I use WPEngine as my development environment for client sites. Pushing code with git and using Migrate DB Pro to move content between environments makes development much smoother.
One small quirk I’ve encountered is how WPEngine handles SSL. The admin/backend is always forced to use HTTPS, while the frontend can be accessed over either HTTP or HTTPS. Even if all site URLs are set to HTTPS, requesting the HTTP version of the frontend does not trigger a redirect to HTTPS. On production installs this is typically handled via WPEngine’s SSL settings, but on transferable or staging installs the secure frontend URL can remain inaccessible.
This behavior can confuse clients who expect to see the browser’s “Secure” indicator and can also introduce technical problems. For example, AJAX calls that rely on the admin-ajax URL can fail due to a domain/protocol mismatch. That can break features such as email sending in certain plugins or any requests that require matching protocols.
Installing a plugin to force SSL is an option, but I prefer not to rely on a plugin that I might forget to disable before moving a site to an environment without SSL configured.
Instead, I add a small snippet to a core functionality plugin or a lightweight standalone plugin that enforces HTTPS for frontend requests when running on WPEngine. The code checks if the site is hosted on WPEngine and, if the current request is not using SSL, redirects the request to the HTTPS version of the same URL with a 301 redirect. Below is the implementation I use:
| /** |
| * Force SSL on WPEngine install |
| * |
| * Author: Bill Erickson |
| * See: https://www.billerickson.net/force-ssl-on-wpengine |
| */ |
| function be_force_ssl_on_wpengine() { |
| if ( strpos( home_url(), ‘wpengine’ ) && ! is_ssl() ) { |
| wp_redirect( ‘https://’ . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’], 301 ); |
| exit(); |
| } |
| } |
| add_action( ‘template_redirect’, ‘be_force_ssl_on_wpengine’ ); |
Drop this into your core functionality plugin or a small custom plugin. When active on a WPEngine install, it ensures frontend requests are always redirected to HTTPS, preventing mixed-protocol issues and keeping the site behavior consistent for clients and third-party scripts.
Note: This snippet only redirects when the site’s home URL includes “wpengine” and the current request is not secure, so it won’t interfere with non-WPEngine environments. As always, test changes in a staging environment before applying them to a live site.