This is what I started with:

# Force trailing slash
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpg|png|jpeg|css|xml|txt|js|php|scss|webp|mp3|avi|wav|mp4|mov)$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1/ [L,R=301]

The first row activates the rewrite possibility. Then there are some conditions (RewriteCond): if it is not a file, not a GET request, does not end with a slash and is not a file with one of the specified extensions. If all are true, add a slash to the request url. I needed one more line with something like ‘not logged in’

There are WordPress functions that check for the loggedin state, but PHP does not work in .htaccess. The solution was to check the cookies:

RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]

If I add that line before the RewriteRule, the slash is only added if the user is not logged in, hence the RewriteRule will never affect the admin area as you need to be logged in to access the admin area.

The complete set:

# Force trailing slash
RewriteEngine On
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpg|png|jpeg|css|xml|txt|js|php|scss|webp|mp3|avi|wav|mp4|mov)$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1/ [L,R=301]