How to Force SSL and HTTPS in WordPress via .htaccess Rules

How to Force SSL and HTTPS in WordPress via .htaccess Rules

Add these rules to the top of your root .htaccess file (above other rewrite rules) changing the two instances of domain.tld to your domain name.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^domain.tld$
RewriteRule (.*) https://domain.tld/$1 [R=301,L]

If your .htaccess file already has a RewriteEngine On line you can safely remove (or leave) the extra copies. You only need it once at the top above the RewriteCond %{HTTPS} off line.

Once uploaded to the root of the site it will force all visitors through the https/SSL secure version of the site.

Continue Reading Moving a WordPress Site from HTTP to HTTPS SEO Guide