permenent https

[garrigue]

Hi!

I was wondering why, on heliohost, my website doesn’t use https directly without any need to use redirection on .htaccess ?

 

Indeed, I’m also managing website for an organisation, which is hosted with cpanel as well, when I setted up wordpress with the https site, I didn’t have to modify .htaccess and visitors are always browsing https version of the site. Never the http.
For information, the website is : lescommettants.fr and hosted by planethoster (the free version)

 

Any clue how they can do that ?

 

Implementing redirections affect loading performance that's why I'm wondering...

[Luigi123]

You are on Tommy server and that server have a automatic SSL Certificate feature.

 

When you create an account on Tommy and register your domain, it automatically starts to issue an SSL to any of your domains that you may have inside the cPanel and does it for you. You will never need to manually renewed the SSL since it will do its self when it’s getting close to the expiry date. It also generates the SSL folders and add forced SSL redirection code inside .htaccess.

 

Johnny and Ricky don’t support auto SSL Certificate feature.

 

One thing to mention that I highly recommend it that you should never ever run Wordpress onto our servers! WP is just really badly written, It's the number one cause of weird errors, suspensions, and even Phishing bans. (usually when the hackers set up phishing on your account) A 500 error with WP is almost always due to installing defective, bloated, or simply too many plugins. It’s really terrible and it throws in a lot of errors and also a lot of hacks. We have a lot of users successfully installing Joomla on their sites and that is recommended.

[wolstech]

We intentionally don’t do this by default for several reasons.

 

First, users on Johnny don’t even get SSL certificates so it’s not going to work without extra efforts there.

 

Two, SSL causes tons of load, by making people set it up if they want it, we reduce load and thus can cram more users into the hardware we have because most people don’t bother. Being a nonprofit that hasn’t been in the black in years, we have to get what we can out of the hardware we can afford to buy.

 

Third, we actually get quite a few of the opposite complaint. Many of us run old code and other stuff that either doesn’t need or doesn’t support SSL.

 

Fourth, cpanel’s automatic SSL feature doesn’t work if HTTPS is forced through some methods. It requires the .well-known folder be available via plain HTTP in order for certificates to validate, and .htaccess with an exception for that folder is the easiest way to accomplish forced SSL with an exclusion.

[Krydos]

I actually have a situation on one of my personal sites where https on certain api calls breaks things, but I want the site itself to be served over https to browsers. So I don't use .htaccess redirect as that would force all the api calls to use https too. Instead I use this php code on the browser viewable pages.

 

 

if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === "off") {
    $location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    header('HTTP/1.1 301 Moved Permanently');
    header('Location: ' . $location);
    exit;
}