How to Force HTTPS

How to Force HTTPS

After installing an SSL certificate, your website becomes available over both HTTP and HTTPS. In this tutorial, you will learn how to force HTTPS for your website instead of HTTP. This will redirect all your visitors and traffic to the secure and encrypted version of your website. Google recommends using HTTPS everywhere because the encryption helps to keep your data and your users secure. One of the quickest and most efficient ways of doing that is by using the .htaccess file.

Before starting this tutorial, make sure you have a valid SSL certificate. Bullet-proof certificates can cost a fortune, but luckily for you, Hostinger offers cheap SSL certificates for a lifetime here.

What you’ll need

Before you begin this guide you’ll need the following:

Step 1 — Locating and editing .htaccess

First of all, you will need to locate or create the .htaccess file, where the redirection code will need to be entered. You may find a detailed tutorial on how to find your .htaccess file here.

Step 2 — Adding the redirection code

To force all of the web traffic (every link in your website) to use HTTPS insert the following lines of code in the .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

IMPORTANT If you have some existing code in your .htaccess, make sure that RewriteEngine On is not repeated twice. In case the line already exists, simply copy the rest of the code without it.

Let’s say that you want the users that enter through be redirected to and the users that enter through to stay on the HTTP version. In such a case, you can use the following line of code in the .htaccess file in your website’s root folder.

RewriteCond %{HTTP_HOST} ^example1\.com [NC]

The full HTTPS redirection code would be:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example1\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace with the domain name you’re trying to force to use HTTPS.

If you want to force SSL only on specific folders you can insert the code below into a .htaccess file, keep in mind that this .htaccess file should be placed in the folder where you want to force HTTPS:

RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure you change the folder references to the actual directory names.

After you have added the code to your .htaccess file you should Save the changes. After that, clear your browser’s cache and re-check the connectivity to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version automatically.


Congratulations, you have successfully edited your .htaccess file and redirected all traffic to HTTPS, the safe version of your website. Depending on the platform where your website was developed, there could be alternative methods to enable automatic HTTPS redirection. For example, you can configure your WordPress or PrestaShop site to work with HTTPS with the assistance of plug-ins.


In this short tutorial, we have learned how to take full advantage of an SSL certificate and use .htaccess to redirect all visitors and traffic to HTTPS. If you have any tips, tricks, or suggestion that you want to share, we are looking forward to seeing them in the comments!

The Author


Edvinas B. / @edvinas

Edvinas mentors and trains every new customer support agent at Hostinger. When he's not teaching new guys the secrets of providing an exceptional service, he likes to travel the world and play basketball.

Related tutorials


Adnan Reply

April 13, 2017

I have problem, for me it doesnt work



    Replied on April 13, 2017

    Hello Adnan, Do you get any errors? Are you following all steps carefully?


Saleem Reply

April 13, 2017

i write this in htaccess file, is it correct? RewriteCond %{HTTP_HOST} !^$ [NC] RewriteRule ^(.*)$$1 [L,R=301] RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


gene darner Reply

July 23, 2017

Hi I cant seem to really make it work. can you please mail me the exact code i should insert in the .htaccess file for my website. that would be a great help my website ""


Alex Reply

January 25, 2018

I tried but no success. Here is what I get in URL after adding code: I added like this at the end of .htaccess : RewriteCond %{HTTP_HOST} ^reservationexcursions\.me [NC] RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] Can you help?


    Gediminas B.

    Replied on February 15, 2018

    Hello, Alex. Try removing the lines that you added and use this code instead: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Keep in mind that you do not need to change anything. SSL should start forcing immediately after adding it. Alternatively, you can reach the same result in WordPress with the help of plugins, such as Really Simple SSL.


Pacilinja2 Reply

July 04, 2018

Thanks to this tut, my website is now secure!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Become a part of Hostinger now!