Warm tip: This article is reproduced from stackoverflow.com, please click
.htaccess ssl wordpress

WordPress redirect all HTTPS to HTTP

发布于 2020-04-10 16:12:06

We have a WordPress site, and used to have an SSL certificate. The site used to be all HTTPS, and now we don't need the SSL anymore so we let it expire.

We've already changed the Site Address and WordPress Address in the admin panel to be http://example.com.

We have several links out in the wild that link back to us with https:// and if the user accesses the site with https:// the site breaks or the user gets a warning message in their browser.

Bottom line, we need to redirect all https:// traffic to http://.

I tried couple of plugins (no luck):

and even changed the .htaccess file (still no luck)

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Not sure what else I need to do.

Questioner
user1251762
Viewed
82
分享
drew010 2017-11-21 01:15

The problem here lies with the fact that before Apache or WordPress come in to play, the browser needs to establish a connection with the server over HTTPS by connecting, performing an SSL handshake, exchanging (and verifying) certificates, and only after all that is done, will the browser issue the HTTP request that tells the server what resources it is looking for.

Because of that, no .htaccess or WordPress plugin is going to be able to redirect the user without them establishing a secure session.

Of course if you install a self-signed certificate, the user is going to be presented with a warning before any of this happens. If you by chance (which doesn't seem to be the cast) had been sending Strict Transport Security headers over https, then previous visitors' browsers may not even allow them to connect over HTTP.

If you want to redirect HTTPS traffic to HTTP, unfortunately you are going to have to acquire a valid certificate and redirect using .htaccess or some PHP code as you are.

If you're looking for certificates that are trusted by a majority of browsers without paying, you can get a free certificate from Let's Encrypt.

Bottom line, if you want to seamlessly redirect HTTPS traffic to HTTP without any warning messages, you need to install another SSL certificate from a trusted CA.

Related issues

1
SSL errors installing hugo in blogdown
2
zsh: no matches found: requests[security]
3
Install SSL certificates and Virtual Hosts for new domains through API
4
Problem with Python requests SSLCertVerificationError
5
OpenSSL 1.0.2 to Read md5 CA Certificates
6
mnist_784 download fails with CERTIFICATE_VERIFY_FAILED (Even after installing certifi)
7
Conflicting redirects in apache .htaccess rules, SSL redirect
8
InvalidApnsCredential while certificates are valid
9
Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel
10
What is this protocl version sent in the TLS supported_versions extension