Opened 3 years ago
Last modified 3 years ago
#52799 new enhancement
Easy HTTPS Redirects in WordPress Dashboard
Reported by: | sarmstead | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Site Health | Keywords: | |
Focuses: | Cc: |
Description
In 5.7 we introduced a way to automatically update database URLs in the Tools > Site Health section. Great work everybody!
In addition to updating URLs, I propose that 5.8 adds a button to force HTTPS redirects in the .htaccess file at the site root. This feature would add the following code to the # BEGIN WordPress / # END WordPress block in the .htaccess file:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Why do this? Adding this enhancement can make securing a WordPress site much easier for users who don't want to fuss with code to keep their site from returning pages with http://.
Change History (4)
This ticket was mentioned in Slack in #core by sarmstead. View the logs.
3 years ago
#4
in reply to:
↑ 3
@
3 years ago
Replying to juliobox:
Hey
I think WordPress won't do that because the way to redirect http on https depends on host
Here is a french blog post about this https://reskator.fr/2019/forcer-la-connexion-en-https/
You will find a bunch of code depending on your host, and all hosts are not present here, so…
I love your thoughts here, thanks @juliobox! I totally forgot about Nginx configurations, along with all the quirks that come along with hosting providers. In this sense, it would certainly be difficult for us to adjust forcing SSL for all environments.
One alternative might be to detect the recommended providers (https://wordpress.org/hosting/). It still might be hard to determine if they are using Apache or Nginx, since some hosts allow for both.
What other options might we have to help users force SSL on their site?
Hey
I think WordPress won't do that because the way to redirect http on https depends on host
Here is a french blog post about this https://reskator.fr/2019/forcer-la-connexion-en-https/
You will find a bunch of code depending on your host, and all hosts are not present here, so…