Hero image.

What you need to know:

If you have a basic website that you have coded by hand, you can place a special .htaccess file in your website’s root directory that will redirect your HTTP traffic to HTTPS. Alternatively, if you use a CMS as the basis for your website, you should check its security settings for an option to force HTTPS rather than using the .htaccess file method.

Thanks to free and low-cost SSL certificates, the use of HTTPS has skyrocketed in recent years. By choosing to redirect all HTTP traffic to HTTPS, website owners can gain multiple benefits afforded by SSL. Most importantly, the use of SSL can ensure the safety and security of your site visitors. Moreover, search engines like Google are rewarding websites that force HTTPS connections by giving them a boost in SERPs. In this article, we will show how you can gain these benefits by redirecting your HTTP traffic to HTTPS.

Table of Contents

Requirements

The only requirement to force an HTTPS connection is for your domain to have a valid SSL certificate. In case you are not sure if there is a valid SSL certificate installed, you can use the SSL Manager to check whether a domain is SSL-protected. If you discover that your domain is not SSL-protected, you should obtain an SSL certificate and then install the SSL on the domain in order to secure it.

Securing your website with SSL instills confidence in your visitors, making it more likely that they will sign up or make a purchase.
Securing your website with SSL instills confidence in your visitors, making it more likely that they will sign up or make a purchase.

It should be noted that all SSL-related functionality is considered an advanced hosting feature. As such, the SSL Manager will only be available to you if you are using one of our premium shared hosting plans or one of our Semi-Dedicated web servers. At this time, the free web hosting package does not come with SSL support.

Why Doesn’t My Website Load Using HTTPS Now That I Have SSL Installed?

So, you have gone ahead and purchased an SSL certificate for your domain name or installed an SSL that you already had available. Then, you tried visiting your website only to find that it is still showing a Not Secure warning.

Modern web browsers tend to point out unsecured connections, especially if the page contains a payment form or a login field.
Modern web browsers tend to point out unsecured connections, especially if the page contains a payment form or a login field.

The reason for this apparent bug is probably that your website is not set up to force a secure HTTPS connection yet. In other words, if a site visitor makes an HTTP request, they will get an HTTP response. Conversely, in this scenario, you would get an HTTPS response only if you have made an HTTPS request, to begin with.

By default, web servers will respond using the same protocol that was used by the client to initiate the exchange.
By default, web servers will respond using the same protocol that was used by the client to initiate the exchange.

With that in mind, it is possible to configure your web server so that all HTTP traffic gets redirected to HTTPS automatically. We will explore how to achieve this in the next section.

Once properly configured, a web server can respond to all requests using the HTTPS protocol.
Once properly configured, a web server can respond to all requests using the HTTPS protocol.

How Do I Redirect HTTP Traffic to HTTPS?

There are two main ways you can configure your website to redirect HTTP traffic to HTTPS:

We will examine both approaches in greater detail below.

Start Your Own Website For Free!

How Do I Use an .htaccess File to Force HTTPS on My Website?

The .htaccess file is used to issue directives to the server. These directives govern URL redirection, URL shortening, access control, and more. In this specific case, we will show you how to use an .htaccess file to ensure that all site visitors are redirected to the HTTPS version of your website.

To create your .htaccess file, follow the steps below:

  1. Open the File Manager section of the Control Panel.
  2. Double-click on the website where you wish to force HTTPS.
  3. From the toolbar, choose the Create button.
Creating an .htaccess file is as simple as creating any other file using the File Manager.
Creating an .htaccess file is as simple as creating any other file using the File Manager.

Tip

Curious about what else the File Manager is capable of? Find out in our guide to the AwardSpace File Manager!

  1. In the popup window that appears, choose the option to Create File and name your file .htaccess.

Important

Do not forget to include the leading dot in the file name!

  1. Press the Create button.
Make sure that you name your file .htaccess. If you give it any other name, then the web server will completely ignore its directives.
Make sure that you name your file .htaccess. If you give it any other name, then the web server will completely ignore its directives.

