HTTP & HTTPS Duplicate Content Issue

[Dreo]

I have a wordpress website that was originally http, then added a SSL to it... After running the site through SEMRush, it looks like both versions have been indexed.

The website still defaults to HTTP and not HTTPS... But what is the best and more importantly, safest method to fix this problem?

 

[built]

It's because you didn't 301 the http to https.

https://godaddy.com/help/redirect-http-to-https-automatically-8828

If you use cloudflare you can also create a page rule to redirect http to https

 

[Jitsiereveld]

Hey Dreo, I ran into this issue with a couple WordPress sites. @built beat me to the code snippet but here is what I was going to add. A couple code snippets for the .htaccess file of your WordPress sites.

# BEGIN Force http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# END Force http to https

# BEGIN Restrict access to IP address only
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^00.00.00.000$
RewriteRule ^(.*)$ – [R=403,L]
# END Restrict access to ip

The first one is to force the https redirect and the second won't allow users to reach your /wp-admin/ URLs unless they are from the specified IP address. Replace the "0"s with your IP address and you've taken an extra step to securing your site. This second snippet may not work correctly if your users are able to log in since they use the /wp-login URL to do so.