How to force all WordPress content to SSL

I recently moved my Wordpress site to SSL and what I did was the following:

1. Outside the block relative to # BEGIN WordPress, at the start of.htaccess

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
   

2. Inside the block # BEGIN WordPress, everything as usual

   # BEGIN WordPress
   <IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteBase /
   RewriteRule ^index\.php$ - [L]
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteRule . /index.php [L]
   </IfModule>
   # END WordPress
   

That way my site runs smoothly onhttps

If there is any other problem, it may be due to the certificate. You can verify that it is correctly installed by accessing SSL Checker and entering the URL of your site. If it doesn't validate everything, putting it in green ( as shown in the image in this question ), you must correct what is necessary.

If just changing the htaccess doesn't work for you, maybe you should follow these steps.

1. Verify that your page loads correctly on https://

2. Redirection of all pages from the wordpress configuration, that is, Options> General and put the two urls with https as in the image:

3. If you don't want to touch the htaccess, there are a couple of plugins that do the redirection and change insecure content: https://wordpress.org/plugins/https-redirection/ and https://wordpress.org/plugins/ssl-insecure- content-fixer/

4. Next you have to verify some more parameters, for example references in the template that may have http:// (that is, the configuration in Appearance > Customize or in the Options of the theme itself if it had.

5. Sometimes there are references in style sheets that contain urls with http://, or accessory files that may have some calls to http://, you should locate and fix them.

6. And finally you should inspect with your explorer and see if there are any insecure elements left.

Finally, do not forget to change references of tracking codes or other elements that you have. Also, to avoid problems, you could put the urls http://www . or https://www . as follows //www. so they would load http or https depending on the environment.

Apart from what the other forum members said, it may work for you if you put this:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://TUDOMINIO.ES/$1 [R,L]

Replacing YOURDOMAIN.ES by your real domain.

Will you tell us if it worked?

You can do it using a plugin, WordPress HTTPS (SSL). Once you install it, on its settings page, you can specify if you want to secure the entire site or just the administration area. To secure specific pages or posts, add a box to the WordPress editor in which to make it secure.

If, on the other hand, you prefer to secure specific inputs with a code, you can add the following to your function plugin:

    //Forzar SSL en páginas y entradas
function force_ssl($force_ssl, $id = 0) {
$ssl_posts = array(22, 130, 573);

if(in_array($id, $ssl_posts)) {
$force_ssl = true;
}
return $force_ssl;
}
add_filter('force_ssl' , 'force_ssl', 1, 3);

Simply change the list of post/page IDs to protect on line 3.

Additionally, you can force SSL security on WordPress admin and login screens by adding these lines to the wp-config.php file:

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

On the first line forces SSL on the login screens, on the second across the entire administration. To deactivate them, change the parameter “true” to “false“.

And if you want, you can also force SSL from .htaccess, for which you would have to add these lines:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://TUDOMINIO.ES/$1 [R,L]