How to use SSL only with network and main site?

Hi all, i want to use SSL certificate only in the main site network, if i use domain mapping to force https all subdomains starts using the SSL.

I don't want any subdomain to use SSL, only the network and main site if its possible.

Thank you

  • Michael Bissett

    Hey @pedro_resina, Michael here!

    In order for only the main site to be forced to use the SSL certificate, we'll want to take a different path, and employ some .htaccess code instead:

    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
    RewriteCond %{HTTP_HOST} !^\.example\.com$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    Things to note:

    #1: Place this at the top of the .htaccess file, above the WordPress rules you have.

    #2: The periods in the path (the ones shown in the "RewriteCond" rules) must be escaped by using a backslash, like what you see in the code.

    Let me know if this helps please!

    Kind Regards,
    Michael

  • jcnjr

    Thanks for this Michael Bissett

    I've been desperately researching how to force SSL on the main site of our network, and I'm almost there with your .htaccess edit. Almost...

    The problem is, while this appears to work for visitors to the site, any logged in users are redirected to the https version of their site from links in the Admin bar.

    If the user manually types in http://theirsite.mynetwork.com they can view the site. If, however, the use the Admin Bar -> My Sites menu item, they are directed to https://theirsite.mynetwork.com

    Any feedback is appreciated for seamlessly integrating SSL but forcing HTTPS only on the main site for all visitors and logged in users.

    Still trying to nail this on our dev install, so here is what I currently have...

    .htacces edit:

    # force https per site(s)
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} ^tripawds\.net$ [NC]
    RewriteCond %{HTTP_HOST} !^\.tripawds\.net$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    wp-config edit:

    /** FORCE SSL PER SITE */
    if ( $_SERVER["HTTP_HOST"] == "tripawds.net" ) {
        define('FORCE_SSL_ADMIN', true);
        define('FORCE_SSL_LOGIN', true);
    }

    I'm guessing we need to implement some sort of similar variable(s) in the wp-config hack, but we have 1,100+ sites on the network, and I only need to force SSL/HTTPS on the main site for now. (Eventually on 5 sites, max.) AND: I need to make sure logged in users can still easily navigate to their own sites and dashboards via https. AND: I'd rather not use a plugin to do this.

    Thanks in advance for any help!