GoDaddy WordPress Hosting – How to Redirect HTTP to HTTPS (Enhanced)

We were working on a WordPress site for a client of ours and stumbled across a problem. After first creating a subdomain (blog.example.com) and getting an SSL certificate installed, we tried to re-route all HTTP traffic to HTTPS. GoDaddy usually has fairly detailed and well-documented help for such activities. This was not one of those cases.

We spent over 20 minutes with Tech Support who tried to tell us he got HTTPS working (it was already working the day before after we set it up). He failed to grasp the problem until explained for the third time. His solution was to use the same documentation that did not work for us from https://ca.godaddy.com/help/redirect-my-wordpress-website-to-https-for-cpanel-hosting-27871.

The issue is that the instructions did not include a specific directive to check for traffic on port 80 (the default HTTP port in most cases for Apache Servers). The page asks users to create OR modify a .htaccess file and ensure it is in their webroot directory. A missing “best practice” would be to add an instruction that lets the user know the file must have its’ permissions set to be readable. In most cases, we recommend permissions of 644.

NOTE: It is important to enable SSH in your control panel prior to these steps! To test, grab a terminal or shell and type the command “ssh [USERNAME]@[IP_ADDRESS], of course replacing USERNAME and IP_ADDRESS with your own settings. Example:

How to SSH into your account

Get your user ID and IP from your GoDaddy admin. This can be done with secure shell access (above). Navigate to the webroot directory. Run the commands shown:

Navigating to the HTML root directory and seeing if you have a .htaccess file

The SSH commands are as follows:

pwd – print working directory. The .htaccess file needs to be in the webroot which in this case GoDaddys default is /home/[USER_ID]/html. Note to replace [USER_ID] with your own User ID.

chmod 644 sets the permissions for the .htaccess file to -rw–r–r– which is equivalent to 644.

ls -la lists the entire contents of the current directory including hidden files (those beginning with a period like “.htaccess“).

If you do not see a .htaccess file in this directory, you will need to create one. This can be done as follows:

Using touch in the BASH shell to create an .htaccess file

Note that I intentionally used the shell command ls to show that the newly created .htaccess file does not show up unless you use the “-la” flags.

touch .htaccess creates the .htaccess file if it is not already there. Note that with GoDaddy hosted WordPress sites it is highly unlikely that the .htacess file would not be present.

Before we get into the contents of the file, let’s explore what this wonderful little file actually does. The Apache .htaccess file allows custom configuration on Apache Web Server software. When a .htaccess file is placed in a directory, it is parsed by the Apache Web Server and any directives (often expressed in terms of RewriteCond or “rewrite conditions” and RewriteRule) are processed and used to modify the behavior of the Apache server. The files can be used in more than one directory and can alter the way an Apache server functions. Examples include redirecting website visitors from one page to another or, in this case, any HTTP traffic to HTTPS.

Now let’s examine the contents of this file. From GoDaddy’s page, it shows that you need to add the following lines. Note that many of these may already exist within your .htaccess file.

GoDaddys’ Instructions:

GoDaddys .htaccess example

This example file did not explain how to reroute traffic from a subdomain (such as blog.example.com) from HTTP to HTTPS. After some tinkering, we figured out the solution. Below is the updated .htaccess snippet (NOTE: there MAY be additional lines below this chunk of code).

# BEGIN GD-SSL
# For GoDaddy Hosted WordPress to redirect HTTP traffic to HTTPS

# NOTES: 
# 
# 1. Lines beginning with a # sign are comments are not processed.
# 2. You may copy this text and simply replace "example.com" with your domain 
#    and "blog" with your subdomain.
# 3. There MAY be more directives below this in cases of WordPress. Leave them intact.
# 4. Any periods NEED to be escaped by placing a "\" before the character.
# 5. Returns are not always going to be seen in this code view. Be sure to check that your comments are properly formatted.

# Check to ensure mod_rewrite exists and is enabled - permissions?
<IfModule mod_rewrite.c>

# In case you have symlinks
Options +FollowSymLinks

# Turn the RewriteEngine on. Do this once and only once! 
# The inexperienced Godaddy tech support added a few more of these
RewriteEngine On
RewriteCond %{HTTPS} !=on

# For all user agents. Note that in REGEX, "^" means 
# the "beginning of line" and "$" means "end of the 
# line" in this context
RewriteCond %{HTTP_USER_AGENT} ^(.+)$

# This is the line to get the environmental variable HTTP_HOST. 
RewriteCond %{HTTP_HOST} ^(blog\.)?example\.com$ [OR]

# Note the "[OR]" between RewriteConds. The default is "[AND]"
# IMPORTANT - GoDaddys instructions left our port 80 as a condition!
RewriteCond %{SERVER_PORT} 80 [OR]

#This line states that if a condition exists where the SERVER_NAME env. variable is 
# blog.example.com, it need to match true for the condition logic.
RewriteCond %{SERVER_NAME} ^blog\.example\.com$ [OR]

# Just in case some rogue person tries www.blog.example.com
RewriteCond %{SERVER_NAME} ^www\.blog\.example\.com$

#Finally, the actual rule. You can shorten the last bit to [R,L] however using the "=301" will make the server work less.
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Header add Strict-Transport-Security "max-age=300"
</IfModule>
# END GD-SSL

One last word. You may find issues with too many redirects. Ensure that you are not using duplicate rewrite rules that create circular references. This can cause very serious and unwanted consequences.

Leave a Reply

Your email address will not be published. Required fields are marked *