I'm having an issue with my WordPress based site. As it stands, we have an SSL certificate installed server-side that has been validated. On the WordPress side, everything appears to be correctly configured for an HTTPS-enabled site (canonical URL and homepage are entered as HTTPS).

I have tried disabling all of our WordPress plugins to see if there might be an external cause for this problem, but the site still performs a 302 redirect from HTTPS to HTTP even when all plugins are disabled. Strangely, HTTPS is enabled in the WordPress admin directory of our site and all of those requests work perfectly without redirection.

Note: We are using PHP 5.3 and a slightly older version of WordPress 5.3.24, but I'm not sure if migrating to newer PHP and WP versions will fix the problem.

Any help is appreciated!

I'm having an issue with my WordPress based site. As it stands, we have an SSL certificate installed server-side that has been validated. On the WordPress side, everything appears to be correctly configured for an HTTPS-enabled site (canonical URL and homepage are entered as HTTPS).

I have tried disabling all of our WordPress plugins to see if there might be an external cause for this problem, but the site still performs a 302 redirect from HTTPS to HTTP even when all plugins are disabled. Strangely, HTTPS is enabled in the WordPress admin directory of our site and all of those requests work perfectly without redirection.

Note: We are using PHP 5.3 and a slightly older version of WordPress 5.3.24, but I'm not sure if migrating to newer PHP and WP versions will fix the problem.

Any help is appreciated!

• redirect
• ssl
• https

• If you switched to SSL, did you take care of the database? If not, take a look at my answer here. – Nicolai Grossherr Commented May 30, 2019 at 21:46
• 1 Have you used the Inspector tool (F12) in your browser, then the Network tab to see which request is redirecting, or if just one element of the page/site is 'stuck' at http? Maybe it's a media item, and you need to use a search/replace plugin to replace http with https for your domain. – Rick Hellewell Commented May 30, 2019 at 21:56
• migrating to a newer PHP won't affect this issue, but it's strongly recommended. If not for the massive speed increase, but for the security fixes. 5.3 is unsupported. Upgrade ASAP to PHP 7.x – Tom J Nowell ♦ Commented May 30, 2019 at 22:29
• Also, is your entire site SSL or just the admin? Did you do the search replace to change all your content and options from http to https? – Tom J Nowell ♦ Commented May 30, 2019 at 22:30

2 Answers 2

I don't think this question can be answered without identifying the problem, which explains the comments. The main challenge is finding the cause, not fixing it. So here are some different solutions, some which were already mentioned in comments:

1. Disable caching and refresh the page. In chrome press F12, go to Network tab, and check the box for "disable cache". This will also disable redirect caching which is more difficult to get around than normal page caching. If this fixes it, the redirect was just cached in your browser and is already fixed (although some visitors might also have the problematic redirect cached).
2. Speaking of caching, if you have any caching plugins or caching by the host or Cloudflare, purge the cache. Do that after every step.
3. Check your htaccess file for any HTTPS/HTTP redirects and try commenting them out. Repeat step 1 afterwards (for every step here)
4. Check your dashboard > general settings and ensure your site url and home url are both HTTPS (or vice versa). You can also check the wp_options table in the database (siteurl and homeurl)
5. If specific to the dashboard or login, check your wp-config.php and look for FORCE_SSL_LOGIN or FORCE_SSL_ADMIN.
6. Check your plugins and see if any are used for redirects. Common causes I know of: Redirection, Really Simple SSL, Insecure Content Fixer.
7. If specific pages or links are swapping between HTTP/HTTPS, you may not have a redirect in the first place and should set one up.
8. If your ecommerce pages are HTTPS but the rest of the site is not, you may have enabled an HTTPS option in your ecommerce panel. Disable that, and instead protect the whole site. WooCommerce (at least used to) have the option to enable HTTPS on checkout, and then disable HTTPS when leaving checkout. It's easier to stick with one or the other.
9. If none of these helped it is probably a plugin or custom code from the functions.php or elsewhere causing the problem.
10. If you are confident it is not part of your own code, it may be a setting in your host or DNS manager (like cloudflare).

I personally use "Link Redirect Trace (chrome extension)" to see what is actually going on during redirects. It won't show you specifically what specific file or even what system is causing the redirect, but it will show you the chain of events that lead you to the page you land on at the end. You can probably find a similar extension for other browsers. In chrome you can even just use "Preserve Log" option in the Network tab of the F12 menu but it's not as easy to figure out the whole chain.

Just to add to Radley's answer (which ought to be accepted by now),

4. Check your dashboard > general settings and ensure your site url and home url are both HTTPS (or vice versa). You can also check the wp_options table in the database (siteurl and homeurl)

If you can't access the dashboard because you just copied the site to your localhost or something, you can update the siteurl and homeurl directly in the MySQL table wp_options using phpmyadmin, heidisql, navicat or commandline mysql.

UPDATE `db`.`wp_options` SET `option_value`='http://SITENAME' WHERE `option_name`='siteurl';
UPDATE `db`.`wp_options` SET `option_value`='http://SITENAME' WHERE `option_name`='home';