HTTP sitewide, except for: wp-admin, and 2 custom directories

This is a pointless question. you either do a sitewide HTTPS or just don’t do it at all. Doing HTTPS for only some pages is just lying to yourself about the security of the site.

You can decide to have HTTPS for only some of your users, but you can never do it just on some of your pages without breaking the fundamental assumptions behind using HTTPS as a security measure.

If for some reason you need those pages HTTPS but just can’t do the whole site, then put those pages under a different domain/subdomain.

Related Posts:

  1. Globally force SSL on all pages
  2. Admin-Ajax.php, SSL, Non-SSL
  3. How disable SSL redirect for specific URL?
  4. How to modify the .htaccess to force ssl on login and admin pages
  5. Transfer to HTTPS – mixed content on main page only [closed]
  6. Https Redirect infinite loop in Mobile browsers
  7. 403 error on admin login page
  8. Adding a SSL Certificate
  9. Stop WordPress and Plugins from Overwriting .htaccess
  10. htaccess rewrite conflict with wordpress rules and ssl
  11. htaccess https redirect from www to non-www
  12. Force HTTPS using .htaccess – stuck in redirect loop
  13. How to redirect url requests to https? [closed]
  14. Setup Permanent 301 Redirects after moving to Https [closed]
  15. https multiple redirects
  16. How to properly force https and www on multisite with Apache HTAccess
  17. Redirect http to https does not work on subdir where another instance of WordPress installed
  18. I can’t access the admin panel links as I click it shows 403 error
  19. What is the right way to redirect all traffic to HTTPS?
  20. Htaccess file isn’t redirecting http sub-pages to https––they display 404 error instead, tried many solutions and none work
  21. How can I fix the redirect chain after implementing ssl on wordpress?
  22. Forcing HTTPS with WordPress on AWS
  23. Locked out of admin and some pictures don’t show after failed SSL installation
  24. Conflict with Force SSL and Rewrite Rules
  25. ReDirect subfolder link to another sub-folder and force SSL
  26. Force non-ssl on WordPress RSS feeds in htaccess, using cloudflare
  27. fix 302 redirection error on https
  28. Redirect https://www.subdomain.domain.com is not redirecting to subdomain.website.com [closed]
  29. HTTPS to HTTP rewrite rules not working as expected
  30. Steps for WordPress over SSL
  31. The connection to “domain” is not secure
  32. How do you redirect HTTPS to HTTP?
  33. Python requests SSL error – certificate verify failed
  34. How can I force users to access my page over HTTPS instead of HTTP?
  35. Why is WordPress redirecting from http to https on a local environment?
  36. Is there a way to force ssl on certain pages
  37. htaccess problem after saving Settings
  38. File and directory permissions
  39. How to use WordPress multisite with mixed HTTP and HTTPS sites?
  40. Name-based virtual host configuration in Apache seems to cause a “500 Internal Server Error”
  41. Isolating WordPress to a subfolder
  42. Why wordpress multisite redirect to wp-signup if site exists?
  43. What is the role of .htaccess file in WordPress?
  44. Remove File Extension for Page Outside of WordPress
  45. different child theme for subdomain
  46. How do I edit the htaccess file to optimize my website?
  47. Block only external access to wp-cron.php on OpenLiteSpeed
  48. Which HTTP headers to use for subdomain embedding?
  49. Divert http to https with WordPress on IIS
  50. Site searches by Python for non-existent assets
  51. WordPress On subfolder
  52. Override htacces rule only for specific directory
  53. How To Allow Only Specific User Agent To Access a URL?
  54. How to ignore folder in site root while accessing a URL
  55. How can I enable keep alive (Not accessing to Apache)
  56. mod_rewrite loop, redirecting http to https on certain section of wordpress blog
  57. .htaccess in subdir gets ignored by WordPress’ own .htaccess in /
  58. Rules in .htaccess only if the requested URL is /wp-admin
  59. What to write in the htaccess in order to detect browser language and point accordingly?
  60. Chrome 83 doesn’t connect WP login page after update from http to https on localhost
  61. How can I fix the mixed content problems of the kk star ratings plugin?
  62. .htaccess RewriteCond excluding directories does not work when there is an .htaccess or php.ini in subdirectory
  63. Separate 404 page for WordPress in subfolder
  64. Weird behavior of Dashboard, must be core files
  65. 404 error Additionally 403 Forbidden error on a URL
  66. Mixed Content warnings google fonts
  67. Remove trailing slash after .html extension
  68. Does WP suppresses .htaccess if permalinks are disabled?
  69. I have a page using a pretty url and a mod_rewrite rule matching it. I expected it to give an error but it’s working. Why?
  70. How do I setup htaccess for 301 redirects, post Joomla to WordPress migration? [closed]
  71. Hide a subdirectory on my website hosting
  72. Can’t access WP site over WiFi network
  73. Hi do I change Media files that still show as http after installing ssl
  74. Creating a copy of a website in a subdirectory, wp-admin redirect problem
  75. My site doesn’t redirect from HTTP to HTTPS
  76. htaccess redirect throws an error: PHP Catchable fatal error: Object of class WP_Error could not be converted to string
  77. Only execute function if SSL is set up properly
  78. WordPress permalinks confusion
  79. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  80. Why my WordPress Site Asking for HTTP Authentication?
  81. Mixed Content: The page at ” was loaded over HTTPS, but requested an insecure font ”
  82. WordPress site not forcing from http to https instead getting redirected too many times
  83. htaccess redirects invalid request to home page not 404
  84. Implications of not completing all tasks when switching to HTTPS
  85. WordPress How to rewrite URL for custom pages
  86. How to properly give WordPress its own directory
  87. 404 Page not found error after adding ‘s’ in ‘http’ in Settings
  88. WordPress permalinks is wrong. It wants me to change my htaccess file. But then site crashes
  89. Question with .htaccess and wp-login.php prevention
  90. How come all my http URLs are turned to https?
  91. Moving site from HTTP to HTTPS
  92. htaccess old php pages to new wordpress ones
  93. different CNAME to corresponding subfolders
  94. block seacrh engines for all pages EXCEPT homepage
  95. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  96. htaccess – Server Subdirectory With Different Name Than URL Subdirectory
  97. Remove “www” and redirect to “https” with nginx
  98. How To Add CSP frame ancestors in WordPress Website? [closed]
  99. How do I modify each instance of setcookie?
  100. Https Website: CSS and JS files load in http and admin page does not load too