WordPress redirect all HTTPS to HTTP

Question

We have a WordPress site, and used to have an SSL certificate. The site used to be all HTTPS, and now we don\'t need the SSL anymore so we let it expire.

We\'ve alre

Answer 1

Expanding on @HigherCoding 's answer and @MrWhite 's comment, to get a PHP function to do this on a site where the https port exists but the ssl certification is invalid, expired or non-existent:

function shapeSpace_check_https() { 
if ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443) { 
    return true; 
}
    return false;
}


function bhww_ssl_template_redirect() {
if ( shapeSpace_check_https() ) {
    if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {    
        wp_redirect( preg_replace( '|^(https://)|', 'http://', $_SERVER['REQUEST_URI'] ), 301 );
        exit(); 
    } else {
        wp_redirect( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
        exit();     
    }
}   
}

add_action( 'template_redirect', 'bhww_ssl_template_redirect');

This worked on my site in functions.php and was a combination of these two sources: Source 1 and Source 2.

As @drew010 pointed out - this will still not prevent a scary prompt for users who type in https as part of your URL. But it will redirect them to http if they happen to click through the scary prompt, which is unlikely. It seems that getting an SSL certificate is likely the best option for this reason, for general security and for increased Google ranking now & in the future.