HTTP & HTTPS Duplication Issues with WordPress

With Google’s drive to make the web a safer and more secure place, it was announced the tail end of 2014 that HTTPS would be a ranking signal going forwards. Since this time, many folks have added an SSL certificate to their site to reap the (largely intangible) rewards offered by adding HTTPS.

However, in our day-to-day work in the SEO trenches at Bowler Hat, we are seeing ever more instances where the site runs on both HTTP and HTTPS with elements from both instances getting indexed and competing which can be harmful for your SEO.

Read on to find out more SEO tips on how you can resolve your HTTP & HTTPS duplication issue…

Canonical Conundrums


Fortunately, we have the Canonical URL. The SEO Superman. Your key to collating all of your URLs correctly tied back to a single master URL. That is – if the canonical is correctly implemented.

Unfortunately, what we are seeing on many WordPress sites running HTTPS is that the HTTP version of the site shows canonical URLs with the HTTP protocol and the HTTPS version of the site shows the canonical URL with the HTTPS protocol.

This implementation of the canonical URL further exacerbates the issue and both HTTP and HTTPS versions of the site are saying “me, me, me, I’m the one” – what we want here is to have a single canonical URL across all required versions of a URL.


Firstly – If You Can Redirect Then Redirect


If at all possible redirect. It is just easier and is the advice given in Google’s own best practices for sites running HTTPS:  Redirect your users and search engines to the HTTPS page or resource with server-side 301 HTTP redirects.

To do this we can add some simple rules to our .htaccess file to action the redirect.

*Note: you will need to add this rule above the block of code used by WordPress to handle permalinks. Drop your redirect below that and when the WordPress redirect code is triggered it terminates execution of .htaccess rules with the L (last) switch and your rule never triggers. As a hint, if you see your CSS and images all redirecting but not your pages, then this (or some other rule) is preventing your redirect from working.


Redirect HTTP to HTTPS 

For most of you out there, this is the rule you will want to implement to redirect all HTTP content to HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Redirect HTTPS to HTTP 

A bit of an edge case this, but we have come across instances where a site has a HTTPS protocol yet wants to run the site (or most of it) on HTTP. This is no problem and you can handle this with a small variation on the rule above:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}



Should you have a small section of your site that you want to exclude from this redirection – a shopping cart or checkout or some such, then you can add an extra condition excluding that directory or page:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/checkout/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

An Alternative Fix


For whatever reason, hacking the .htaccess file is not always an option (boo hiss) – fortunately, not all is lost and there are alternative ways to fix the canonical issues in WordPress. You will need to be running the Yoast WordPress SEO plugin, but of course – you should be running that anyway. 🙂

Fortunately, the Yoast WordPress SEO plugin has an API (Application Programmers Interface) where we can tweak the values of things like the canonical URL. To make a change to the canonical, we can use the wpseo_canonical filter to edit the protocol from http to https or vice versa.

You will want to drop this code into your theme’s functions.php file: WP Dashboard > Appearance > Editor



This forces canonical URLS to have https:// as the protocol for both HTTP and HTTPS pages:

function https_canonical($url) {
 $url = preg_replace("/^http:/i", "https:", $url);
 return $url;
add_filter( 'wpseo_canonical', 'https_canonical' );



This forces canonical URLS to have http:// as the protocol for both HTTP and HTTPS pages:

function http_canonical($url) {
 $url = preg_replace("/^https:/i", "http:", $url);
 return $url;
add_filter( 'wpseo_canonical', 'http_canonical' );



As an interesting aside, the Yoast plugin used to have an option to fix the transport protocol, but that seems to have been pulled from more recent versions – not exactly sure why as that could simply eliminate these issues, but this will do the job and is not too arduous a hack to implement.


One Page to Rule Them All


Okay, folks – hope that helps you get any HTTP and HTTPS URL duplication issues dialled in. For the best possible SEO and to avoid any potential complications, we want a single authoritative version of each piece of content and putting these fixes in place enables that.

.htaccess can be a little particular at times so keep a backup and test thoroughly. If you have any problems or you want to redirect all of your domain variations to a single domain, drop us a comment below or contact us and we will do our best to help.



  • Fernando Poblano
    Posted at 01:40h, 08 August Reply

    Hello Marcus.. I’ve just setup the wordpress file mentioned. It worked great. SEM Rush detected 103 errors less.


    • Marcus Miller
      Posted at 07:59h, 08 August Reply

      Cool. Glad it helped! Take care. 🙂

    Posted at 14:36h, 04 September Reply

    Hi Marcus

    I am using Semrush to carry out a site audit and it is showing a big problem with duplicate title tags. It looks like it is mostly problems with HTTP and HTTPS

    There are 322 instances of duplicate title tags and a similar number of duplicate content I am concerned that this will affect the way Google views my site and impose some kind of penalty. I will try and use the .htaccess method first. How long does it take to take effect?

    • Marcus Miller
      Posted at 14:42h, 04 September Reply

      Hey Robert. Google is pretty smart. And they penalise for this as such. But it can cause confusion and I can see you do have HTTP and HTTPS content indexed.

      Redirection is the ideal way to fix this but then try to make sure that you have:

      – consistent protocol in internal links and navigation
      – canonical URLs

      If you put the redirect in place and then crawl the https version you should be able to spot any 301 redirects and the linking page and put them right.

      Hope that helps!

  • Charles Bautista
    Posted at 14:01h, 01 October Reply

    Thanks for this nice guide. We had issues with http and https versions and we used this guide to resolve it.

    • Marcus Miller
      Posted at 07:55h, 02 October Reply

      Hey Charles – glad this helped. Take care! 🙂

  • Kamir
    Posted at 02:45h, 27 October Reply

    Hello Marcus, and, for not Apache, cannot use htaccess, isn’t?? now I Force the SSL by plugin:

    maybe can do it for Apache and Nginx

    • Marcus Miller
      Posted at 07:54h, 27 October Reply

      Hey Kamir – thanks for the input. Will give it a try next time we can’t use htaccess. Cheers.

  • Donsimon
    Posted at 10:05h, 24 September Reply

    Good article, I had exactly this problem which I thought I had fixed by adding code to my htaccess file, unfortunately im now getting this error in semrush :
    No redirect or canonical to HTTPS homepage from HTTP version
    using wordpress on site:
    as a note when i first had this issue i called godaddy support who do my hosting and they had absolutely no idea that there could be a conflict when switching to https, although eventually they did email me a solution which was to add the code to the htcaess file

    • Marcus Miller
      Posted at 10:56h, 24 September Reply

      Hey. Looks like you have a 302 redirect from http to https – change that to 301 and you should be good to go. Hope that helps! Marcus

  • Jordan
    Posted at 16:29h, 17 October Reply

    I have a question

    When, added my ssl there is an option in there to enable https redirection,, I enabled this, deleted my http version on google webmaster tools and reuploaded the https version on there resubmitted site map…..

    However, when i do the site”https;// i see articles using the http version index and i see the https version…..

    Now, is this duplication? or not….

    • Marcus Miller
      Posted at 16:50h, 17 October Reply

      Hey Jordan. Best way to tell is to click on the http links. If they redirect to your https versions then you are likely okay. I would also double check in screaming frog or some such just to ensure they are firing a 301 permanent redirect. But, odds are, this is okay, and you just need to wait for the indexation to catch up. If you keep both the https and http one registered in search console you should see indexation fall in http and rise in https. Hope that helps! Marcus

Post A Comment