WordPress redirect all HTTPS to HTTP

Question

We have a WordPress site, and used to have an SSL certificate. The site used to be all HTTPS, and now we don\'t need the SSL anymore so we let it expire.

We\'ve alre

Answer 1

The problem here lies with the fact that before Apache or WordPress come in to play, the browser needs to establish a connection with the server over HTTPS by connecting, performing an SSL handshake, exchanging (and verifying) certificates, and only after all that is done, will the browser issue the HTTP request that tells the server what resources it is looking for.

Because of that, no .htaccess or WordPress plugin is going to be able to redirect the user without them establishing a secure session.

Of course if you install a self-signed certificate, the user is going to be presented with a warning before any of this happens. If you by chance (which doesn't seem to be the cast) had been sending Strict Transport Security headers over https, then previous visitors' browsers may not even allow them to connect over HTTP.

If you want to redirect HTTPS traffic to HTTP, unfortunately you are going to have to acquire a valid certificate and redirect using .htaccess or some PHP code as you are.

If you're looking for certificates that are trusted by a majority of browsers without paying, you can get a free certificate from Let's Encrypt.

Bottom line, if you want to seamlessly redirect HTTPS traffic to HTTP without any warning messages, you need to install another SSL certificate from a trusted CA.