wprecommend logo

Force HTTPS using .htaccess File

how-to-force-https-using-htaccess

How to Force HTTPS using .htaccess?

Table of Content show

HTTPS stands for HyperText Transfer Protocol Secure, a protocol for secure communication between your website server and computer network.

Installed an SSL certificate for your website and your website still redirecting over HTTP? Don’t worry we are here to solve your issue on how to force HTTPS using .htaccess file.

After installing SSL your website is available in both HTTP and HTTPS versions. But we strongly recommend you to use only HTTPS version to encrypt and secure your server. Hosting providers allow you to force https over HTTP.

Why Use HTTPS over HTTP?

You may wonder why we should use HTTPS over HTTP. Nowadays website owners are preferring to use https and they are migrating from HTTP to HTTPS for the following reasons:

  • HTTPS is more secure than HTTP and builds a secure connection between the website server and the web browser.
  • Enabling HTTPS gives you a secure padlock, which builds trust on your site.
  • Google gives HTTPS sites an additional ranking boost on Google search.
  • HTTP/2 protocol gives you faster speed loading in browser end.
  • Enabling SSL is additional security for your website.

How to Redirect HTTP to HTTPS in WordPress Using .htaccess File

There are lots of options available for you to force HTTPS in WordPress. In this particular post, we will talk about how to redirect HTTP to HTTPS in WordPress using the .htaccess file.

force-HTTPS-using-htaccess

You can redirect all your traffic via .htaccess file using 301 permanent redirects. Your all old URLs will be replaced with the new one automatically after applying the below steps:

  • Go to your hosting Cpanel → File Manager, select the public_html folder and find .htacess file.
  • If you don’t have already create a file named .htaccess and open it in edit mode.
  • Scroll down and insert the following lines of code below it:
RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • Save the changes.
If you don’t able to see (.) files on your file manager. Click on the settings icon and enable ‘show hidden files’ option shown in screenshot.
file-manager-show-hidden-files

Adding the above code in your website root folder, .htaccess file force HTTPS for your entire site. Let’s see how you can force SSL on a specific domain or subdirectory.

1. Force HTTPS for a Specific Folder or Subdirectory

You can force HTTPS on a specific folder or subdirectories using .htaccess file. Make sure to create a new .htaccess file for that specific directory or folder which you want to make HTTPS enabled.

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Let’s say you want to secure “yourdomain.com/folder1” using .htaccess. All you have to do is create a new .htaccess file inside the “folder1” folder and put the code on it.

Don’t forget to change “folder1, folder2, folder3” with your original folder name.

2. Force HTTPS on a Specific Domain

Let’s assume you have two different websites http://website1.com and http://website2.com, but both websites access the same website. Now you want to redirect HTTP to HTTPS on “website1.com” only. So what you have to do is, put the code on your .htaccess file for the specific domain.

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^website1.com [NC] 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace ‘website1.com’ to your actual domain name.

After applying all the changes clear your website cache and reload your website over HTTP. Magic right? It automatically redirects to HTTPS over HTTP.

Conclusion

Awesome, now you have redirected all your visitors to HTTPS from HTTP automatically. Visitors will see a secure icon before your domain name.

Depending on your website CMS (Content Management System), there will be some ways to enable SSL on your website. So your website can securely show you encrypted content over HTTPS.

Like, WordPress and Prestashop CMS use some plugin to enable that feature automatically and modify the .htaccess file to force HTTPS over HTTP.

Do you know any additional steps to force HTTPS using .htaccess file in WordPress? Share your thoughts on the comment section. Looking forward to your ideas, questions or suggestions.

Don’t forget to check How to Debug and Fix 503 Service Unavailable Error in WordPress.

Like it? Share with your friends!

Picture of Sanjay Samanta

Sanjay Samanta

I’m Sanjay Samanta the founder & CEO of Billions Ideas. I am a professional digital marketer who believes in done over perfect. I help people to make their brand and grow their business online by leveraging the power of strategic content marketing.

Leave a Comment

Picture of Sanjay Samanta
I’m Sanjay Samanta the founder & CEO of Billions Ideas. I am a professional digital marketer who believes in done over perfect. I help people to make their brand and grow their business online by leveraging the power of strategic content marketing.
wprecommend logo

Behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts they live

USEFUL LINKS

About
Contact
Privacy Policy
Terms & Condition
Disclosure
Disclaimer
Cookie Policy
Sitemap

DEALS

Don’t miss our future updates! Get Subscribed Today!

©2020 WP Recommend All Rights Reserved | Powered By Billions Ideas