BugWP logo BugWP
Back to Community
Home / Community / PluginReally simple security

Understanding and Resolving Multiple Redirects with Really Simple SSL

41 threads Sep 7, 2025 PluginReally simple security

Content

If you've recently moved your WordPress site to HTTPS using the Really Simple SSL plugin, you might have encountered warnings about "multiple redirects" or "avoiding landing page redirects" in tools like GTmetrix or Pingdom. This is a common point of confusion, and this guide will explain why it happens and what your options are.

Why Am I Seeing Multiple Redirects?

The most frequent scenario reported by users is a chain of two redirects. For example:

  1. http://www.example.com → (redirects to)
  2. https://www.example.com → (redirects to)
  3. https://example.com

This behavior often stems from having two separate configurations:

  1. SSL Redirection: The Really Simple SSL plugin (or your server) handles the redirect from HTTP to HTTPS.
  2. WWW/Non-WWW Redirection: Your WordPress address setting (in Settings > General) or a separate server rule handles the redirect between the www and non-www version of your domain.

When these two forces work independently, they can create a two-step process instead of a single, direct redirect.

Is This a Problem?

From a security and best practices perspective, this two-step redirect is often not a bug. As noted in several support threads, the Really Simple SSL team advocates for this method. It ensures that the HSTS header is properly set on all domain variations, which helps prevent "man-in-the-middle" attacks. Performance tools may flag it, but the actual impact on load time for a user is typically minimal (milliseconds).

Common Solutions and Configuration Tips

If you still wish to consolidate the redirects for performance or other reasons, here are the most effective approaches based on community reports.

1. Use Only One Redirect Method

A common mistake is enabling multiple redirection methods simultaneously within the plugin, which can cause conflicts or unexpected behavior.

  • Best Practice: In the Really Simple SSL settings, enable only one primary redirect method. The "Enable 301 .htaccess redirect" is generally recommended as the fastest option.
  • What to disable: If you enable the .htaccess redirect, you should disable "Enable WordPress 301 redirection to SSL" and "Enable Javascript redirection to SSL" to prevent double redirects.

2. Configure a Direct .htaccess Rule

To force a direct redirect from http://www to https://non-www (or vice versa) in a single step, you can add a custom rule to your .htaccess file, above the WordPress rules.

Example: Redirect ALL traffic to HTTPS and non-WWW

# BEGIN Custom Redirects
<IfModule mod_rewrite.c>
RewriteEngine On

# Force HTTPS and remove WWW
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule (.*) https://example.com/$1 [R=301,L]
</IfModule>
# END Custom Redirects

# BEGIN WordPress
...

Important: Always back up your .htaccess file before editing it. Replace example.com with your actual domain. This approach consolidates the two redirects into one but deviates from the security best practice recommended by the plugin's developers.

3. Check for Conflicting Configurations

Your redirect chain might be influenced by settings outside of WordPress. Before making changes, investigate:

  • Cloudflare: Check your Page Rules and SSL/TLS settings for rules that might be causing a separate redirect.
  • Your Hosting Provider: Some hosts have their own forced SSL or domain redirect settings that can interfere.
  • Caching Plugins: Clear your cache completely after changing any redirect settings, as old redirects can be stored.

Conclusion

Seeing multiple redirects after installing Really Simple SSL is a frequent occurrence. In most cases, it's the intended, secure method of handling the transition to HTTPS. For the vast majority of sites, the performance impact is negligible and the security benefit is worth the extra step.

However, if you need to optimize for a single redirect, the solution typically involves standardizing your domain preference (www or non-www) in WordPress, using only one redirect method within the plugin, and potentially adding a consolidated rule to your .htaccess file. Always test changes thoroughly with a tool like Redirect Checker.

Related Support Threads Support