You'd do well to address that duplicate-content problem before you go live: You've shown four URLs which all resolve to the same content due to the non-canonical domain and the trailing slash option. Adding in FQDN and appended-port hostnames, that quickly balloons to 16 URLs, all leading to the same content.

So for any given page of content, sixteen URLs will compete for search ranking, and the rank of each of those actual pages may be one-sixteenth what it could be... Then there's the problem that the search engines --and not you-- will pick the URL that "they like best" for whatever reason.

If you have no other domains or subdomains associated with this site, then use this in example.org/.htaccess:

RewriteCond %{HTTP_HOST} !^www\.example\.org$
RewriteCond %{SERVER_PORT}s ^(443(s)¦[0-9]+)$
RewriteRule ^(.*)$ http%2://www.example.org/$1 [R=301,L]

This can also be used in a <Directory> container in your server config file. Outside of a <Directory> container, you will need to add a slash to the RewriteRule pattern, making it "^/(.*)$"

If you do have other domains or additional subdomains, then the code will be more complex, and we'll need to discuss the details here.

To address the trailing slash problem, first make sure that WP is correctly generating all on-page links with the trailing slash. You can then fix-up linking errors on third-party sites using this in example.org/.htaccess:

RewriteRule ^(([^/]+/)*[^./]*[^/])$ http://www.example.org/$1/ [R=301,L]

Again, for use in a server config file outside of a <Directory> container, you'll need to add a leading slash to this RewriteRule's pattern.

Your best bet would be to fix the https problem by linking to the page using the proper protocol from all pages within your own site, and only then installing a redirect. Otherwise, you confuse the search engines, and force all clients (browsers and SE robots) to make two HTTP requests for that page -- The first for http/xyz/donate will result in the server responding with a redirect, and the client will then have to re-request the page using the [xyz...] URL. This slows the user experience, and pollutes your logs and stats with two request/response transactions every time that page is requested. Fix the links if it is at all possible.

Then you can add this to example.org/.htaccess:

RewriteCond %{SERVER_PORT} !=443 [OR]
RewriteCond %{REQUEST_URI} !/$
RewriteRule ^blog/donate/donate-now/?$ https://www.example.org/blog/donate/donate-now/ [R=301,L]

ahead of the rule posted above.

And once again, for use in a server config file outside of a <Directory> container, you'll need to add a leading slash to the RewriteRule pattern.

---

So the whole pile, properly ordered, will look like this in example.org/.htaccess:

Options +FollowSymLinks -MultiViews
RewriteEngine on
#
# Redirect to force SSL and trailing slash on bad links to donate-now page
RewriteCond %{SERVER_PORT} !=443 [OR]
RewriteCond %{REQUEST_URI} !/$
RewriteRule ^blog/donate/donate-now/?$ https://www.example.org/blog/donate/donate-now/ [R=301,L]
#
# Redirect to add missing trailing slash unless URL ends with a "filetype"
RewriteRule ^(([^/]+/)*[^./]*[^/])$ http://www.example.org/$1/ [R=301,L]
#
# Redirect all non-canonical hostname requests to canonical domain, preserving SSL/non-SSL
RewriteCond %{HTTP_HOST} !^www\.example\.org$
RewriteCond %{SERVER_PORT}s ^(443(s)¦[0-9]+)$
RewriteRule ^(.*)$ http%2://www.example.org/$1 [R=301,L]

Important: Change the broken pipe "¦" character above to a solid pipe character; Posting on this forum modifies the pipe character.

Note that the rules are ordered from most-specific pattern and conditions to least-specific in order to avoid 'stacked' or 'chained' multiple redirects.

Jim

Thank you so much for all of your help. Of course, it works great (and no - we don't have additional domains or subdomains). But perhaps even more importantly, you just cleared up a lot of questions in my mind and educated me on many other things.