Stop Wordpress From Redirecting to HTTPS

Sometimes Wordpress might redirect to HTTPS when you do not want it to; this article will show how to prevent it.


By. Jacob

Edited: 2020-11-18 12:10

Wordpress will sometimes automatically redirect from HTTP to HTTPS, such automatic redirection is generally bad, as it tends to cause confusion — luckily it is usually easy to fix.

The problem often happens after moving a Wordpress website to a domain hosted locally — especially when moving a website manually. The reasons that the problem occurs may include one or more of the below scenarios:

  1. There is a redirect configured in .htaccess, or more rarely in the Apache VHOST files.
  2. The siteurl and home options can be configured incorrectly after moving.
  3. A plugin, such as really simple ssl is causing a redirect from HTTP to HTTPS.

The redirect is usually unwanted on local test-servers, since there is rarely need to use HTTPS locally.

Prevent Wordpress from redirecting to HTTPS

How to remove the redirect will depend on what is causing the problem.

1. Be sure to check your .htaccess file and remove any redirects that are not supposed to be there.

2. Check that the siteurl and home options are configured correctly.

To update the siteurl and home options manually, the following queries can be used:

UPDATE wp_options SET option_value='http://local-test.beta' WHERE option_name = 'siteurl';
UPDATE wp_options SET option_value='http://local-test.beta' WHERE option_name = 'home';

Be sure to check what the name of your wp_options table is, as the database tables can have their own unique prefixes depending on the installation and/or hosting company.

3. If you got a plugin like really simple ssl installed, you can simply delete it from the plugin folder to get rid of it. In Linux, this can be done from a terminal or a file manager:

rm -R /var/www/local-test/wp-content/plugins/really-simple-ssl/

Once everything is done, be sure to close your browser and open an incognito window to prevent it from caching the redirect response.

How to correctly redirect from HTTP to HTTPS

Ideally you should not redirect traffic on HTTP to HTTPS since it creates a security risk.

When first enabling HTTPS on a website that was previously HTTP-only, having a redirect in place (temporarily placing a 301 redirect) might help search engines update their links; but it should generally be disabled again as quickly as possible.

This is because, if users access the HTTP version, either from an outdated link or by typing "http" in the browsers address-bar directly, a man-in-the-middle attack is made possible, and an attacker could potentially steal users credentials or serve as a proxy between the real site and a malicious site controlled by the hacker. This could enable the hacker to view, intercept, and modify everything the user does on the real site.

If you still need to use a redirect, I recommend you do it from the Apache VHOST configuration files; if that is not possible, use .htaccess or a plugin as last-resorts.

It also depends on how your host has installed the SSL certificates. Generally, a plugin should not be required, since SSL is configured on the server-level.

Tell us what you think:

  1. How to properly remove the title from a Wordpress post, and how to do it for specific post types.
  2. There is no function to select a post by slug name (post name), but we can create our own function to do it; find out how in this tutorial.
  3. How to properly customize Wordpress based website, where to add your own code, and how to override existing functionality.
  4. How to manually move a Wordpress website to another domain name, and copy the database and the files from the old site.
  5. Should you use Wordfence or Malcare? And are they even sufficient security tools? Securing a Wordpress site with third party plugins and themes is probably harder than you think.

More in: WordPress Tutorials