access_time
February 5, 2019
hourglass_empty
2 min Read
person_outline
Edvinas B.
How to Force HTTPS
After installing an SSL certificate, your website becomes available over both HTTP and HTTPS. In this tutorial, you will learn how to force HTTPS for your website instead of HTTP. This will redirect all your visitors and traffic to the secure and encrypted version of your website. Google recommends using HTTPS everywhere because the encryption helps to keep your data and your users secure. One of the quickest and most efficient ways of doing that is by using the .htaccess file.
Before starting this tutorial, make sure you have a valid SSL certificate. Bullet-proof certificates can cost a fortune, but luckily for you, Hostinger offers cheap SSL certificates for a lifetime here.
What you’ll need
Before you begin this guide you’ll need the following:
- Access to your hosting control panel
- Installed SSL certificate
Step 1 — Locating and editing .htaccess
First of all, you will need to locate or create the .htaccess file, where the redirection code will need to be entered. You may find a detailed tutorial on how to find your .htaccess file here.
Step 2 — Adding the redirection code
To force all of the web traffic (every link in your website) to use HTTPS insert the following lines of code in the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]IMPORTANT If you have some existing code in your .htaccess, make sure that RewriteEngine On is not repeated twice. In case the line already exists, simply copy the rest of the code without it.
RewriteCond %{HTTP_HOST} ^example1\.com [NC]
The full HTTPS redirection code would be:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example1\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Make sure to replace example1.com with the domain name you’re trying to force to use HTTPS.
If you want to force SSL only on specific folders you can insert the code below into a .htaccess file, keep in mind that this .htaccess file should be placed in the folder where you want to force HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Make sure you change the folder references to the actual directory names.
After you have added the code to your .htaccess file you should Save the changes. After that, clear your browser’s cache and re-check the connectivity to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version automatically.
Congratulations, you have successfully edited your .htaccess file and redirected all traffic to HTTPS, the safe version of your website. Depending on the platform where your website was developed, there could be alternative methods to enable automatic HTTPS redirection. For example, you can configure your WordPress or PrestaShop site to work with HTTPS with the assistance of plug-ins.
Conclusion
In this short tutorial, we have learned how to take full advantage of an SSL certificate and use .htaccess to redirect all visitors and traffic to HTTPS. If you have any tips, tricks, or suggestion that you want to share, we are looking forward to seeing them in the comments!
The Author
Edvinas B. / @edvinas
Edvinas mentors and trains every new customer support agent at Hostinger. When he's not teaching new guys the secrets of providing an exceptional service, he likes to travel the world and play basketball.
domantas
Replied on April 13, 2017
Hello Adnan, Do you get any errors? Are you following all steps carefully?