New Member
Hi all,

I'm after some advice from all your collective experience. What is the best way to force an SSL connection? For max security, what I would like is for any http request, to be redirected to the https equivalent? I do not want this to apply to the subdomains.

I've read that some people recommend using .htaccess but there are many different ways...


Using htaccess is the simplest method. Like you said there are many ways to accomplish this, but I don't think one is better than another, so I'd go for the simplest which is htaccess.

Something along these lines.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Oh man -- I just spent most of my day fussing with this! If you are using Wordpress *make sure* that none of your plugins are interfering. Even after altering the htaccess file my "padlock" kept disappearing on the interior pages of my site. This was only happening in Firefox and IE9-- Chrome was totally fine throughout.

Turns out two of my plugins: AWeber email sub form and Jetpack were the offenders as well as some audio files I had linked to on product pages to non "https://" links.

Another thing support team had me do was in Wordpress change my settings in Settings>General to "https://" for both the Wordpress and Site URL.

Jonathan -- was this a redundant thing to do if it's altered already in the htaccess file?

Jennifer, that wasn't redundant since Wordpress outputs the fully http or https URL so changing Settings>General to the correct https is important otherwise every link would first try the http and then redirect via htaccess to https. When you make that change the links will go straight to the https without the need for the htaccess redirect on every page load. Probably would help with any plugins as well.