While configuring my WordPress site for this blog I wanted to make sure that all content is delivered to the readers through HTTPS.
I really like the Let’s Encrypt initiative to provide free certificates so there is no excuse now not to use HTTPS in any websites, including personal blogs. I will write a post soon about how to automate the certificate generation for Azure Web App using Let’s Encrypt and Azure DNS, but as my blog is hosted on a simple WordPress on Linux where certificate generation is automatic through the CPanel the only thing to do is to redirect all HTTP requests to HTTPS.
This can be easily achieved by adding these lines to your .htaccess file:
|
1 2 3 4 5 |
RewriteEngine On RewriteBase / RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] |
If you have any issues with this, you may need to tweek the environment variable of the condition to use one instead of the %{HTTPS} that tells you on your host that the request is not HTTPS.