Skip to content

Instantly share code, notes, and snippets.

@currentcreative

currentcreative/SSL-for-WP-no-Cloudflare.md

Created July 4, 2025 18:11
Show Gist options
  • Save currentcreative/ecd8485bc85fa691650ac7b3e8960778 to your computer and use it in GitHub Desktop.
Save currentcreative/ecd8485bc85fa691650ac7b3e8960778 to your computer and use it in GitHub Desktop.
Download ZIP
SSL - for .httaccess and wp-config for WordPress WITHOUT Cloudflare
Raw
SSL-for-WP-no-Cloudflare.md

If NOT using Cloudflare and having SSL problems, these are the best solutions for your .htaccess and wp-config.php.

• If you are using Cloudflare and having SSL problems, see other Gist named: "SSL - for .httaccess and wp-config for WordPress WITH Cloudflare"

• Do not use a plugin like ReallySimpleSSL in combination with these. It might give conflicting advice that causes problems.

MENU:

  1. For .httaccess file
  2. For wp-config file

1. For .httaccess file: replace whatever is in there with this:

<IfModule mod_rewrite.c>
  RewriteEngine On

  # Force HTTPS
  RewriteCond %{HTTPS} !=on
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

  # Authorization header (needed for REST API & plugins)
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

  RewriteBase /
  RewriteRule ^index\.php$ - [L]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . /index.php [L]
</IfModule>

<IfModule mod_headers.c>
  Header always set Content-Security-Policy "upgrade-insecure-requests;"
</IfModule>

2. For wp-config file: add this near top of the file:

define( 'WP_HOME', 'https://mydomain.com' );
define( 'WP_SITEURL', 'https://mydomain.com' );

/** Optional fix for broken SSL detection (reverse proxy, Hostgator, etc.) **/
if ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) {
    $_SERVER['HTTPS'] = 'on';
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment