The “force ssl” code is only being added to FORCE the whole site to use ssl. 
   I don’t want a duplicate content penalty for having both HTTP and HTTPS versions
   of the site. However, every snippet of regex I’ve tried either doesn’t redirect
   all traffic to HTTPS or results on a redirect loop.
 *  Thread Starter [James Hall](https://wordpress.org/support/users/putarguygmailcom/)
 * (@putarguygmailcom)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/#post-7043857)
 * RESOLVED:
 * First I removed the redirect regex on lines 3 and 4 from my original post, then
   installed the “Really Simple SSL” plugin by Rogier Lankhorst.
 * Originally, this issue came about from many warnings in Bing Webmaster Tools.
   I discovered that I had added these sites to “My Sites” before I moved them over
   to HTTPS. I had to delete the sites from BWT and add them back again. It now 
   shows that they’re being crawled correctly.
 * Another coder over at [https://www.codementor.io](https://www.codementor.io) 
   showed me 2 other header checking sites that showed correct “HTTP/1.1 200 OK”
   responses. Those sites were: [http://tools.seobook.com/server-header-checker/](http://tools.seobook.com/server-header-checker/)
   and [http://web-sniffer.net/](http://web-sniffer.net/)
 * Be sure to check multiple sources if you have the same issue. Good luck!
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/#post-7043993)
 * Code from Dipak is in the right direction, but I’d reverse the blocks. So:
 *     ```
       <IfModule mod_rewrite.c>
       # BEGIN Force http to https
       RewriteEngine On
       RewriteCond %{HTTPS} !=on
       RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R=301,L]
       # END Force http to https
       </IfModule>
   
       # BEGIN WordPress
       <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteBase /
       RewriteRule ^index\.php$ - [L]
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteRule . /index.php [L]
       </IfModule>
       # END WordPress
       ```
   
 * But I really think your problems root cause/culprit is in your database. I posit
   that your db still has a ton of links to http references, such as to your media
   files like images. What you need to do is search your entire db for references
   to `http://` and replace with `https://`. It’s not enough to just setup redirects
   to https, you need to link to https everywhere.
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/#post-7043994)
 * Ok actually I just used my headers tool to check https:// wakeup and there is
   definitely a problem other than htaccess.
 * You need to find the error log for apache, and then paste in the relevant lines
   here. A 400 Bad Request error is indicative of a more serious problem than just
   a https => http redirect, or any redirect. You should also paste in your entire
   htaccess file (cleaning it to remove any identifiable strings).
 * Until this issue is resolved your site will be fubar
 *  Thread Starter [James Hall](https://wordpress.org/support/users/putarguygmailcom/)
 * (@putarguygmailcom)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/#post-7043996)
 * Thank you for looking at this AskApache!
    I had the same thought about the database
   the other day and after your post I downloaded a fresh copy and found/replaced
   10,086 occurrences of [http://www.mydomain](http://www.mydomain) with [https://www.mydomain](https://www.mydomain)–
   you were right about that.
 * I didn’t want to take the site down so I made a new database and imported the
   edited version there, then updated my wp-config to reflect the change (I was 
   afraid of serialized data corruption).
 * Unfortunately, it didn’t fix it and your header-test-tool still shows a 400 Bad
   Request error.
 * I had my hosting company look at the issue and this was their reply:
 * > The online tools which you are using don’t appear to integrate with SNI and
   > the following error is recorded when a test is initiated:
   > [Mon Feb 15 01:25:55 2016] [error] Hostname xx.xx.xx.xx (the IP addresss) provided
   > via SNI and hostname wake-up.org provided via HTTP are different
 * Then, they offered no solution.

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Redirect Entire Site to HTTPS’ is closed to new replies.

## Tags

 * [htaccess](https://wordpress.org/support/topic-tag/htaccess/)
 * [redirect loop](https://wordpress.org/support/topic-tag/redirect-loop/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 8 replies
 * 3 participants
 * Last reply from: [James Hall](https://wordpress.org/support/users/putarguygmailcom/)
 * Last activity: [10 years, 3 months ago](https://wordpress.org/support/topic/redirect-entire-site-to-https/#post-7043996)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics