SSL

How to Force HTTPS

Last Updated on: November 2nd, 2017
Edvinas B.

Introduction

After installing an SSL certificate, your website becomes available over both HTTP and HTTPS. In this tutorial, you will learn how to force HTTPS for your website instead of HTTP. This will redirect all your visitors and traffic to the secure and encrypted version of your website. Google recommends using HTTPS everywhere because the encryption helps to keep your data and your users secure. One of the quickest and most efficient ways of doing that is by using the .htaccess file.

Before starting this tutorial, make sure you have a valid SSL certificate. Bullet-proof certificates can cost a fortune, but luckily for you, Hostinger offers cheap SSL certificates for a lifetime here.

What you’ll need

Before you begin this guide you’ll need the following:

Step 1 — Locating and editing .htaccess

First of all, you will need to locate or create the .htaccess file, where the redirection code will need to be entered. You may find a detailed tutorial on how to find your .htaccess file here.

Step 2 — Adding the redirection code

To force all of the web traffic (every link in your website) to use HTTPS insert the following lines of code in the .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

IMPORTANT If you have some existing code in your .htaccess, make sure that RewriteEngine On is not repeated twice. In case the line already exists, simply copy the rest of the code without it.

Let’s say that you want the users that enter through http://example1.com be redirected to https://example1.com and the users that enter through http://example2.com to stay on the HTTP version. In such a case, you can use the following line of code in the .htaccess file in your website’s root folder.

RewriteCond %{HTTP_HOST} ^example1\.com [NC]

The full HTTPS redirection code would be:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example1\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace example1.com with the domain name you’re trying to force to use HTTPS.

If you want to force SSL only on specific folders you can insert the code below into a .htaccess file, keep in mind that this .htaccess file should be placed in the folder where you want to force HTTPS:

RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure you change the folder references to the actual directory names.

After you have added the code to your .htaccess file you should Save the changes. After that, clear your browser’s cache and re-check the connectivity to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version automatically.

htaccess

Congratulations, you have successfully edited your .htaccess file and redirected all traffic to HTTPS, the safe version of your website. Depending on the platform where your website was developed, there could be alternative methods to enable automatic HTTPS redirection. For example, you can configure your WordPress or PrestaShop site to work with HTTPS with the assistance of plug-ins.

Conclusion

In this short tutorial, we have learned how to take full advantage of an SSL certificate and use .htaccess to redirect all visitors and traffic to HTTPS. If you have any tips, tricks, or suggestion that you want to share, we are looking forward to seeing them in the comments!

About the author

View All Posts

Edvinas B.

Edvinas mentors and trains every new customer support agent at Hostinger. When he's not teaching new guys the secrets of providing an exceptional service, he likes to travel the world and play basketball.

7 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • i write this in htaccess file, is it correct?


    RewriteCond %{HTTP_HOST} !^www.mywebsite.com$ [NC] RewriteRule ^(.*)$ http://www.mywebiste.com/$1 [L,R=301]


    RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    Reply

  • Hi
    I cant seem to really make it work.
    can you please mail me the exact code i should insert in the .htaccess file for my website. that would be a great help
    my website “cryptofitnessclub.com”

    Reply

  • I tried but no success. Here is what I get in URL after adding code:
    http://reservationexcursions.me/wp-login.php?redirect_to=http%3A%2F%2Freservationexcursions.me%2Fwp-admin%2F&reauth=1
    I added like this at the end of .htaccess :

    RewriteCond %{HTTP_HOST} ^reservationexcursions\.me [NC]
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    Can you help?

    Reply

    • Hello, Alex.

      Try removing the lines that you added and use this code instead:

      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

      Keep in mind that you do not need to change anything. SSL should start forcing immediately after adding it. Alternatively, you can reach the same result in WordPress with the help of plugins, such as Really Simple SSL.

      Reply

Get Exclusive Content

Join thousands of webmasters who get our free newsletter with tips on how to drive more traffic and revenue to their websites!

Please wait...

Thank you for sign up!

We - and our partners - use cookies to deliver our services and to show you ads based on your interests. By using our website, you agree to the use of cookies as described in our Cookie Policy More.