Skip to:
Codex HomeGetting Started → .htaccess redirects for FORCE_SSL_ADMIN

.htaccess redirects for FORCE_SSL_ADMIN

This is a quick reference for anyone that is using FORCE_SSL_ADMIN in their wp-config.php to serve the admin dashboard and user login over https, but would like normal users to browse the frontend over http. BuddyPress implements its own set of redirect to parameters so that normal users are redirected back to the frontend after logging in rather than going straight to the admin dashboard (the default WP behavior). This makes sense as most BP users aren’t going to need to see the dashboard, but when FORCE_SSL_ADMIN is enabled this redirection includes https and causes regular users to browse the frontend over https.

One solution for fixing this is to use .htaccess rules to blanket redirect users who are not browsing the admin dashboard to the http version of your site. Below is some sample .htaccess rewrite rules that should redirect your users to http when they login. Your .htaccess file should be located in your document root, but may vary depending on your configuration.

Make sure that your redirect rules occur before the WordPress section (which is added if you use permalinks). Also, note that the rewrite condition you use to check for https may differ. For example, for some shared hosts you may need to use RewriteCond %{HTTP:X-Forwarded-SSL} on instead.

For more information on .htaccess rules and SSL check out this article.

# This is the additional rewrite section

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule !^wp-(admin/|login.php|includes/|content/)(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Skip to toolbar