.htaccess
<ifModule mod_headers.c>
# Header set Access-Control-Allow-Origin: *
#Header add Content-Security-Policy "default-src 'self';"
Header always set Content-Security-Policy "upgrade-insecure-requests;"
</ifModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
Optional
wp-config.php
define('FORCE_SSL_ADMIN', true);
define('WP_HOME',''.$_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].'/wordpress');
define('WP_SITEURL',''.$_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].'/wordpress');
