HTTP & HTTPS Duplication Issues with WordPress

With Google’s drive to make the web a safer and more secure place, it was announced the tail end of 2014 that HTTPS would be a ranking signal going forwards. Since this time, many folks have added an SSL certificate to their site to reap the (largely intangible) rewards offered by adding HTTPS.

However, in our day-to-day work in the SEO trenches at Bowler Hat, we are seeing ever more instances where the site runs on both HTTP and HTTPS with elements from both instances getting indexed and competing which can be harmful for your SEO.

Read on to find out more SEO tips on how you can resolve your HTTP & HTTPS duplication issue…

Canonical Conundrums


Fortunately, we have the Canonical URL. The SEO Superman. Your key to collating all of your URLs correctly tied back to a single master URL. That is – if the canonical is correctly implemented.

Unfortunately, what we are seeing on many WordPress sites running HTTPS is that the HTTP version of the site shows canonical URLs with the HTTP protocol and the HTTPS version of the site shows the canonical URL with the HTTPS protocol.

This implementation of the canonical URL further exacerbates the issue and both HTTP and HTTPS versions of the site are saying “me, me, me, I’m the one” – what we want here is to have a single canonical URL across all required versions of a URL.


Firstly – If You Can Redirect Then Redirect


If at all possible redirect. It is just easier and is the advice given in Google’s own best practices for sites running HTTPS:  Redirect your users and search engines to the HTTPS page or resource with server-side 301 HTTP redirects.

To do this we can add some simple rules to our .htaccess file to action the redirect.

*Note: you will need to add this rule above the block of code used by WordPress to handle permalinks. Drop your redirect below that and when the WordPress redirect code is triggered it terminates execution of .htaccess rules with the L (last) switch and your rule never triggers. As a hint, if you see your CSS and images all redirecting but not your pages, then this (or some other rule) is preventing your redirect from working.


Redirect HTTP to HTTPS 

For most of you out there, this is the rule you will want to implement to redirect all HTTP content to HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Redirect HTTPS to HTTP 

A bit of an edge case this, but we have come across instances where a site has a HTTPS protocol yet wants to run the site (or most of it) on HTTP. This is no problem and you can handle this with a small variation on the rule above:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}



Should you have a small section of your site that you want to exclude from this redirection – a shopping cart or checkout or some such, then you can add an extra condition excluding that directory or page:

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteCond %{REQUEST_URI} !^/checkout/ 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

An Alternative Fix


For whatever reason, hacking the .htaccess file is not always an option (boo hiss) – fortunately, not all is lost and there are alternative ways to fix the canonical issues in WordPress. You will need to be running the Yoast WordPress SEO plugin, but of course – you should be running that anyway. 🙂

Fortunately, the Yoast WordPress SEO plugin has an API (Application Programmers Interface) where we can tweak the values of things like the canonical URL. To make a change to the canonical, we can use the wpseo_canonical filter to edit the protocol from http to https or vice versa.

You will want to drop this code into your theme’s functions.php file: WP Dashboard > Appearance > Editor



This forces canonical URLS to have https:// as the protocol for both HTTP and HTTPS pages:

function https_canonical($url) {
 $url = preg_replace("/^http:/i", "https:", $url);
 return $url;
add_filter( 'wpseo_canonical', 'https_canonical' );



This forces canonical URLS to have http:// as the protocol for both HTTP and HTTPS pages:

function http_canonical($url) {
 $url = preg_replace("/^https:/i", "http:", $url);
 return $url;
add_filter( 'wpseo_canonical', 'http_canonical' );



As an interesting aside, the Yoast plugin used to have an option to fix the transport protocol, but that seems to have been pulled from more recent versions – not exactly sure why as that could simply eliminate these issues, but this will do the job and is not too arduous a hack to implement.


One Page to Rule Them All


Okay, folks – hope that helps you get any HTTP and HTTPS URL duplication issues dialled in. For the best possible SEO and to avoid any potential complications, we want a single authoritative version of each piece of content and putting these fixes in place enables that.

.htaccess can be a little particular at times so keep a backup and test thoroughly. If you have any problems or you want to redirect all of your domain variations to a single domain, drop us a comment below or contact us and we will do our best to help.




12 Responses

  1. Hi Marcus

    I am using Semrush to carry out a site audit and it is showing a big problem with duplicate title tags. It looks like it is mostly problems with HTTP and HTTPS

    There are 322 instances of duplicate title tags and a similar number of duplicate content I am concerned that this will affect the way Google views my site and impose some kind of penalty. I will try and use the .htaccess method first. How long does it take to take effect?

    1. Hey Robert. Google is pretty smart. And they penalise for this as such. But it can cause confusion and I can see you do have HTTP and HTTPS content indexed.

      Redirection is the ideal way to fix this but then try to make sure that you have:

      – consistent protocol in internal links and navigation
      – canonical URLs

      If you put the redirect in place and then crawl the https version you should be able to spot any 301 redirects and the linking page and put them right.

      Hope that helps!

  2. Good article, I had exactly this problem which I thought I had fixed by adding code to my htaccess file, unfortunately im now getting this error in semrush :
    No redirect or canonical to HTTPS homepage from HTTP version
    using wordpress on site:
    as a note when i first had this issue i called godaddy support who do my hosting and they had absolutely no idea that there could be a conflict when switching to https, although eventually they did email me a solution which was to add the code to the htcaess file

    1. Hey. Looks like you have a 302 redirect from http to https – change that to 301 and you should be good to go. Hope that helps! Marcus

  3. I have a question

    When, added my ssl there is an option in there to enable https redirection,, I enabled this, deleted my http version on google webmaster tools and reuploaded the https version on there resubmitted site map…..

    However, when i do the site”https;// i see articles using the http version index and i see the https version…..

    Now, is this duplication? or not….

    1. Hey Jordan. Best way to tell is to click on the http links. If they redirect to your https versions then you are likely okay. I would also double check in screaming frog or some such just to ensure they are firing a 301 permanent redirect. But, odds are, this is okay, and you just need to wait for the indexation to catch up. If you keep both the https and http one registered in search console you should see indexation fall in http and rise in https. Hope that helps! Marcus

Leave a Reply

Your email address will not be published. Required fields are marked *

Free Digital Marketing Review

Book a call with Marcus Miller to learn how to generate more traffic, leads and sales.

1. Review your current marketing
2. Identify your key opportunities
3. How to improve results & cut costs!

Put over 20 years of marketing experience to work for your business today.