By If you use a SSL certificate to keep your WordPress admin more secure, then you may have noticed that there are times when some of your front end URLs start with https:// instead of http://.
The problem
I noticed this happening when I saw this website in a Google search result and it was listed as https://blackhillswebworks.com instead of just blackhillswebworks.com. Apparently Google had indexed the site soon after it had redirected from the back end while under SSL. This may not bother you, but it bothered me, and I went looking for a solution.
The solution
What I found was a post by Yoast called WordPress SSL setup tips & tricks, which has some very helpful information in it. As he points out, there are plugins such as WordPress HTTPS that can handle this, but I was looking for a simple solution that didn’t require a plugin. One of the tips in his post was “forcing SSL on that one page.”
The solution, simplified
I took his code for that tip and simplified it so that all it does is make sure your front end URLs do not use https://. If you’re using SSL for your WordPress admin and want to test this, log out of WordPress and then click the “Back to [your website]” link on the WordPress login page.
Without this code your front end URL will have https://.
With this code your front end URL will be simply http://, which is how it should be.
The code
Gist – Redirect WordPress front end https URLs to http without a plugin
Where to put this code
Add the code to a core functionality plugin, its own plugin, or functions.php.
What this code does
Adds an action at the template_redirect action hook. This action uses several WordPress functions to determine whether or not to use http:// or https://. is_ssl checks to see if SSL is being used, and is_admin checks if the admin (back end) is being displayed. Depending on the results, wp_redirect makes sure that http:// is being used on the front end.
Troubleshooting
Not working for you after you’ve added the code? Before you add a comment below and tell me it doesn’t work, there are a few things you should do. The reason it appears to not be working is probably a cache issue – your browser’s cache, your computer’s DNS cache, and possibly a caching plugin, if you have one installed and active on your website.
Your browser’s cache
Unless you’ve specifically configured your browser(s) to not cache web pages locally on your machine, it’s happening. Usually this is a “good” thing, unless you’re developing websites and always want to see the most recent version of a web page.
Google “clear browser cache” and you’ll get many results. The current top result is Refresh Your Cache, and that website shows, with screenshots, how to clear the cache of the major browsers.
Your computer’s DNS cache
This is different from your browser’s cache, and it happens at the operating system level. Again, the purpose is to make computing, and especially web browsing, faster, but sometimes bad DNS results are cached. whatsmydns.net has comprehensive instructions for flushing the DNS cache of different operating systems.
Your website’s caching plugin
If you’re running a caching plugin on your site, then it “may” be contributing to the apparent problem of this code not working.
Flush all three until fixed
I’ve had several sites where https versions of front-end pages were returned even with this code in place. To fix the problem, I had to do a systematic and determined flushing of all three caches listed above until I was seeing consistent http results, even when I manually entered https into the browser’s address bar.
If you’re not seeing the results you want after adding this code, flush your caches until you do.
Hi
Thanks for the solution. It’s really helpful for me actually one of my client’s website was listed with https:// and she was asking me for a solution. And here is the solution I’ve found. Thanks for your help. Keep sharing such a brilliant ideas.
You’re welcome, Sarah!
Dear Webmaster,
I need your help. One of my clientβs website was listed with https:// and from few months he implemented 302 Redirection and now website redirected to http://
The problem is that we are not getting the rankings on SERPs in Google because due to 302 Temporary Redirection on website. This means, that the actually content is temporary not reachable and will come back soon. Search Engine Bot might not follow it or handle it as temporary. For SEO this is also a bad because no link juice will be transferred to the linked page.
So Kindly help me to resolve 301 permanent Redirection (https:// to http://) instead of 302 Redirection…
Hi Rakesh,
I’m not sure what to tell you about this, though I think if you’ve changed over to 301 redirects this will work itself out in time.
John
Hi John,
Thanks for writing this up. I recently enabled https on my WordPress admin, everything seemed fine, but then I saw a drop in visitors. Checked my indexed pages and it turned out all my blog posts were also indexed through https; a definite duplicate content penalty.
You’re welcome! Hopefully those https indexed pages will be forgotten by Google before too long. Alternatively, you could go to Google Webmasters and manually remove them yourself – something I’ve had to do once or twice in the past.
John
Seems like it should work, but with WordPress 4.0, it causes a redirect loop between (in my case) https://test.sunsetvistarealty.com/schools/ and http://test.sunsetvistarealty.com/schools/. Have the same redirect loop problem attempting to do this redirection with WordPress 4.0 in .htaccess (which worked in WP 3.9.2).
Jim,
Sounds like there’s something else going on there. I’m using this code on multiple sites that were running WP 3.9 and are now running 4.0, and it works great.
I’d look for some code or plugin on your site that’s trying to force the front end into https.
John
Thanks for sharing about Redirect WordPress front end https URLs to http without a plugin code.
Further research shows that it is a known problem with WordPress 4.0:
https://wordpress.org/support/topic/wordpress-40-in-a-ssl-loop
https://core.trac.wordpress.org/ticket/29708#ticket
Jim, thanks for the links. Sounds like you were correct that 4.0 changed how https is handled in some cases, and 4.0.1 should be reverting that change when it’s released.