Tip

If your website already has an .htaccess file in its root directory, you should not create a new .htaccess file. Instead, you should use the file that is already present by following the steps below.

  1. The end result should be a brand new file called .htaccess. If the file is properly named, the server should automatically detect it as a Web configuration file. You can verify this in the Type column of the File Manager.
  2. Once you have verified that the server recognizes the .htaccess file as a proper web configuration, you can double-click the .htaccess file to start editing it.
If the server recognizes your new file’s type as a Web configuration, then you have successfully created your .htaccess file.
If the server recognizes your new file’s type as a Web configuration, then you have successfully created your .htaccess file.
  1. At this stage, you should have the .htaccess file open in the File Manager. Since you have just created the file, it is normal for it to be empty, as is shown below:
Your .htaccess file is now open in the File Manager and you can start editing it.
Your .htaccess file is now open in the File Manager and you can start editing it.

Tip

If your website was using an .htaccess file already, then in most cases it would not be empty. In such scenarios, you should still follow the instructions below, just keep in mind that you need to append your changes to the end of the file.

  1. Now it’s time to decide what rules the .htaccess file should contain. Below, we will use protected-site.com as our example domain and we will list three sets of rules. All of these rules will allow your .htaccess file to force an HTTPS connection, so picking a set comes down to your personal preference. Choose one of the following sets of rules:
  2. force “www”. With this ruleset, all of your HTTP traffic will be redirected to HTTPS and will land on the “www” version of your domain name. So if a visitor enters http://protected-site.com/ or http://www.protected-site.com/ into their web browser, they will end up on https://www.protected-site.com/. The code for this ruleset is:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.protected-site.com%{REQUEST_URI} [L,R=301]
  • force “non-www”. With this ruleset, all of your HTTP traffic will be redirected to HTTPS and will land on the “non-www” version of your domain name. So if a visitor enters http://protected-site.com/ or http://www.protected-site.com/ into their web browser, they will end up on https://protected-site.com/. The code for this rule set is:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://protected-site.com%{REQUEST_URI} [L,R=301]
  • allow both “www” and “non-www”. With this rule set, all of your HTTP traffic will just be redirected to HTTPS with no other alterations. So if a visitor goes to http://protected-site.com/ they will arrive at https://protected-site.com/. Similarly, if a visitor enters http://www.protected-site.com/ into their web browser, they will end up on https://www.protected-site.com/. The code for this rule set is:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Warning

Allowing both “www” and “non-www” on your domain can harm your SEO.

  1. Copy the code of your preferred ruleset.
  2. Paste the code into your .htaccess file.
  3. If you have chosen the force “www” or the force “non-www” rule set, update the domain name on line 4 from protected-site.com to your actual domain name.
  4. Save your changes by clicking on the Save button.

At this point, your .htaccess file will start forcing an HTTPS connection. If you are still taken to an unsecured version of your website, try clearing your browser’s cache and cookies. In the unlikely event that the issue persists, you can contact the 24/7 Technical Support Team and they will assist you further.

Simple, Managed, and Affordable

How Do I Set up My CMS to Redirect HTTP to HTTPS?

Many popular content management systems out there offer settings that enable you to redirect all HTTP traffic to HTTPS. These settings are usually found in the CMS back-end.

If you are using WordPress, you can check our dedicated tutorial on how to force HTTPS on a WordPress site. And in case you are using a different CMS, you can check the official CMS documentation or you can post a question on the community support forums for your CMS.

Your CMS of choice will not always have an option to redirect HTTP to HTTPS. If you find yourself in this situation, you can try our .htaccess solution to force HTTPS. The only difference is that in many cases your CMS will already be using an .htaccess file, so you will not need to create one from scratch. Instead, just add the redirection code to the end of the already existing .htaccess file.

Get Your Own Private Server Now!

Conclusion

Forcing a secure HTTPS connection is quickly becoming table stakes when it comes to launching and maintaining a successful website. The great thing about redirecting all HTTP traffic to HTTPS is that it does not come with any drawbacks. As such, site owners are highly recommended to start using secure connections and reap the benefits that come with a secure website.


Keep reading