WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port

Home Forums BulletProof Security Pro WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port

This topic contains 112 replies, has 18 voices, and was last updated by  jenni101 19 hours, 48 minutes ago.

Viewing 15 posts - 31 through 45 (of 113 total)
  • Author
    Posts
  • #21433

    jenni101
    Participant

    [Topic has been merged into this relevant Topic]

    Hi there,

    Just a follow on question to the redirect code for non-www to www url…

    After setting up my site I changed purchased an SSL cert and so it’s now https://www.mysite.com. So:
    [code removed as it may be confusing to someone else and is not what is needed]
    or just the redirect rule you mentioned here http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233 like this?

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    RewriteRule ^index\.php$ - [L]

    I believe this is ‘forcing SSL’? I’ve researched your advice re forcing SSL and I think you suggested not to do so in case there’s the odd http file/image etc that’s slipped through, or a plugin action that isn’t, in which case it breaks the site. Could you confirm your current recommendation? As you can see I’m getting a bit tied up with it all!
    Many thanks.

    #21437

    AITpro Admin
    Keymaster

    You would do the exact steps in this forum link:
    http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233

    The SSL code is rewriting/redirecting http URL’s to https URL’s for your entire website. What the note means about having only https URL’s is that all of your website URL’s must be https or else errors and problems will occur. I believe that once you change your WordPress URL settings then all of your URL’s will be https.  You can double check that by viewing the Source Code of your website home page.  See the note for more specific details.

    #23118

    jenni101
    Participant

    Have just plucked up the courage to add the above code as instructed – works brilliantly, don’t know why I put it off now. One final query about the recommended code: RewriteCond %{SERVER_PORT} ^80
    Our server thought that the SSL port has a different number; that Port 80 is the default port for http, and port 443 is the default port for https. So how important is it to have the correct port number here? Should it be changed to: RewriteCond %{SERVER_PORT} !^443$
    And would this force the website to load via https: more quickly? Many thanks.

    #23122

    AITpro Admin
    Keymaster

    Using RewriteCond %{SERVER_PORT} !^443$ should work fine. The condition says – if Server Port is not 443… I don’t think there would be any difference in performance/load speed.

    #23124

    Anaimation
    Participant

    [Topic has been merged into this relevant Topic]

    Hi,

    I recently got a SSL Certificate for my domain http://www.anaimation.design and then I installed the BPS Pro. In my root, I have a directory with several other websites, that I link in my main website. These links were loading fine until I installed BulletProof Security Pro and somehow restricts the way the .htaccess file loads. How can I fix this? I.e. this project was loading fine, now it gives a “PAGE NOT AVAILABLE” message: https://www.anaimation.design/web-projects/bbb

    Thanks for your help.

    #23127

    AITpro Admin
    Keymaster

    First you will need to add the HTTPS Rewrite code that is in this same forum Topic here:  http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233

    Next you will need to check the Source Code of your home page to make sure all links are https and not http.  I checked your website and currently I see a mix of http and https links in your Source Code.  Those http link problems may be fixed by doing the steps in the link above.

    What is /web-projects/bbb?  Is this another website installed here:  /web-projects/?  Is this just another folder under your hosting account?  What is /bbb/?  A folder or another website?

    #23145

    jenni101
    Participant

    Sorry, just need to clarify re. your comment on 3-6-15 “The condition says – if Server Port is not 443…”

    So if they say the https port is 443, should i add the code: RewriteCond %{SERVER_PORT} ^443 instead of: RewriteCond %{SERVER_PORT} !^443$ – to allow it, rather than block it?

    Many thanks.

    #23146

    jenni101
    Participant

    [Topic has been merged into this relevant Topic]

    Hi there,

    After successfully using the redirect from http to https I was wondering what was the proper way to incorporate the redirect from non-www to www too? The closest I’ve come to a solution is here: http://stackoverflow.com/questions/13977851/htaccess-redirect-to-https-www From searching it looks like everyone has a different way! Could you share your recommendations for this?

    Many thanks, J

    #23149

    AITpro Admin
    Keymaster

    UPDATE: HTTPS/SSL htaccess Rewrite code with step by step Custom Code instructions:  http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233

    I believe this would work, but this code has not been tested.  I think with SSL your Certificate is specific to the exact domain name.  So it would be better to setup your site so that it is using the correct domain name in WordPress settings and anywhere else.

    # https/SSL www to non-www
    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteCond %{HTTP_HOST} ^www\.domainname\.com$ [NC]
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    RewriteRule ^index\.php$ - [L]
    
    # https/SSL non-www to www
    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteCond %{HTTP_HOST} ^domainname\.com$ [NC]
    RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R,L]
    RewriteRule ^index\.php$ - [L]
    #23152

    jenni101
    Participant

    Thanks for that – I’ve just tested the ‘https/SSl non-www to www’ version (with my domain name in!) and checking it through webpagetest site it’s worked just fine. many thanks for your help and advice yet again!

    PS: any comment on the ‘port number’ bit of the code as per my comment on June 4th?

    #23157

    AITpro Admin
    Keymaster

    The Port Condition does not block anything – it is a “pattern” matching condition.  HTTP uses Port 80 and HTTPS/SSL uses Port 443.  So if you use “is NOT” Port 443 condition then you are saying “IS” Port 80.  If you are saying IS Port 80 then you are saying IS Port 80.  They are the same thing.  If you say to match Port 443 then that condition will not match Port 80 and will only match 443 and will not work of course to do what it is supposed to achieve.  What you are trying to achieve overall is you want any Requests sent to Port 80 to be redirected to 443.

    #23248

    jenni101
    Participant

    ohh i understand now – got it at last! Thanks.

    (PS. thought you might like to know that for some reason i don’t seem to be getting email notifications of replies any more from here – always used to until about the last 3 – 4 weeks; despite confirming that I’ ‘subscribed’ / I’ve got the Notify me of follow-up replies via email box ticked. Not sure of it’s at your site end of my email provider, but other emails getting through OK and not in the spam either.)

    #23255

    AITpro Admin
    Keymaster

    Automated emails are working normally so maybe your web host is now rejecting automated emails from our web host.  We have an ongoing issue with automated emails being rejected by other web hosts due to the automated email headers looking like spam.  There is no possibility of a fixing this or creating a solution, so at some point we will probably get a 3rd party email provider instead of using our web host’s email services.

    #26097

    Paul
    Participant

    [Topic has been merged into this relevant Topic]
    If i want to redirect my site to https using. Where would i put this, also i currently have redirects from old to new pages, would this then make those redirects void?

    RewriteCond %{HTTPS} off
    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    #26100

    AITpro Admin
    Keymaster

    See these 2 replies in this same forum topic for how to add HTTPS/SSL htaccess code to BPS Custom Code:
    http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233
    http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/page/3/#post-23149

    If your current redirect code for redirects from old to new pages needs to be changed to match your new site HTTPS/SSL rewrite/redirect code then you will need to update your redirect code to match your new HTTPS/SSL code.

Viewing 15 posts - 31 through 45 (of 113 total)

You must be logged in to reply to this topic.