How to stop subdomains automatically redirecting to primary domain

Due to canonical URLs when WordPress gets a URL and hostname that doesn’t match the WordPress Address (URL) and Site Address (URL) then you get redirected.

You can set them to https://secure.mydomain.com but that will just switch it all to that and not let you use the https://mydomain.com.

That’s just the way it is; it’s to keep the URLs correct (canonical). If you want to admin it via SSL try using one of the plugins. Some of them have the option to permit admin’ing via a separate SSL based URL.

https://www.ads-software.com/extend/plugins/search.php?q=admin+ssl

Hi Jan,

Thanks for your comment.

I do have a SSL wordpress plugin installed and set up on my sub domains.
I have the following added to the wp-config.php
define(‘WP_HOME’,’https://secure.mydomain.com’);
define(‘WP_SITEURL’,’https://secure.mydomain’);

If I try to access the https:// on my subdomains, I get redirected to the primary https:/ domain.

I have followed the SSL instructions within the WP SSL plugin.
If I change everything back to http within the settings, I can access my subdomains without getting redirected.

Is there something that needs to be amended within my primary domain .htaccess file?

Thanks

STAR Rider

You may have done so already, but you do have a current backup of your files and database right? This is a just-in-case something goes horribly wrong with your edits.

Unless that SSL plugin explicitly says put those additions in wp-config.php then don’t. Those settings are more of a break glass thing.

Do you want SSL 100% for you and your readers or just for administration? If admin only then try reverting your settings back to the non-SSL URL and use a plugin that supports shared SSL certs. The plugin you are using should document what to do.

I know you are not using a shared cert, but apparently you have a cert for a host name different from your original.

Also, I just had a lightbulb moment. Are you running multisite with sub domains?

Hi Jan,

Yes I want 100% SSL for Admin and registered site users.
No, I am not running multisite.
I have WP installed on my primary domain, and 2 seperate WP installs on the 2 sub-domians.

The wildcard SSL from GoDaddy covers all subdomains (*.ezpbsupport.com) so I am not sure what you mean by “apparently you have a cert for a host name different from your original”.

I will try removing the following from the wp-config.php to see if it makes any difference:
define(‘FORCE_SSL_LOGIN’, true);
define(‘FORCE_SSL_ADMIN’, true);

define(‘WP_HOME’,’https://secure.mydomain.com’);
define(‘WP_SITEURL’,’https://secure.mydomain’);

I will post a comment in a few minutes after trying.

Thanks again

STAR Rider

Before you get SSL working in WordPress, you must get it working on your webserver first.

Outside of WordPress this should work without any redirection or certificate errors:

https://secure.mydomain.com/readme.html

Once that’s confirmed to be working, then set your WordPress Address (URL) and Site Address (URL) in the dashboard. Make sure you have a full file and database backup first and know how to restore them both.

That should get you most of the way there. The SSL plugin should get you there further.

STAR Rider, have you found an answer to this problem? I’m trying to do something similar (protect primary domain and subdomains using a wildcard SSL certificate) but am having the same redirection issues.

Is this a web hosting issue or a WordPress issue?

Does anyone know of a work-around?

Thanks!

Kevin.

Hi Kevin,

Eventually yes – after much nail biting and pulling my hair out ??

I had to get my hosting support to help me, because everything I tried from my own research failed. (i.e. my sub-domains kept redirecting to my primary domain).

Here is a summary of what my hosting support carried out:

I have made the changes to your WP databases so that links go to the https version of your subdomains. I have also changed the redirects in your public_html/.htaccess file to variants that will work properly, instead of sending you to your primary domain when you click on links.

This all appears to function properly. The only thing that I see that may not be functioning as intended is that you can choose to go directly to a URL over http instead of https. For example, if you type in the following (or use the link), you will see an http version of the page:

https://subdomain.mydomain.com/wp-login.php

The site is not forcing https (although as soon as you login, or click on a link, you will find yourself at the https page). If you want to enforce https for the secure and secureforms subdomains, you can add the following lines to the top of the /public_html/secure/.htaccess and /public_html/secureforms/.htaccess files:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]

How did we do? Please help us to improve the support that we offer you
by filling out this online survey:

I hope this helps Kevin!

Good luck ??

Hi star_rider – I’m in exactly the same boat as you. Could you please post the contents of the .htaccess files for your root and subdomain folder?

I went through the wringer with Bluehost support, but they couldn’t do the “I have also changed the redirects in your public_html/.htaccess file to variants that will work properly, instead of sending you to your primary domain when you click on links” part that your tech seemed to be able to do!

Any help would be greatly appreciated!