If you use a SSL certificate to keep your WordPress admin more secure, then you may have noticed that there are times when some of your front end URLs start with https:// instead of http://.
I noticed this happening when I saw this website in a Google search result and it was listed as https://blackhillswebworks.com instead of just blackhillswebworks.com. Apparently Google had indexed the site soon after it had redirected from the back end while under SSL. This may not bother you, but it bothered me, and I went looking for a solution.
What I found was a post by Yoast called WordPress SSL setup tips & tricks, which has some very helpful information in it. As he points out, there are plugins such as WordPress HTTPS that can handle this, but I was looking for a simple solution that didn’t require a plugin. One of the tips in his post was “forcing SSL on that one page.”
The solution, simplified
I took his code for that tip and simplified it so that all it does is make sure your front end URLs do not use https://. If you’re using SSL for your WordPress admin and want to test this, log out of WordPress and then click the “Back to [your website]” link on the WordPress login page.
Without this code your front end URL will have https://.
With this code your front end URL will be simply http://, which is how it should be.
Where to put this code
Add the code to a core functionality plugin, its own plugin, or functions.php.
What this code does
Adds an action at the template_redirect action hook. This action uses several WordPress functions to determine whether or not to use http:// or https://. is_ssl checks to see if SSL is being used, and is_admin checks if the admin (back end) is being displayed. Depending on the results, wp_redirect makes sure that http:// is being used on the front end.
Not working for you after you’ve added the code? Before you add a comment below and tell me it doesn’t work, there are a few things you should do. The reason it appears to not be working is probably a cache issue – your browser’s cache, your computer’s DNS cache, and possibly a caching plugin, if you have one installed and active on your website.
Your browser’s cache
Unless you’ve specifically configured your browser(s) to not cache web pages locally on your machine, it’s happening. Usually this is a “good” thing, unless you’re developing websites and always want to see the most recent version of a web page.
Google “clear browser cache” and you’ll get many results. The current top result is Refresh Your Cache, and that website shows, with screenshots, how to clear the cache of the major browsers.
Your computer’s DNS cache
This is different from your browser’s cache, and it happens at the operating system level. Again, the purpose is to make computing, and especially web browsing, faster, but sometimes bad DNS results are cached. whatsmydns.net has comprehensive instructions for flushing the DNS cache of different operating systems.
Your website’s caching plugin
If you’re running a caching plugin on your site, then it “may” be contributing to the apparent problem of this code not working.
Flush all three until fixed
I’ve had several sites where https versions of front-end pages were returned even with this code in place. To fix the problem, I had to do a systematic and determined flushing of all three caches listed above until I was seeing consistent http results, even when I manually entered https into the browser’s address bar.
If you’re not seeing the results you want after adding this code, flush your caches until you do.