WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port

Home Forums BulletProof Security Pro WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port

Viewing 15 posts - 106 through 120 (of 124 total)
  • Author
    Posts
  • #36691
    AITpro Admin
    Keymaster

    Yes, see this Reply in this same forum topic > https://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233. Also check your WordPress General Settings (WordPress Address (URL) and Site Address (URL))   to make sure they are correct.

    #36847
    Hannah
    Participant

    Hi there, I’m having an unusual issue with SSL redirects on a client site that I just migrated to GreenGeeks hosting. It did not previously have SSL, so we wanted to have them install it for us. I had disabled BPS while they installed the SSL cert, and the rewrite code they put at the top of the the default htaccess file was:

    RewriteEngine On
    RewriteCond %{HTTP_HOST} domain\.com [NC]
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://domain.com/$1 [R,L]

    That worked fine, http to https and www to non-www, but at the expense of not having any BPS security in htaccess of course.

    I can’t seem to save any edits in custom code on any site I have hosted at GreenGeeks, so I have to edit htaccess on the server. To do this, I replaced the default rewrite code in the CUSTOM CODE WP REWRITE LOOP START section. Redirect loop. So I replaced it with the first version you have on the WordPress SSL htaccess Code page here at ait-pro.com, updating successively as I followed the instructions on the page. None of them worked. So I’ve fallen back to the default with the working rewrite code for now, but I wonder if you can tell me if there is something special I need to do at GreenGeeks, or if this is something else non-hosting related that can be remedied easily.

    I do have the site set up as https in the WordPress General Settings, and have replaced all non-secure urls with secure ones in the database. No SSL “helper” plugins installed. Just tried running the setup wizard and the redirect loop reoccurred. Returned to the default with GG https rewrite code at the top (before the # BULLETPROOF DEFAULT .HTACCESS  line) and it performs as expected.

    I know there’s a way to get this to work, but I’m not finding it on my own. I may be doing something wrong in REPLACING the default rewrite rules in the BPS htaccess with the rewrite code provided by GG? Maybe you can clarify that since I’m not sure if my attempts to add it by hand are correct and I don’t have BPS to back me up since Custom Code won’t save.

    Thanks for any help you can offer.

    PS: I really like GreenGeeks hosting, but it is very annoying to continually get 403 errors when trying to save Custom Code. Is there anything to be done about that?

    #36848
    AITpro Admin
    Keymaster

    @ Hannah – The Custom Code not saving problem is caused by Mod Security installed on your web host.  Contact your web host support and ask them to either create Mod Security whitelist rules for your website, remove/delete the Mod Security rules causing the problem or disable Mod Security for your website. Once you have fixed the Mod Security problem then you can move forward again.

    Mod Security – Common known problems
    https://forum.ait-pro.com/forums/topic/mod-security-common-known-problems/

    #38037
    jenni101
    Participant

    Hi there,

    I’m just changing my site to https (at long last!), with my W/P site sitting in a sub-folder (tpphoto) of the root (GWIOD setup). Also keeping the url as www.

    I’ve read through your advice and sample custom code for this, but not 100% sure if I’ve got it right. Please can you check that the code I plan to use in the .htaccess Custom code box 8 is correct for this set-up?

    # WP REWRITE LOOP START
    # Rewrite|Redirect http to https|SSL & non-www to www & site in sub-folder
    RewriteEngine On
    RewriteBase /tpphoto/
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://www.mysite.com%{REQUEST_URI} [R=301,L]
    RewriteRule ^index\.php$ - [L] 
    

    Many thanks.

    #38038
    AITpro Admin
    Keymaster

    @ jenni101 – Use the Rewrite/Redirect HTTP (non-SSL) to HTTPS (SSL) code below first before trying to use the non-www to www SSL rewrite code. Logically if you have changed your WordPress General settings then the Rewrite from non-www to www should happen automatically. Only use the non-www to www SSL rewrite code if the code below does not work.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /tpphoto/
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    RewriteRule ^index\.php$ - [L]
    #38052
    jenni101
    Participant

    many thanks – so the

    {HTTP_HOST}

    is now used instead of the actual site url?

    #38053
    AITpro Admin
    Keymaster

    @ jenni101 – HTTP_HOST is the entire Host header field.  Your WordPress URL settings on the WordPress General Settings page – WordPress Address (URL) and Site Address (URL) – set the Host header field.  Site Address (URL) is your actual Host header field.  So as long as your Site Address (URL) includes www then if someone types in the non-www URL to your website the internal WordPress database Rewrite should rewrite/redirect to your www URL.  You should test typing your non-www URL in your Browser to make sure the rewrite to your www URL works correctly.  Another problem that can occur is that you will see a Browser warning about your website not being secure when you type in a non-www URL.  That problem is caused by your Browser not being capable of reading the Host in your SSL Certificate.  If that problem occurs then you will need to add a DNS CNAME record for either your non-www or www domain in your web host control panel > https://forum.ait-pro.com/forums/topic/ssl-issue/

    #38069
    jenni101
    Participant

    @ait-pro – thanks. Understand it better now. And seems to be working fine without the wwwtoo so redirecting as expected, and without security warnings. Phew!

    #38594
    Paul
    Participant

    Reading through here, would the option to force all site to https be in here https://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-1737

    #38595
    AITpro Admin
    Keymaster

    @ Paul – That particular person was using an HTTPS WordPress plugin, which you don’t need to install/use. As long as you have a valid SSL Certificate then you only need to add the HTTPS/SSL Rewrite htaccess code here > https://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233

    #38596
    Paul
    Participant

    Ok great thankyou

    #40799
    brewmaxwell
    Participant

    I just need a place to save images under SSL for creating a paypal site for the client.
    They recommend to host the logo for the paypal page on SSl, thats my intention. Not really making anything more secure.

    #40800
    AITpro Admin
    Keymaster

    @ brewmaxwell – PayPal IPN will only work over SSL. Other benefits of SSL besides security: Faster website page loads, higher page ranking in Google search results and no warning messages from Google about a website not being secure. You can get free SSL Certificates from Let’s Encrypt > https://letsencrypt.org/. If you have cPanel hosting you can install the Free SSL Certificate Plugin for WordPress > https://wordpress.org/plugins/auto-install-free-ssl/. This plugin will automatically renew SSL Certificate’s.

    So since it is free and easy to get an SSL Certificate then that is the best route to go instead of trying to do some sort of 3rd party logo image hosting.

    #42003
    verysingh
    Participant

    The sub folders will follow their parent folders’  htaccess AS LONG as the subfolder contains NO own htaccess ? Did I get You right? Andre

    #42004
    AITpro Admin
    Keymaster

    @ verysingh – Yes, that is correct.  Another possible scenario could be that a subfolder htaccess file contains htaccess code that does something different than a parent htaccess file.  In that case, rules from the parent htaccess file would be applied to the subfolder AND unique htaccess rules in the subfolder htaccess file would ALSO be applied to the subfolder.  This forum topic contains additional help info about htaccess file hierarchy > https://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/

Viewing 15 posts - 106 through 120 (of 124 total)
  • You must be logged in to reply to this topic.