How to Force SSL on Your WordPress Website

Home » Snippets » How to Force SSL on Your WordPress Website
0

Created with:

Visibility: 

public

Creator: WPTurbo Team

Customize with WPTurbo AI
X

Add Snippet To Project

New Project
Add To Existing Project

Are you concerned about the security of your website? One way to enhance the security of your WordPress site is by using SSL (Secure Sockets Layer) encryption. SSL is a protocol that encrypts the communication between your website and its visitors, offering an extra layer of protection for sensitive information. In this article, we will explore how to force SSL on your WordPress website, ensuring that all connections to your site are secure and encrypted.

					function wpturbo_force_ssl() {
    if ( ! is_ssl() ) {
        if ( 0 === strpos( $_SERVER['HTTP_X_FORWARDED_PROTO'], 'https' ) ) {
            $_SERVER['HTTPS'] = 'on';
        } else {
            wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
            exit();
        }
    }
}
add_action( 'template_redirect', 'wpturbo_force_ssl' );
				

The purpose of the code snippet is to force SSL (Secure Socket Layer) on a WordPress website. SSL is a secure protocol that encrypts data transmitted between a user’s browser and the website’s server, ensuring the privacy and integrity of the information exchanged.

The wpturbo_force_ssl() function is defined to handle the SSL enforcement. Let’s breakdown the code to understand how it accomplishes this:

if ( ! is_ssl() ) {

The code checks if the website is not already using SSL by calling the is_ssl() function. If the website is not using SSL, the condition is met, and the code block inside the if statement will be executed.

if ( 0 === strpos( $_SERVER['HTTP_X_FORWARDED_PROTO'], 'https' ) ) {
    $_SERVER['HTTPS'] = 'on';
} else {
    wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
    exit();
}

Within the if statement, another condition checks if the request is coming through a reverse proxy or load balancer that sets the HTTP_X_FORWARDED_PROTO header to indicate HTTPS. If the condition is met, the code sets the $_SERVER['HTTPS'] variable to ‘on’, which tells WordPress that SSL is being used.

If the condition is not met, it means that SSL is not being enforced. In this case, the code uses the wp_redirect() function to redirect the user to the same URL but with the ‘https’ protocol in the URL. The $_SERVER['HTTP_HOST'] variable represents the current domain, and $_SERVER['REQUEST_URI'] represents the requested URL. The 301 parameter passed to wp_redirect() indicates a permanent redirect, which helps search engines and browsers update their caches accordingly. After the redirect is triggered, the exit() function is called to terminate the script execution.

add_action( 'template_redirect', 'wpturbo_force_ssl' );

Finally, the wpturbo_force_ssl() function is hooked into the template_redirect action, which is a suitable hook for forcing SSL. This ensures that the function is called at the right moment during WordPress’s template loading process.

By adding this code snippet to the theme’s functions.php file or a custom functionality plugin, SSL will be enforced on the website, ensuring secure communication between the user and the server.

Register an account to save your snippets or go Pro to get more features.