- This topic has 11 replies, 2 voices, and was last updated 6 years, 9 months ago by Stephen.
-
AuthorPosts
-
June 12, 2017 at 1:39 am #332278Stephen
Hi,
I’m currently designing a new website on a new domain. This is my first SSL website and I’m concerned about duplicate content and its effect on SEO, as well as just making my site secure. I have 3 related questions please.
1.
Do I have to add any code to .htaccess, or wp-config for that matter, to force incoming traffic to use SSL? Is it enough to just change the WordPress Address URL and Site Address URL in WordPress General Settings? Job done?I’ve seen the following code in tutorials, but the code seems to be used for existing websites? My site and domain are new. Also, the code differs slightly from tutorial to tutorial, which is confusing.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]2.
I’m also not sure how or if I should use code to force traffic/robots to use/index only the www. version of my website. Do I need the code below or is it enough to just submit the www. to Google and Bing Search Consoles?Add the following code to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule (.*) http://www.example.com$1 [R=301]And for Nginx:
server {
server_name example.com;
return 301 http://www.example.com$request_uri;
}3.
Also, should I implement the following, to force logins and WordPress admin area to use SSL?
Add code to your wp-config.php file:define(‘FORCE_SSL_ADMIN’, true);
Make sure the code is placed above the “stop editing” line as shown below:
/* That’s all, stop editing! */That’s it, thanks
SteveJune 12, 2017 at 9:00 am #332456TomLead DeveloperLead DeveloperHi there,
Setting your WP addresses to https works, but you still need to redirect non-https traffic to https. Those code snippets you provided look like they should do the trick. Your hosting should also be able to help if you don’t want to add that code.
Same with www/non-www – you want to choose one and redirect the one you didn’t choose.
Forcing SSL in the admin is also a good idea 🙂
June 12, 2017 at 11:36 am #332530StephenThanks Tom.
My host, Site Ground, says:
If you have already configured your WordPress website to work with HTTPS URL, there is no need to add those redirect rules to your .htaccess file.
Its no wonder I’m confused.
Thanks, I’ll proceed based on your answer.
SteveJune 12, 2017 at 12:06 pm #332541StephenHi Tom,
With regards to question 3. Do I really need to force ssl for logins/admin in the wp-config file when I already have WP set-up to httpS on both URL’s in General Settings?
Thanks
SteveJune 12, 2017 at 7:20 pm #332695TomLead DeveloperLead DeveloperI would say no, but it won’t hurt to add the code anyways.
June 13, 2017 at 1:29 am #332796StephenThanks Tom.
Steve
June 13, 2017 at 8:55 am #332987TomLead DeveloperLead DeveloperNo problem 🙂
June 15, 2017 at 3:09 am #333881StephenHi Tom,
My host provides the option for forcing https through nginx config file, so thanks for the heads up.
With regards to forcing non-www to www the host say:
There is no need to Redirect to WWW in the .htaccess file as WordPress is a domain/url dependent application, and only loads with the URL that has been set in the database.Would you say this advice is correct or should I add the code?
Thanks
SteveJune 15, 2017 at 10:56 am #334068TomLead DeveloperLead DeveloperYou can test it by trying to go to the www (or non-www) URL – does it redirect automatically?
June 16, 2017 at 1:02 am #334346StephenHi Tom,
Yes the domain redirects automatically from non-www to www, but then why are there so many tutorials suggesting adding the code when its not really needed? I can understand the need for the redirect if you changed from non-www to www on an old/existing site, but not for a new site. Only 1 tutorial out of 10+ recommended the code was for existing sites only.
Thanks
SteveJune 16, 2017 at 9:28 am #334558TomLead DeveloperLead DeveloperSometimes it’s necessary, but perhaps your hosting takes care of it for you.
If it’s redirecting for you, then you should be fine 🙂
June 17, 2017 at 2:38 am #334869StephenThe SSL redirect created by the host at server level probably takes care of the www as well.
Thanks
Steve -
AuthorPosts
- You must be logged in to reply to this topic.