access_time
June 15, 2020
hourglass_empty
2min Read
person_outline
Edvinas B.
How to Force HTTPS using .htaccess (Updated 2021)
After installing an SSL certificate, your website is available over HTTP and HTTPS. However, it’s better to use only the latter because it encrypts and secures your website’s data. While Hostinger allows users to configure this setting in just one click, you can also use the .htaccess file to force HTTPS connection. This tutorial will show you how.
Everything you’ll need for WordPress hosting with up to 82% OFF!
Forcing HTTPS on All Traffic
One of the many functions you can perform via .htaccess is the 301 redirects, which permanently redirects an old URL to a new one. You can activate the feature to force HTTPS on all incoming traffic by following these steps:
- Go to File Manager in your hosting panel and open .htaccess inside the public_html folder. If you can’t locate it, make sure to create or unhide it.
- Scroll down to find RewriteEngine On and insert the following lines of code below it:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] - Save the changes.
IMPORTANT: Make sure that the line RewriteEngine On is not repeated twice. In case the line already exists, simply copy the rest of the code without it.
Forcing HTTPS on a Specific Domain
Let’s say that you have two domains: http://yourdomain1.com and http://yourdomain2.com. Both domains access the same website, but you only want the first one to be redirected to the HTTPS version. In this case, you need to use the following code:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain1.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Make sure to replace yourdomain1 with the actual domain you’re trying to force HTTPS on.
Forcing HTTPS on a Specific Folder
The .htaccess file can also be used to force HTTPS on specific folders. However, the file should be placed in the folder that will have the HTTPS connection.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Make sure to change the folder references to the actual directory names.
After making the changes, clear your browser’s cache and try to connect to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version.
Conclusion
Congratulations! you have successfully edited your .htaccess file and redirected all HTTP traffic to HTTPS, the safe version of your website. Depending on the platform where you developed your website, there could be alternative methods to enable this feature. For example, you can configure your WordPress or PrestaShop site to work with HTTPS using plugins.
If you have any tips, tricks, or suggestions that you want to share, we are looking forward to seeing them in the comments!
The Author
Edvinas B. / @edvinas
Edvinas mentors and trains every new customer support agent at Hostinger. When he's not teaching new guys the secrets of providing an exceptional service, he likes to travel the world and play basketball.
Featured tutorials
Related tutorials
Adnan
April 13 2017
I have problem, for me it doesnt work
Saleem
April 13 2017
i write this in htaccess file, is it correct? RewriteCond %{HTTP_HOST} !^www.mywebsite.com$ [NC] RewriteRule ^(.*)$ http://www.mywebiste.com/$1 [L,R=301] RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
gene darner
July 23 2017
Hi I cant seem to really make it work. can you please mail me the exact code i should insert in the .htaccess file for my website. that would be a great help my website "cryptofitnessclub.com"
Alex
January 25 2018
I tried but no success. Here is what I get in URL after adding code: http://reservationexcursions.me/wp-login.php?redirect_to=http%3A%2F%2Freservationexcursions.me%2Fwp-admin%2F&reauth=1 I added like this at the end of .htaccess : RewriteCond %{HTTP_HOST} ^reservationexcursions\.me [NC] RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] Can you help?
Gediminas B.
Replied on February 15 2018
Hello, Alex. Try removing the lines that you added and use this code instead: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Keep in mind that you do not need to change anything. SSL should start forcing immediately after adding it. Alternatively, you can reach the same result in WordPress with the help of plugins, such as Really Simple SSL.
Pacilinja2
July 04 2018
Thanks to this tut, my website is now secure!
Harry
July 21 2019
Thank you! This is the one I needed.
carloscorcha
January 22 2020
thanks, it apparently works!
Sandhu
January 25 2020
Works like a charm! Thanks
shahbaaz
October 01 2020
can you add a code for websites that use www. ?
Tomislav T.
Replied on November 18 2020
Hey there shahbaaz.
You can use this code here: RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] Let me know how it goes!
vishal
October 08 2020
thanks it's working
Tomislav T.
Replied on November 18 2020
Happy to help Vishal.
domantas
Replied on April 13 2017
Hello Adnan, Do you get any errors? Are you following all steps carefully?