plug-in!
Sometimes it's just easier to use a plug-in! Force HTTPS seems to be doing the job and doesn't have loads of caveats.
From https://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file
To force all web traffic to use HTTPS insert the following lines of code in the .htaccess file in your website's root folder.
Important:If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Be sure to replace www.example.com with your actual domain name.
To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:
RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Make sure to replace example\.com with the domain name you're trying force to https. Additionally, you need to replace www.example.com with your actual domain name.
If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} folder RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]
Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folderwith your actual domain name and folder you want to force the SSL on.
And from https://premium.wpmudev.org/blog/ssl-https-wordpress/
Edit your .htaccess file, or create a new one if it doesn’t already exist. If you already have one, place the following code above everything that’s already there.
Don’t forget to replace “mysite.com” with your domain and make sure that you enter in the correct server port if yours isn’t 80.