{"id":15292174,"url":"https://github.com/coil-4423/wp-force-https","last_synced_at":"2025-06-25T16:03:46.322Z","repository":{"id":257179390,"uuid":"857541719","full_name":"Coil-4423/wp-force-https","owner":"Coil-4423","description":"A step-by-step guide and configuration files to force HTTPS on a WordPress site, including SSL setup, .htaccess rules, and troubleshooting common issues like mixed content and REST API connectivity.","archived":false,"fork":false,"pushed_at":"2024-09-14T23:25:57.000Z","size":6,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-29T15:12:40.321Z","etag":null,"topics":["https","wordpress"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Coil-4423.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-14T23:22:11.000Z","updated_at":"2024-10-02T23:44:32.000Z","dependencies_parsed_at":"2024-09-15T06:45:16.397Z","dependency_job_id":"3115f520-a8ee-477c-bc9b-6e193dd7e39a","html_url":"https://github.com/Coil-4423/wp-force-https","commit_stats":null,"previous_names":["coil-4423/wp-force-https"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Coil-4423%2Fwp-force-https","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Coil-4423%2Fwp-force-https/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Coil-4423%2Fwp-force-https/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Coil-4423%2Fwp-force-https/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Coil-4423","download_url":"https://codeload.github.com/Coil-4423/wp-force-https/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245247472,"owners_count":20584355,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["https","wordpress"],"created_at":"2024-09-30T16:16:51.082Z","updated_at":"2025-03-24T09:41:39.975Z","avatar_url":"https://github.com/Coil-4423.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# WP Force HTTPS\n\n## Introduction\nThis repository provides a step-by-step guide on how to force HTTPS for a WordPress website. It includes configurations for `.htaccess`, `wp-config.php`, and other essential details for setting up SSL and enforcing secure connections.\n\n## Prerequisites\n- An SSL certificate installed (either via Let's Encrypt or a purchased one).\n- Access to your WordPress Admin dashboard.\n- Ability to edit server configuration files like `.htaccess` and `wp-config.php`.\n\nTo **force your WordPress live site** to be accessible only over **HTTPS**, you need to follow a few steps to ensure that all traffic is redirected to the secure HTTPS version. Here's a step-by-step guide to implement this:\n\n### Step 1: Install an SSL Certificate\nBefore forcing HTTPS, make sure you have an **SSL certificate** installed on your website. Most hosting providers offer free SSL certificates through services like **Let's Encrypt**, or you may purchase one.\n\nIf you already have an SSL certificate installed, proceed to the next steps.\n\n---\n\n### Step 2: Update WordPress URLs to HTTPS\n\n1. **Go to WordPress Admin**:\n   - Navigate to **Settings \u003e General** in the WordPress dashboard.\n\n2. **Update the URLs**:\n   - In the **WordPress Address (URL)** and **Site Address (URL)** fields, ensure both URLs start with `https://` instead of `http://`.\n   - Example:\n     - **WordPress Address (URL)**: `https://yourdomain.com`\n     - **Site Address (URL)**: `https://yourdomain.com`\n\n3. **Save Changes**:\n   - After updating the URLs, click **Save Changes**. This change ensures that WordPress itself is aware that it should use HTTPS.\n\n---\n\n### Step 3: Force HTTPS via `.htaccess` (For Apache Servers)\n\nIf you're using an **Apache** server, you can use your `.htaccess` file to force all HTTP traffic to redirect to HTTPS.\n\n1. **Edit Your `.htaccess` File**:\n   - Using an FTP client (e.g., FileZilla) or your hosting provider's file manager, access your website's root directory where the `.htaccess` file is located.\n   - Open the `.htaccess` file for editing.\n\n2. **Add the Following Code to Redirect HTTP to HTTPS**:\n   Add this code to the **top** of your `.htaccess` file (above the `# BEGIN WordPress` line):\n\n   ```apache\n   \u003cIfModule mod_rewrite.c\u003e\n   RewriteEngine On\n   RewriteCond %{HTTPS} !=on\n   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]\n   \u003c/IfModule\u003e\n   ```\n\n   ### Explanation:\n   - **`RewriteCond %{HTTPS} !=on`**: This condition checks if HTTPS is not enabled.\n   - **`RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]`**: This rule redirects all HTTP requests to the HTTPS version of the same URL. The `301` status code is used for a permanent redirect.\n\n3. **Save the File**:\n   - Save and close the `.htaccess` file.\n\n---\n\n### Step 4: Force HTTPS via wp-config.php (Optional)\n\nYou can also add the following to your `wp-config.php` file to ensure WordPress enforces HTTPS:\n\n1. **Edit the `wp-config.php` file**:\n   - Access your website's root directory using FTP or your hosting file manager.\n\n2. **Add the Following Code to `wp-config.php`**:\n   Place this code before the line that says `/* That's all, stop editing! Happy publishing. */`.\n\n   ```php\n   define('FORCE_SSL_ADMIN', true);\n   if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)\n       $_SERVER['HTTPS'] = 'on';\n   ```\n\n3. **Save the Changes**:\n   - After adding the code, save and close the `wp-config.php` file.\n\n---\n\n### Step 5: Clear Caches\n\nIf you are using any caching plugins or your server has caching enabled, clear the cache to ensure the new redirect rules take effect.\n\n### Step 6: Test Your Site\n\nAfter applying the changes, visit your website using `http://` in the URL, and it should automatically redirect to the `https://` version.\n\n---\n\n### Step 7: Fixing Mixed Content Issues (If Any)\n\nIf you still see security warnings or mixed content issues (where some resources are still being loaded over HTTP), follow these steps:\n\n- Install a plugin like **Really Simple SSL** which helps detect and fix mixed content issues.\n- Or manually update internal links and resources (like images or stylesheets) to use HTTPS instead of HTTP.\n\n---\n\n### Summary of Actions:\n1. **Ensure SSL is installed**.\n2. **Update WordPress URLs** in **Settings \u003e General**.\n3. **Redirect HTTP to HTTPS** using `.htaccess` (or server config).\n4. **Optional**: Add SSL enforcement to `wp-config.php`.\n5. **Clear caches** and **test the redirection**.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoil-4423%2Fwp-force-https","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcoil-4423%2Fwp-force-https","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoil-4423%2Fwp-force-https/lists"}