HTTP & HTTPS Duplication Issues with WordPress

With Google’s drive to make the web a safer and more secure place, it was announced the tail end of 2014 that HTTPS would be a ranking signal going forwards. Since this time, many folks have added an SSL certificate to their site to reap the (largely intangible) rewards offered by adding HTTPS.

However, in our day-to-day work in the SEO trenches at Bowler Hat, we are seeing ever more instances where the site runs on both HTTP and HTTPS with elements from both instances getting indexed. There are a bunch of problems here from pages competing with each other to the equity for a given page being split across two instances.

 

Canonical Conundrums

 

Fortunately, we have the Canonical URL. The SEO Superman. Your key to collating all of your URLs correctly tied back to a single master URL. That is – if the canonical is correctly implemented.

Unfortunately, what we are seeing on many WordPress sites running HTTPS is that the HTTP version of the site shows canonical URLs with the HTTP protocol and the HTTPS version of the site shows the canonical URL with the HTTPS protocol.

This implementation of the canonical URL further exacerbates the issue and both HTTP and HTTPS versions of the site are saying “me, me, me, I’m the one” – what we want here is to have a single canonical URL across all required versions of a URL.

 

Firstly – If You Can Redirect Then Redirect

 

If at all possible redirect. It is just easier and is the advice given in Google’s own best practices for sites running HTTPS:  Redirect your users and search engines to the HTTPS page or resource with server-side 301 HTTP redirects.

To do this we can add some simple rules to our .htaccess file to action the redirect.

*Note: you will need to add this rule above the block of code used by WordPress to handle permalinks. Drop your redirect below that and when the WordPress redirect code is triggered it terminates execution of .htaccess rules with the L (last) switch and your rule never triggers. As a hint, if you see your CSS and images all redirecting but not your pages, then this (or some other rule) is preventing your redirect from working.

 

Redirect HTTP to HTTPS 

For most of you out there, this is the rule you will want to implement to redirect all HTTP content to HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

 

Redirect HTTPS to HTTP 

A bit of an edge case this, but we have come across instances where a site has a HTTPS protocol yet wants to run the site (or most of it) on HTTP. This is no problem and you can handle this with a small variation on the rule above:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

 

Exclusions

Should you have a small section of your site that you want to exclude from this redirection – a shopping cart or checkout or some such, then you can add an extra condition excluding that directory or page:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/checkout/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

An Alternative Fix

 

For whatever reason, hacking the .htaccess file is not always an option (boo hiss) – fortunately, not all is lost and there are alternative ways to fix the canonical issues in WordPress. You will need to be running the Yoast WordPress SEO plugin, but of course – you should be running that anyway. 🙂

Fortunately, the Yoast WordPress SEO plugin has an API (Application Programmers Interface) where we can tweak the values of things like the canonical URL. To make a change to the canonical, we can use the wpseo_canonical filter to edit the protocol from http to https or vice versa.

You will want to drop this code into your theme’s functions.php file: WP Dashboard > Appearance > Editor

 

HTTP to HTTPS

This forces canonical URLS to have https:// as the protocol for both HTTP and HTTPS pages:

function https_canonical($url) {
 $url = preg_replace("/^http:/i", "https:", $url);
 return $url;
}
add_filter( 'wpseo_canonical', 'https_canonical' );

 

HTTPS to HTTP

This forces canonical URLS to have http:// as the protocol for both HTTP and HTTPS pages:

function http_canonical($url) {
 $url = preg_replace("/^https:/i", "http:", $url);
 return $url;
}
add_filter( 'wpseo_canonical', 'http_canonical' );

 

 

As an interesting aside, the Yoast plugin used to have an option to fix the transport protocol, but that seems to have been pulled from more recent versions – not exactly sure why as that could simply eliminate these issues, but this will do the job and is not too arduous a hack to implement.

 

One Page to Rule Them All

 

Okay, folks – hope that helps you get any HTTP and HTTPS URL duplication issues dialled in. For the best possible SEO and to avoid any potential complications, we want a single authoritative version of each piece of content and putting these fixes in place enables that.

.htaccess can be a little particular at times so keep a backup and test thoroughly. If you have any problems, drop us a comment below or contact us and we will do our best to help.

 

 

Marcus Miller
marcus@bowlerhat.co.uk

Marcus is our Digital Strategist. He’s been working in the industry for nearly 20 years and wears many (bowler) hats as a highly technical developer and SEO, and even has a fancy computer science degree to prove it.

No Comments

Post A Comment