To utilize HSTS, add the following line to a .htaccess<\/a> in the document root<\/a> of the domain\/subdomain:<\/p>\n The above example restricts mandatory SSL for the domain only. To extend this policy to subdomains as well, such as forum.example.com and blog.example.com, add \u201cincludeSubdomains\u201d:<\/p>\n Downsides:<\/strong>\u00a0first request if sent over HTTP will not be encrypted, requires browser compliance<\/span><\/span><\/p>\n Upsides:\u00a0<\/strong>easy to implement, SSL can propagate to subdomains, directive is cached in browser<\/span><\/span><\/p>\n By utilizing mod_rewrite<\/a>, add the following to a .htaccess<\/a> file in the document root<\/a> of the domain\/subdomain that you would like to redirect:<\/p>\n Downsides:<\/strong>\u00a0can be complex, does not extend to subdomains without a common parent directory, can create a redirect loop<\/span><\/span><\/p>\n Upsides:\u00a0<\/strong>extremely flexible implementation<\/span><\/span><\/p>\n WordPress creates absolute URIs. If WordPress is installed over http:\/\/, then all URIs will reflect http:\/\/. To convert generated URIs from http:\/\/ to https:\/\/, login to the WordPress administrative panel<\/a>, go to Settings<\/strong> > General<\/strong>. Change both the WordPress Address and Site Address fields from http:\/\/\u2026 to https:\/\/\u2026 If not all links, such as old posts, have changed correctly, use a third-party plugin such as Really Simple SSL<\/a>\u00a0to update all post data.<\/p>\nHeader always set Strict-Transport-Security \"max-age=63072000;\"\r\n<\/code><\/pre>\nHeader always set Strict-Transport-Security \"max-age=63072000; includeSubdomains;\"<\/code><\/pre>\nmod_rewrite Rewrite<\/h3>\n
RewriteEngine On\r\nRewriteBase \/\r\nRewriteCond %{HTTPS} !^on$\r\nRewriteRule ^(.*)$ https:\/\/%{HTTP_HOST}\/$1 [R,L]<\/pre>\nWordPress<\/h3>\n
![\"\"](\"https:\/\/kb.okra.host\/wp-content\/uploads\/2014\/11\/wordpress-ssl-300x66.png\")
<\/a><\/p>\n