How To: Force Robots.txt and Sitemap.xml over HTTPS:// on WP Engine

How To: Force Robots.txt and Sitemap.xml over HTTPS:// on WP Engine

If you’re on WP Engine and are not routing through Cloudflare or a similar proxy that can force static files to HTTPS://, you may notice that a request to https://domain.com/robots.txt or https://domain.com/sitemap.xml won’t redirect to HTTPS:// (or many other static files).

They will both still load with HTTPS:// if specifically requested with that protocol – but they won’t redirect from HTTP:// even if you’ve selected Secure All URLs on the SSL page in the WP Engine User Portal.

The reason is that static files load directly from Nginx before the HTTPS:// rewrite is applied. So in order to fix this, you’ll need to add some trickery to the Before section of your Nginx configuration. You won’t be able to do this directly, but you can provide the following to a support agent:

set $if_https 0;
if ( $http_x_forwarded_proto != "https" )

{ set $if_https 1; }
set $if_content_includes 0;
if ( $uri ~* "^/(sitemap.xml|robots.txt)" )

{ set $if_content_includes 1; }
set $force_assets "$if_https:$if_content_includes";
if ( $force_assets = "1:1" )

{ rewrite ^/ https://$host$uri permanent; }

The above covers Robots.txt and Sitemap.xml only, so feel free to modify the (sitemap.xml|robots.txt) part to catch any other specific files you want to force SSL on.

If you want to force all static resources without specifying a resource, you would use this instead:

if ( $http_x_forwarded_proto != "https" ) {
   rewrite ^/ https://$host$uri permanent;
}

After adding either modification, be sure to test in an incognito window as your browser will likely still have the older cached version. Do keep in mind, you can skip all this if you route through a free Cloudflare account and enable the Always Use HTTPS option on the Crypto page:

How To: Force Robots.txt and Sitemap.xml over HTTPS:// on WP Engine