Übersicht
Converting HTTP to HTTPS resources can be accomplished in several ways. It goes without saying that you should setup and test your SSL certificate before performing any of the following methods.
Strict Transport Security
Modern browsers support a security standard called “HTTP Strict Transport Security“, or HSTS for short. HSTS sends a header with the URI response to indicate that future requests should use HTTPS.
To utilize HSTS, add the following line to a .htaccess im Dokumentenstamm of the domain/subdomain:
Header always set Strict-Transport-Security "max-age=63072000;"
The above example restricts mandatory SSL for the domain only. To extend this policy to subdomains as well, such as forum.example.com and blog.example.com, add “includeSubdomains”:
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
Downsides: first request if sent over HTTP will not be encrypted, requires browser compliance
Upsides: easy to implement, SSL can propagate to subdomains, directive is cached in browser
mod_rewrite Rewrite
By utilizing mod_rewrite, add the following to a .htaccess file in the Dokumentenstamm of the domain/subdomain that you would like to redirect:
RewriteEngine On RewriteBase / RewriteCond %{HTTPS} !^on$ RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]
Downsides: can be complex, does not extend to subdomains without a common parent directory, can create a redirect loop
Upsides: extremely flexible implementation
WordPress
WordPress creates absolute URIs. If WordPress is installed over http://, then all URIs will reflect http://. To convert generated URIs from http:// to https://, login to the WordPress administrative panel, go to Settings > General. Change both the WordPress Address and Site Address fields from http://… to https://… If not all links, such as old posts, have changed correctly, use a third-party plugin such as Really Simple SSL to update all post data.