Ensuring your WordPress site always redirects to https://example.com is important for SEO, consistency, and security.
Apache Setup (Using .htaccess)
Place this at the top of your .htaccess file:
[code_block]
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
[/code_block]
Add this to your server block in nginx.conf or site config:
[code_block]
server {
listen 80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
[/code_block]
Hybrid Setup (NGINX + Apache)
NGINX should handle SSL and redirects.
.htaccess acts as a fallback or for WordPress-specific rewrites.
Why You Shouldn’t Use php.ini, .user.ini, or wp-config.php for Redirects
| File | Purpose | Redirect Capable? | Recommended? |
| .htaccess | Apache-specific request handling | ✅ Yes | ✅ Yes |
| nginx.conf | NGINX configuration | ✅ Yes | ✅ Yes |
| php.ini | PHP settings (e.g., memory, timeout) | ❌ No | ❌ No |
| .user.ini | Per-directory PHP settings (FastCGI only) | ❌ No | ❌ No |
| wp-config.php | WordPress boot configuration (late stage) | ⚠ Yes, but slow | ❌ No |
Explanation:
- .htaccess is the earliest point in Apache to handle a redirect — fast and SEO-safe.
- php.ini/.user.ini are not designed for redirects and do not trigger any HTTP header logic.
- wp-config.php executes only after WordPress loads, which is inefficient and unreliable for enforcing site-wide redirection.
Conclusion
For the best performance, security, and SEO outcomes:
- Use .htaccess for HTTPS and domain redirects on Apache or hybrid setups.
- Use nginx.conf or your host’s NGINX rules for NGINX-only environments.
- Avoid using php.ini, .user.ini, or wp-config.php for redirection logic.
Knowing your hosting architecture and placing redirects at the correct layer is key to a fast and secure WordPress experience.