BookwormHeadPowered by Angelic Sanoy
Let's Talk

Secure WordPress Tips: Force HTTPS and Non-WWW in Apache, NGINX, and Hybrid WordPress Setups

2 min read

Ensuring your WordPress site always redirects to https://example.com is important for SEO, consistency, and security.

Apache Setup (Using .htaccess)

Place this at the top of your .htaccess file:

RewriteEngine On

RewriteCond %{HTTPS} off [OR]

RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]

RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

Add this to your server block in nginx.conf or site config:

server {

listen 80;

server_name www.example.com example.com;

return 301 https://example.com$request_uri;

}
    <div class="bwh-in-article-ad">
      <ins class="adsbygoogle"
           style="display:block; text-align:center;"
           data-ad-client="ca-pub-4299086769596754"
           data-ad-slot="8699383760"
           data-ad-format="auto"
           data-full-width-responsive="true"></ins>
      <script>
        (adsbygoogle = window.adsbygoogle || []).push({});
      </script>
    </div>
server {

listen 443 ssl;

server_name www.example.com;

return 301 https://example.com$request_uri;

}

Hybrid Setup (NGINX + Apache)

NGINX should handle SSL and redirects.

.htaccess acts as a fallback or for WordPress-specific rewrites.

Why You Shouldn’t Use php.ini, .user.ini, or wp-config.php for Redirects

File Purpose Redirect Capable? Recommended?
.htaccess Apache-specific request handling ✅ Yes ✅ Yes
nginx.conf NGINX configuration ✅ Yes ✅ Yes
php.ini PHP settings (e.g., memory, timeout) ❌ No ❌ No
.user.ini Per-directory PHP settings (FastCGI only) ❌ No ❌ No
wp-config.php WordPress boot configuration (late stage) ⚠ Yes, but slow ❌ No

Explanation:

  • .htaccess is the earliest point in Apache to handle a redirect — fast and SEO-safe.
  • php.ini/.user.ini are not designed for redirects and do not trigger any HTTP header logic.
  • wp-config.php executes only after WordPress loads, which is inefficient and unreliable for enforcing site-wide redirection.

Conclusion

For the best performance, security, and SEO outcomes:

  • Use .htaccess for HTTPS and domain redirects on Apache or hybrid setups.
  • Use nginx.conf or your host’s NGINX rules for NGINX-only environments.
  • Avoid using php.ini, .user.ini, or wp-config.php for redirection logic.

Knowing your hosting architecture and placing redirects at the correct layer is key to a fast and secure WordPress experience.

CMS