Hi John,
Thank you for the valuable piece of information. As of now, my site (front end HTTPS) is redirecting to http version without a problem. I managed to secure only the admin login and registration part on my page. Again, thank you!
Hey Mark,
You’re welcome, and I’m glad you found it useful!
John
Great information. I do not want to use SSL nor do I have a cert. Awhile back I did. Somehow half of my posts are showing up as https. How do I revert those posts back to http? Tried 301 plugin but same results.
Paul,
I haven’t tested this, but I think if you remove the
is_ssl() &&from the first if statement in that function it may do what you’re wanting.Another and possibly better option may be handling this in your .htaccess file.
John
Great! I had to switch from https to http after i noticed there was 21% drop in my organic visits since I had a redirect to https, so I had to switch back to http and it seems my web site is recovering from this lose.
Thanks!
This worked like a charm and saved me a lot of grief from my client, so many thanks!
One question: What would be the best way to modify your function to include exceptions for certain pages that you want to be SSL?
I’ve toyed with function, but am wary of creating an infinite loop:
function http_feed_force_ssl( $force_ssl, $post_id = 0, $url = ” ) {
if ( strpos($url, ‘/page-i-want-ssl/’) !== false ) {
$force_ssl = true;
}
return $force_ssl;
}
add_filter(‘force_ssl’, ‘http_force_ssl’, 10, 3);
Hi Steve,
Yeah, that’s where this starts to get tricky. I’ve got a more comprehensive SSL blog post in the works, but in the meantime, check out this Gist: https://gist.github.com/bhwebworks/3cf728c5d5e0c021105f.
Also, you will need to modify the Gist in this blog post, adding
&& ! is_single( 7000 )to the opening IF statement, changing 7000 to your specific page or post ID.John
I’m facing a very weird problem with my website. When I log in as admin, all URLs on frontend are displayed as non-https URLs, but when I log out they suddenly change to https:// URLs. How do I solve this?
Hi Mohit,
That does sound strange. Do you want the front-end URLs to be https or http? And are your back-end URLs all https?
John
I’ve got a much easier way! Just implement this short piece of code in your .htaccess file
RewriteEngine OnRewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
and this will redirect all your http:// requests to https:// request. My client made a change in the backend when he installed SSL certificate, but just changing the URL from Settings>General>URLs won’t make any change in it. I implemented this in .htaccess file and now it works as charm. Smooth redirects!
Hi Skip,
Thanks for the info. It looks like you might have gotten that htaccess rewrite code from the Yoast article that I linked to in my post? I use something similar when I want the entire site to be https, as Yoast explained and you mentioned in your comment.
But, this blog post was about having your WordPress admin be https, and your WordPress front end be http, and making sure that they stay that way.
John
Hi John,
thanx a lot for that work including documentation, writing, answering…
Two questions: Your article is from Oktober 2013 – does it still work with WP 4.2.2?
And my “special” problem: I’m working with many WP-Systems (with different plugins and themes), and all with the same issue: With iThemes Security I made the backends running on ssl and the frontends with normal non-ssl. After some WP-Updates (I don’t know which one after the 4.0 – I saw it later with Chrome, which I don’t use very often) suddenly all images in all new posts are saved with a https-URL. Every user coming with a Chrome only sees broken images (FF isn’t so “philistine”) .
Now – isn’t your code a solution “too much” for that?
Thanx a lot for thinking and any answer!
All the best,
Stephan
Hi Stephan,
RE your first question, it does still work with WP 4.2.2.
RE your special problem, I’m not sure what to say. I have several sites using this method and they don’t seem to be having this issue. If you’ll let me know the URL of the website or websites in question, I can take a look and see if I notice anything from the front end that might help.
John
Glad I see this post,
Several page indexed by Google as https, although I have use rel canonical to http version.
This post saved my day.
Thanks
You’re welcome, Freeza!
Yey! Thanks a lot! Frontpage still using http and admin using https.
Glad to hear it, Pandu!
Wow, thank you for writing this up John!
Now everything fine here! Front end using HTTP, and my Signin, Login and Back end using HTTPS!
Great =)
You’re welcome, and glad to hear it, Kupone!
John
please tell me how to add this code and where to find function.php
Hi Prateet,
functions.php is a file in your theme’s directory, and you would typically add the code using a text editor and a FTP client. You could add the code using the Theme Editor in WordPress, but you risk breaking your site and not being able to access your site’s admin area if you make a coding mistake using that editor.
This is pretty basic stuff, but I’ll direct you to the WordPress Codex for further help: https://codex.wordpress.org/Editing_Files
John
i changed my host on 3 July then I see my all blog post on google search https
my question is it will redirect on same page or same post
ex..
https://www.site.com/2015/07/nokia-lumia-630
redirect to
http://www.site.com/2015/07/nokia-lumia-630
i am right ???
It should redirect to http, yes.
I pasted this into my functions file and it didn’t work.
