Adding This Simple Code To Your .htaccess File Will Force All Links To Your Site That Are HTTP To Redirect To HTTPS
Did you finally just get an SSL certificate to secure your website? If so, be sure to also add this code to your .htaccess file to make sure all non https links to your site automatically redirect to the secure https version. You might be like the thousands of other people out there that think just because you have an SSL certificate people can’t access the non https version of your website, and you couldn’t be more wrong.
Here’s the thing:
An SSL certificate will redirect the main domain to the https version every time you try to enter http://www.yoursite.com so you end up with https://www.yoursite.com -giving you a false sense of security (no pun intended lol).
But try entering an inner page of your website at the non https URL and you will be shocked at what you see (if you haven’t already fixed it yet). More than likely if you type in http://www.yoursite.com/about you will not get the https version of this page. If you do get the https version, then there is nothing to worry about and your website is already fully secure. Congrats!
To make sure all of your web pages redirect to https, you will need to edit the .htaccess file and add in a little bit of code. If you are not sure what an .htaccess file is, then here is a good overview. You have to select “view hidden files” in the settings of your file manager in cPanel to see the .htaccess file. If you still don’t see it, then you most likely don’t have one and will need to create it. Note: If you have a wordpress website then you already have this file, so keep looking for it.
Once you have located your .htaccess file you can now edit it with the code.
Add This Code To Any Website To Force HTTP To HTTPS
The following forces any http request to be rewritten using https. For example, the following code forces a request to http://example.com to load https://example.com. It also forces directly linked resources (images, css, etc.) to use https:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
If this isn’t working for you, first check your line endings. Copy/paste from your web browser into a text editor may not work right, so after pasting into your text editor you should delete each line break and add it back in (line break = return key).
For WordPress Websites Use This Code To Force HTTP To HTTPS
Note: If your .htaccess file already contains some default WordPress code, enter the following above or below that code. Never enter code inside of the comment tags that start and end with:
# BEGIN WordPress
# END WordPress
Option 1
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Full example including the default WordPress code
Below is what your .htaccess file looks like with both the new HTTPS code and existing WordPress code.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This code above should work, but if it doesn’t then try option 2 below.
Option 2
In this example, make sure to change ‘example.com’ to your actual domain name.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L,NE]
Full example including the default WordPress code
Below is what your .htaccess file looks like with both the new HTTPS code and existing WordPress code.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L,NE]# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
And Voila!
Your website now automatically redirects to HTTPS whenever someone tries to access an inner page or media file URL at the regular HTTP version.
I hope this helped you secure your website. If you have any questions about website security drop us a line here.
Our team builds responsive websites packed with added security features. We also offer free SSL certificates with every managed web hosting plan. Stop putting off website security and start protecting your business today.
