How to Force HTTPS

After installing an SSL certificate, your website becomes available over both HTTP and HTTPS. In this tutorial, you will learn how to force HTTPS for your website instead of HTTP. This will redirect all your visitors and traffic to the secure and encrypted version of your website. Google recommends using HTTPS everywhere because the encryption helps to keep your data and your users secure. One of the quickest and most efficient ways of doing that is by using the .htaccess file.

Before starting this tutorial, make sure you have a valid SSL certificate. Bullet-proof certificates can cost a fortune, but luckily for you, Hostinger offers cheap SSL certificates for a lifetime here.

What you’ll need

Before you begin this guide you’ll need the following:

• Access to your hosting control panel
• Installed SSL certificate

Step 1 — Locating and editing .htaccess

First of all, you will need to locate or create the .htaccess file, where the redirection code will need to be entered. You may find a detailed tutorial on how to find your .htaccess file here.

Step 2 — Adding the redirection code

To force all of the web traffic (every link in your website) to use HTTPS insert the following lines of code in the .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

IMPORTANT If you have some existing code in your .htaccess, make sure that RewriteEngine On is not repeated twice. In case the line already exists, simply copy the rest of the code without it.

Let’s say that you want the users that enter through http://example1.com be redirected to https://example1.com and the users that enter through http://example2.com to stay on the HTTP version. In such a case, you can use the following line of code in the .htaccess file in your website’s root folder.

RewriteCond %{HTTP_HOST} ^example1\.com [NC]

The full HTTPS redirection code would be:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example1\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace example1.com with the domain name you’re trying to force to use HTTPS.

If you want to force SSL only on specific folders you can insert the code below into a .htaccess file, keep in mind that this .htaccess file should be placed in the folder where you want to force HTTPS:

RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure you change the folder references to the actual directory names.

After you have added the code to your .htaccess file you should Save the changes. After that, clear your browser’s cache and re-check the connectivity to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version automatically.

Congratulations, you have successfully edited your .htaccess file and redirected all traffic to HTTPS, the safe version of your website. Depending on the platform where your website was developed, there could be alternative methods to enable automatic HTTPS redirection. For example, you can configure your WordPress or PrestaShop site to work with HTTPS with the assistance of plug-ins.

Conclusion

In this short tutorial, we have learned how to take full advantage of an SSL certificate and use .htaccess to redirect all visitors and traffic to HTTPS. If you have any tips, tricks, or suggestion that you want to share, we are looking forward to seeing them in the comments!