Hey Blake,
Sorry to hear it’s not working for you, though with more information I might be able to help.
Without that info, I’m guessing that you’re running into a browser caching issue, or maybe your computer’s DNS cache is holding on to the https versions of your website’s URLS and that’s why it appears to not be working.
Another possibility is your website’s cache plugin, if you’re using one, still has the https versions of certain pages in the cache and those are being displayed.
Speaking from experience, it’s a good possibility that a combination of those three things is happening.
John
This is fantastic! Thank you so much! I spent one month, I have found it!
Wow thank you so much.. I spent hours trying to fix it in htaccess and nothing worked. This worked in ONE SECOND. Thanks a million
You’re welcome, Christian! Glad it helped.
Hi,
The code in the files .htaccess or functions.php to theme ?
Thank You
Sorry, in functions.php, put the code, thank you
First Thank you John
This is a Great Post! I spent so much time, I have found it!
You’re welcome, Ankur!
You mentioned a new tutorial…Any news on how to do this, but still have a specific page under https?
Also, I just built a new site for a client, the old site was completely under https. The new site will just have one page under https. How do I do a 301 redirects from an old https page to a new http page? Any help is greatly appreciated!
Hi John,
Thanks for the awesome solution. I have implemented it in my WP website. Everything works well except the post preview. I am not able to preview my post. Could you please provide solution for it. Thanks in advance.
Thanks,
Tam
Tam,
What happens when you try to preview a post?
John
WOW! I’ve been looking for this… I so have the same problem and everyone tells me to move to SSL but my site is 17 years old. I don’t want to move it to SSL.. those are just different pages to google and i don’t want to deal with them switching. I don’t trust it..
So – it works GREAT! It redirects everything to http.. I love it.. but i do have a login page /login/ so I used your code from https://gist.github.com/bhwebworks/3cf728c5d5e0c021105f and it still redirects to http but i does not redirect the pages i want to ssl. Or even one page to SSL. π This is now my problem.. π so i had to turn it off … bummer π
I know this is very vague but would you have any clue what I can check to see? BTW – i tried caching. I cleared everything… π Tonight i will disable all the plugins and try it to see but i need to wait for traffic to get lower π I will let you know if i fix it but wanted to leave the comment. I really need this solution to work! π
Thank you so much. Truly awesome. I so want to get this to work. Thanks for any help you can bring!
Hey Douglas,
Did you happen to see my first comment on that Gist you linked to? That may be what you’re missing.,,
John
Yah, I think i saw it π
this is the code i’m using… it transfers everything to http but i can’t get it to force the any specific page to https π
add_action( ‘template_redirect’, ‘bhww_front_end_ssl_template_redirect’, 1 );
function bhww_front_end_ssl_template_redirect() {
if ( is_single( 150542 ) && ! is_ssl() ) {
if ( 0 === strpos( $_SERVER[‘REQUEST_URI’], ‘http’ ) ) {
wp_redirect( preg_replace( ‘|^http://|’, ‘https://’, $_SERVER[‘REQUEST_URI’] ), 301 );
exit();
} else {
wp_redirect( ‘https://’ . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’], 301 );
exit();
}
} else if ( ! is_single( 150542 ) && is_ssl() && ! is_admin() ) {
if ( 0 === strpos( $_SERVER[‘REQUEST_URI’], ‘http’ ) ) {
wp_redirect( preg_replace( ‘|^https://|’, ‘http://’, $_SERVER[‘REQUEST_URI’] ), 301 );
exit();
} else {
wp_redirect( ‘http://’ . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’], 301 );
exit();
}
}
}
// OPTIONAL – Make sure SSL page permalinks are also https – only applies to Posts, not Pages
add_filter( ‘pre_post_link’, ‘bhww_make_page_permalinks_ssl’, 10, 3 );
function bhww_make_page_permalinks_ssl( $permalink, $post, $leavename ) {
if ( 150542 == $post->ID )
return preg_replace( ‘|^http://|’, ‘https://’, $permalink );
return $permalink;
}
Douglas,
If the post/page with ID 150542 is a page and not a post, try changing is_single( 150542 ) to is_page( 150542 ).
I’d forgotten that is_single() doesn’t work with pages, but was reminded of this after looking at the code for one of my sites that has mixed https / http content and I realized that I used is_page() rather than is_single().
And if it’s a page, that optional filter won’t have any effect, according to the Codex.
It also occurred to me that the order you add these to your site probably matters, or better yet, change the priority of that add_action you included in your comment to 2, and leave the one I linked to in this comment as 1.
John
Thank you! works great with is_page! Thank you so much!!!!
You’re welcome!
Great solution, thank you!
Hi!
Thank’u for this (I’ve put in custom plugin), work fine but…
I need to exclude some page (contact, register, activate…) and force this – only this – to go back in https.
Can u help me with this little customization?
Thanks,
S.N.
Thanks for sharing about Redirect WordPress front end https URLs to http without plugin. I am really use for our websites. Nice and such information for us………..
Thank you very much, John! It works pretty well. After hours searching on the net, this is the only one that works. You are the real web coder π