Fixing The WordPress Infinite Redirect With HTTPS


About The Author
Avatar Cabe Nolan is the founder of WP Cover where he shares his insight into WordPress, development, & entrepreneurship. Outside of WPCover, Cabe continues to run a successful WordPress development firm, Bold City Design as well as a few high profile websites, Arrivala, Two Way Resume, Dock Skipper, and a successful outdoors brand, DolfinPack.







Fixing The WordPress Infinite Redirect With HTTPS

wordpress-infinite-redirect-ssl

Following Google’s algorithm change about a year ago, giving websites a slight SEO boost when serving your content over https, there has been a large spark in clients looking to convert their site. However, changing over your site can be a nightmare if you’re not familiar with the setup process. The most common error I hear about and have to resolve is the “infinite redirect” after switching to https. In short, the website will continue to redirect again, again, again, and again, until your browser finally catches on and shows an error message.

How do we fix it?  There’s a lot of different articles out there on fixing the issue but I’ve found most to either:

  • Not work
  • Provide ridiculous trial and error steps that don’t get you anywhere
  • Are to broad in how they’re written

 

So I decided to write a simple, straight forward approach to hopefully fix the issue.  You will need to login to your server via FTP and get open up both your .htaccess and your wpconfig.php file.

In your .htaccess, add the following lines above where it says #BEGIN WordPress:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

So your entire .htaccess file might look something like:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Next, we’ll make a little change to the wp-config.php file. At the very top of the file, we’re going to add:

if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"] ) && "https" == $_SERVER["HTTP_X_FORWARDED_PROTO"] ) {
$_SERVER["HTTPS"] = "on";
}

So the first 20 or so lines of your wp-config.php file might look something like:

<?php
if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"] ) && "https" == $_SERVER["HTTP_X_FORWARDED_PROTO"] ) {
$_SERVER["HTTPS"] = "on";
}
/**
 * The base configurations of the WordPress.
 *
 * This file has the following configurations: MySQL settings, Table Prefix,
 * Secret Keys, and ABSPATH. You can find more information by visiting
 * {@link http://codex.wordpress.org/Editing_wp-config.php Editing wp-config.php}
 * Codex page. You can get the MySQL settings from your web host.
 *
 * This file is used by the wp-config.php creation script during the
 * installation. You don't have to use the web site, you can just copy this file
 * to "wp-config.php" and fill in the values.
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //

That’s it! Your site should now redirect properly to the homepage or login page when typing in the appropriate URLs. These snippets are based off of the great WordPress plugin, Really Simple SSL, which can be downloaded from the repository here: https://wordpress.org/plugins/really-simple-ssl/

Let’s secure up those sites and make the internet a safer place for all!


Share Your Thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *


Related Stuff You Might Like







WordPress News, Tips, & Code Snippets

Join the WP Cover mailing list and get wordpress news, tips, code snippets, security warnings, and more delivered right to your inbox.  We won't flood your inbox, newsletters typically go out every 1-2 weeks unless it involves an important security release.

You have Successfully Subscribed!