WordPress force HTTPS redirect ensures all your site traffic stays secure. With this quick combo tweak — a line in wp-config and a rule in .htaccess — you can force HTTPS without any plugin!
1️⃣ Add this to your wp-config.php file:
define(‘FORCE_SSL_ADMIN’, true);
2️⃣ Add this to the top of your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
How It Works
This WordPress force HTTPS redirect tweak does two things: the wp-config line secures your admin area, and the .htaccess rule redirects all HTTP requests to HTTPS.
Why WordPress Force HTTPS Redirect?
Enforcing HTTPS protects your users and your SEO. It makes sure no visitor accidentally browses an insecure version of your site.
Common Mistake
Always back up your .htaccess before editing. A small typo can break your site — test carefully!
Pro Tip
Combine this with HSTS headers for an even stronger HTTPS setup.