If I edit the wp-config.php I am supposed to add:
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
However, my website has .htaccess rules to force https and www across the entire website:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{HTTP_HOST} ^website.com
RewriteRule ^(.*)$ https://www.website.com/$1 [L,R=301]
I know there are other rewriterules available, but again not sure which one is correct.
Which of the following 3 should I be using in wp-config.php
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;
}
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on';
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;
}
I've found a few other slightly different variations of this all over the internet regarding wordpress SSL but I can't figure out what one is the correct/main one.
PHP code doesn't have to deal with SSL at all in such case. Here applies classical SoC principle: if you code doesn't explicitly work with connection (in WP it does not), you should leave protocol checking to web server.
You should also avoid defining port in your rewrite rules. In case you're not using multisite WP setup, you could try:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]