How Do I Redirect HTTP to HTTPS on My Website?

Thanks to free and low-cost SSL certificates, the use of HTTPS has skyrocketed in recent years. By choosing to redirect all HTTP traffic to HTTPS, website owners can ensure the safety and security of their site visitors. Moreover, search engines like Google are rewarding websites that force HTTPS connections by giving them a boost in search ranking. In this article, we will show how you can gain these benefits by redirecting your HTTP traffic to HTTPS.

What Are the Requirements to Redirect Web Traffic From HTTP to HTTPS?

The only requirement to force an HTTPS connection is for your domain to have a valid SSL certificate. In case you are not sure if there is a valid SSL certificate installed, you can use the SSL Manager to check whether a domain is SSL-protected. If you discover that your domain is not SSL-protected, you should obtain an SSL certificate and then install the SSL on the domain in order to secure it.

Securing your website with SSL instills confidence in your visitors, making it more likely that they will sign up or make a purchase.
Securing your website with SSL instills confidence in your visitors, making it more likely that they will sign up or make a purchase.

It should be noted that all SSL-related functionality is considered an advanced hosting feature. As such, the SSL Manager will only be available to you if you are using one of our premium shared hosting plans or one of our Semi-Dedicated web servers. At this time, the free web hosting package does not come with SSL support.

Why Is My Website Not Loading Securely Now That I Have SSL?

So, you have gone ahead and purchased an SSL certificate for your domain name or installed an SSL that you already had available. Then, you tried visiting your website only to find that it is still showing a Not Secure warning.

Modern web browsers tend to point out unsecured connections, especially if the page contains a payment form or a login field.
Modern web browsers tend to point out unsecured connections, especially if the page contains a payment form or a login field.

The reason for this apparent bug is probably that your website is not set up to force a secure HTTPS connection yet. In other words, unless you specifically type https:// before the start of your domain name, you will likely still land on the old unsecured http:// version. To fix this issue, your website should be configured to redirect all of its HTTP traffic to HTTPS.

How Do I Redirect HTTP to HTTPS on My Website?

There are two main ways you can configure your website to redirect HTTP traffic to HTTPS:

We will examine both approaches in greater detail below.

How Do I Use an .htaccess File to Force HTTPS on My Website?

The .htaccess file is used to issue directives to the server. These directives govern URL redirection, URL shortening, access control, and more. In this specific case, we will show you how to use an .htaccess file to ensure that all site visitors are redirected to the HTTPS version of your website.

To create your .htaccess file, follow the steps below:

  1. Open the File Manager section of the Control Panel.
  2. Double-click on the website where you wish to force HTTPS.
  3. From the toolbar, choose the Create button.
Creating an .htaccess file is as simple as creating any other file using the File Manager.
Creating an .htaccess file is as simple as creating any other file using the File Manager.
  1. In the popup window that appears, choose the option to Create File and name your file .htaccess. Do not forget to include the leading dot in the file name!
  2. Press the Create button.
Make sure that you name your file .htaccess. If you give it any other name, then the web server will completely ignore its directives.
Make sure that you name your file .htaccess. If you give it any other name, then the web server will completely ignore its directives.
  1. The end result should be a brand new file called .htaccess. If the file is properly named, the server should automatically detect it as a Web configuration file. You can verify this in the Type column of the File Manager.
  2. Once you have verified that the server recognizes the .htaccess file as a proper web configuration, you can double-click the .htaccess file to start editing it.
If the server recognizes your new file’s type as a Web configuration, then you have successfully created your .htaccess file.
If the server recognizes your new file’s type as a Web configuration, then you have successfully created your .htaccess file.
  1. At this stage, you should have the .htaccess file open in the File Manager. Since you have just created the file, it is normal for it to be empty, as is shown below:
Your .htaccess file is now open in the File Manager and you can start editing it.
Your .htaccess file is now open in the File Manager and you can start editing it.
  1. Now it’s time to decide what rules the .htaccess file should contain. Below, we will use protected-site.com as our example domain and we will list three sets of rules. All of these rules will allow your .htaccess file to force an HTTPS connection, so picking a set comes down to your personal preference. Choose one of the following sets of rules:
  • force “www”. With this rule set, all of your HTTP traffic will be redirected to HTTPS and will land on the “www” version of your domain name. So if a visitor enters http://protected-site.com/ or http://www.protected-site.com/ into their web browser, they will end up on https://www.protected-site.com/. The code for this rule set is:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.protected-site.com%{REQUEST_URI} [L,R=301]
  • force “non-www”. With this rule set, all of your HTTP traffic will be redirected to HTTPS and will land on the “non-www” version of your domain name. So if a visitor enters http://protected-site.com/ or http://www.protected-site.com/ into their web browser, they will end up on https://protected-site.com/. The code for this rule set is:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://protected-site.com%{REQUEST_URI} [L,R=301]
  • allow both “www” and “non-www”. With this rule set, all of your HTTP traffic will just be redirected to HTTPS with no other alterations. So if a visitor goes to http://protected-site.com/ they will arrive to https://protected-site.com/. Similarly, if a visitor enters http://www.protected-site.com/ into their web browser, they will end up on https://www.protected-site.com/. It should be noted that this approach can have a negative impact on your SEO. The code for this rule set is:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  1. Copy the code of your preferred rule set.
  2. Paste the code into your .htaccess file.
  3. If you have chosen the force “www” or the force “non-www” rule set, update the domain name on line 4 from protected-site.com to your actual domain name.
  4. Save your changes by clicking on the Save button.

At this point, your .htaccess file will start forcing an HTTPS connection. If you are still taken to an unsecured version of your website, try clearing your browser’s cache and cookies. In the unlikely event that the issue persists, you can contact the 24/7 Technical Support Team and they will assist you further.

How Do I Set up My CMS to Redirect HTTP to HTTPS?

Many popular content management systems out there offer settings that enable you to redirect all HTTP traffic to HTTPS. These settings are usually found in the CMS back-end.

If you are using WordPress, you can check our dedicated tutorial on how to force HTTPS on a WordPress site. And in case you are using a different CMS, you can check the official CMS documentation or you can post a question on the community support forums for your CMS.

Your CMS of choice will not always have an option to redirect HTTP to HTTPS. If you find yourself in this situation, you can try our .htaccess solution to force HTTPS. The only difference is that in many cases your CMS will already be using an .htaccess file, so you will not need to create one from scratch. Instead, just add the redirection code to the end of the already existing .htaccess file.

Conclusion

Forcing a secure HTTPS connection is quickly becoming table stakes when it comes to launching and maintaining a successful website. The great thing about redirecting all HTTP traffic to HTTPS is that it does not come with any drawbacks. As such, site owners are highly recommended to start using secure connections and reap the benefits that come with a secure website.

It's Time to Share Your Story.

Get Free Hosting
Related Posts

How Can I Get an SSL Certificate?

Nowadays, it is almost impossible to run a successful website without securing it with SSL. When you buy an SSL certificate, you will gain several benefits, chief among them being the ability to enable HTTPS. You will also be increasing […]

Do I Need a Separate SSL Certificate for the “www” and “non-www” Versions of My Website?

If you have ever ventured into the SSL Manager section of the Control Panel, you may have noticed that all of your domain names are listed twice – once with the “www” prefix and once without it. As such, it […]

What Is the Purpose of the Intermediate Certificate Authority in SSLs?

SSL certificates are, without a doubt, becoming more and more ubiquitous throughout the web. Not only do they allow you to secure visitors’ connections to your site, but they can also help you rank better in search results. As such, […]

awardspace logo
Where Ideas Turn Into Websites