Ensuring your WordPress site always redirects to https://example.com is important for SEO, consistency, and security.
Apache Setup (Using .htaccess)
Place this at the top of your .htaccess file:
php
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
Add this to your server block in nginx.conf or site config:
php
server {
listen 80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
Hybrid Setup (NGINX + Apache)
NGINX should handle SSL and redirects.
.htaccess acts as a fallback or for WordPress-specific rewrites.
Why You Shouldnβt Use php.ini, .user.ini, or wp-config.php for Redirects
File | Purpose | Redirect Capable? | Recommended? |
.htaccess | Apache-specific request handling | β Yes | β Yes |
nginx.conf | NGINX configuration | β Yes | β Yes |
php.ini | PHP settings (e.g., memory, timeout) | β No | β No |
.user.ini | Per-directory PHP settings (FastCGI only) | β No | β No |
wp-config.php | WordPress boot configuration (late stage) | β Yes, but slow | β No |
Explanation:
- .htaccess is the earliest point in Apache to handle a redirect β fast and SEO-safe.
- php.ini/.user.ini are not designed for redirects and do not trigger any HTTP header logic.
- wp-config.php executes only after WordPress loads, which is inefficient and unreliable for enforcing site-wide redirection.
Conclusion
For the best performance, security, and SEO outcomes:
- Use .htaccess for HTTPS and domain redirects on Apache or hybrid setups.
- Use nginx.conf or your hostβs NGINX rules for NGINX-only environments.
- Avoid using php.ini, .user.ini, or wp-config.php for redirection logic.
Knowing your hosting architecture and placing redirects at the correct layer is key to a fast and secure WordPress experience.