[Sn1F3rt]

Hi guys,

I've made this post out of curiosity to know which method do you all prefer to redirect HTTP traffic to HTTPS. There are two solutions possible:

1. Plugins(like Really Simple SSL)
   
2. .htaccess file redirect
   

Plugins like Really Simple SSL(and there are lots out there...) make it really easy for users to the HTTPS redirect. This is especially suggested for newbies who aren't much-aquainted to programming files themselves. It provides a really simple interface for users to do what they intend in the click of a button. However, This has a flip side too. That is, only the WordPress site gets redirected. Other direct access images or files remain open on HTTP port.

The next method - the .htaccess file method -  is my personal favorite. This is because it redirects all requests on HTTP to HTTPS. There isn't much to understand. I will be providing the code. Just copy and paste this on top of all contents in your .htaccess file in your WP directory.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]
</IfModule>

And you shall start realizing the magic. Feel free to post your opinion too - I am very eager to hear them Also created a poll so that you can vote for your preferred method. Cheers!

Regards,

[SRTerabytes]

If I had to be stuck with Apache then I'd go with the .htaccess file redirect method because I like to not rely on plugins as much as possible so you don't have to keep them updated.

As for what this is for, SSL certificates are really nice to have and you can now get them for free with Let's Encrypt. I recommend anyone reading this with a domain and a VPS to learn how to use Let's Encrypt if you can't afford it from those who sell it to have a free SSL certificate for HTTPS that auto renews after several months. There's already a tutorial for that on this forum.

[Sn1F3rt]

If I had to be stuck with Apache then I'd go with the .htaccess file redirect method because I like to not rely on plugins as much as possible so you don't have to keep them updated.

As for what this is for, SSL certificates are really nice to have and you can now get them for free with Let's Encrypt. I recommend anyone reading this with a domain and a VPS to learn how to use Let's Encrypt if you can't afford it from those who sell it to have a free SSL certificate for HTTPS that auto renews after several months. There's already a tutorial for that on this forum.

@SRTerabytes : It's definitely true about servers. Actually this post was more directed towards WordPress sites (on shared hosting) as I see a lot of them around here. WordPress sites basically have the plug-in option.

[Mashiro]

I would always prefer and always recommend to use the redirection method that the web server provides. May it be .htaccess, other similar configuration files or direct entries in the vHost (like nginx does it). This way you get redirected to the HTTPS version of the site BEFORE you load any content on the site. This leaves no time or space to possibly load something via an unsecured connection (if all resources on the site are loaded over and support HTTPS).

Using a solution within the software you host can possibly be insecure by having security flaws in that software that can exploit the redirection feature to load malicious code on the client side browser.

My two cents. I'm using Nginx now for over 5 years and love it.

[Sn1F3rt]

I would always prefer and always recommend to use the redirection method that the web server provides. May it be .htaccess, other similar configuration files or direct entries in the vHost (like nginx does it). This way you get redirected to the HTTPS version of the site BEFORE you load any content on the site. This leaves no time or space to possibly load something via an unsecured connection (if all resources on the site are loaded over and support HTTPS).

Using a solution within the software you host can possibly be insecure by having security flaws in that software that can exploit the redirection feature to load malicious code on the client side browser.

My two cents. I'm using Nginx now for over 5 years and love it.

I agree with your view on security issues. In fact that's the sole reason why I stopped using plugins once one of my teammates was the victim of a pharming attack.

He had a beautiful WordPress blog with over 1K views a day, which was the victim of the attack. In fact that got him banned by his hosting service and he's lost a huge lot of vital information, which he didn't backup.

One thing more I've also been involved with nginx for over a year now but Apache is an all time favorite.

[chanalku91]

Prefer to use httacces because it's more userfriendly and doesn't take up a lot of resources!
If you choose plugins you will get security problems

[Melvin]

i also do prefer .htaccess to redirect HTTP to HTTPS while its more easier and won't case any issues or errors and easy to do.

[Kururin]

Web server, not even .htaccess. I think apache2 shouldn't be used anymore as the way it eats memory like a monster. Nginx is always better and lightweight in my opinion and the configuration is simple as well. As for the topic I would like to say configuration side is much better to me than some plugin that I don't know what it does. I rather hand-tune my website than let some plugin do it.

[deanhills]

Web server, not even .htaccess. I think apache2 shouldn't be used anymore as the way it eats memory like a monster. Nginx is always better and lightweight in my opinion and the configuration is simple as well. As for the topic I would like to say configuration side is much better to me than some plugin that I don't know what it does. I rather hand-tune my website than let some plugin do it.

I think the better option is to have both together using the best of both. Nginx serving as static web server front while Apache is processing the back end.

Here is an article of how best of the two can be combined together using Ubuntu OS:
https://hostadvice.com/how-to/how-to-con...in-ubuntu/

[Manal]

I wouldn't go for such deep and all these dopes to redirect from HTTP to HTTPS. Why? I'm too lazy to login into my cPanel and make changes or install a plugin. Just add your site to Cloudflare and update the nameserver and you'll see an option to redirect all HTTP traffic to HTTPS.

Yea, i'm lazy,