You don’t want a situation where http goes to http and https goes to https. Redirection is vital. Here’s my checklist:
- Re-upload your RW website as https
- Be aware that there may be other instances of http calls in the website that are NOT related to the core RW product and may need to be adjusted manually. E.g. Formloom plug-in needs SSL switched on in the HUD; web font calls from http instead of https may need adjusting in CSS or Index file; Google maps may not work and so on. Often these will cause your website to appear as ‘Not fully secure’.
- Put a redirect in your htaccess file. You need to force httpS and decide if you want the www version or non www version (the code below works well for me)
- Once all is working, go to Google Search Console, make sure 4 versions at least are added (http, https, http://www and https://www) and set your ‘canonical’ version. This will help SEO
- Add a sitemap for the secure canonical version - if there is one on the non secure version it should be deleted but my advice is leave it there until the secure site is fully indexed.
Here’s the htaccess scripts I use - there seem to be plenty of variations:
htaccess Force https and non www:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteCond %{HTTP_HOST} ^(?:www.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
htaccess force https and www
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteCond %{HTTP_HOST} ^(?:www.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]