Howto force SSL for all requests?

Is there a way to force SSL for all requests? Much like the option to use admin ssl, but for all requests, including the ones who are not logged in.

Solutions Collecting From Web of "Howto force SSL for all requests?"

Here is a complete guide – Enable Complete support for SSL on WordPress

A simple check for is_ssl() should do it:

add_action( 'plugins_loaded', 'wpse_2718_force_ssl' );

function wpse_2718_force_ssl()
    if ( is_ssl() )

        'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] 

But I would do this in .htaccess to catch images too:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

For ISS see this answer on Stack Overflow.

Add this rule to the top of .htaccess:

# This should be the first rule before other rules
<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# END Force SSL

This should be before WordPress’ rules.

I’ve used Really Simple SSL to my all of clients sites and it works very fine. If you dont want to modify code, simply install this plugin and config it.