[Resolved] Set-up and Forcing SSL and WWW

Home Forums Support Set-up and Forcing SSL and WWW

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #332278
    Stephen

    Hi,

    I’m currently designing a new website on a new domain. This is my first SSL website and I’m concerned about duplicate content and its effect on SEO, as well as just making my site secure. I have 3 related questions please.

    1.
    Do I have to add any code to .htaccess, or wp-config for that matter, to force incoming traffic to use SSL? Is it enough to just change the WordPress Address URL and Site Address URL in WordPress General Settings? Job done?

    I’ve seen the following code in tutorials, but the code seems to be used for existing websites? My site and domain are new. Also, the code differs slightly from tutorial to tutorial, which is confusing.

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    2.
    I’m also not sure how or if I should use code to force traffic/robots to use/index only the www. version of my website. Do I need the code below or is it enough to just submit the www. to Google and Bing Search Consoles?

    Add the following code to your .htaccess file:

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^example.com$
    RewriteRule (.*) http://www.example.com$1 [R=301]

    And for Nginx:

    server {
    server_name example.com;
    return 301 http://www.example.com$request_uri;
    }

    3.
    Also, should I implement the following, to force logins and WordPress admin area to use SSL?
    Add code to your wp-config.php file:

    define(‘FORCE_SSL_ADMIN’, true);

    Make sure the code is placed above the “stop editing” line as shown below:
    /* That’s all, stop editing! */

    That’s it, thanks
    Steve

    #332456
    Tom
    Lead Developer
    Lead Developer

    Hi there,

    Setting your WP addresses to https works, but you still need to redirect non-https traffic to https. Those code snippets you provided look like they should do the trick. Your hosting should also be able to help if you don’t want to add that code.

    Same with www/non-www – you want to choose one and redirect the one you didn’t choose.

    Forcing SSL in the admin is also a good idea 🙂

    #332530
    Stephen

    Thanks Tom.

    My host, Site Ground, says:

    If you have already configured your WordPress website to work with HTTPS URL, there is no need to add those redirect rules to your .htaccess file.

    Its no wonder I’m confused.

    Thanks, I’ll proceed based on your answer.
    Steve

    #332541
    Stephen

    Hi Tom,

    With regards to question 3. Do I really need to force ssl for logins/admin in the wp-config file when I already have WP set-up to httpS on both URL’s in General Settings?

    Thanks
    Steve

    #332695
    Tom
    Lead Developer
    Lead Developer

    I would say no, but it won’t hurt to add the code anyways.

    #332796
    Stephen

    Thanks Tom.

    Steve

    #332987
    Tom
    Lead Developer
    Lead Developer
    #333881
    Stephen

    Hi Tom,

    My host provides the option for forcing https through nginx config file, so thanks for the heads up.

    With regards to forcing non-www to www the host say:
    There is no need to Redirect to WWW in the .htaccess file as WordPress is a domain/url dependent application, and only loads with the URL that has been set in the database.

    Would you say this advice is correct or should I add the code?

    Thanks
    Steve

    #334068
    Tom
    Lead Developer
    Lead Developer

    You can test it by trying to go to the www (or non-www) URL – does it redirect automatically?

    #334346
    Stephen

    Hi Tom,

    Yes the domain redirects automatically from non-www to www, but then why are there so many tutorials suggesting adding the code when its not really needed? I can understand the need for the redirect if you changed from non-www to www on an old/existing site, but not for a new site. Only 1 tutorial out of 10+ recommended the code was for existing sites only.

    Thanks
    Steve

    #334558
    Tom
    Lead Developer
    Lead Developer

    Sometimes it’s necessary, but perhaps your hosting takes care of it for you.

    If it’s redirecting for you, then you should be fine 🙂

    #334869
    Stephen

    The SSL redirect created by the host at server level probably takes care of the www as well.

    Thanks
    Steve

Viewing 12 posts - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.