How to Force HTTPS

Introduction

After installing an SSL certificate, your website becomes available over both HTTP and HTTPS. In this tutorial, you will learn how to force HTTPS for your website instead of HTTP. This will redirect all your visitors and traffic to the secure and encrypted version of your website. Google recommends using HTTPS everywhere because the encryption helps to keep your data and your users secure. One of the quickest and most efficient ways of doing that is by using the .htaccess file.

Step 1 — Locating and editing .htaccess

First of all, you will need to locate or create the .htaccess file, where the redirection code will need to be entered.

Step 2 — Adding the redirection code

To force all of the web traffic (every link in your website) to use HTTPS insert the following lines of code in the .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Let’s say that you want the users that enter through http://example1.com be redirected to https://example1.com and the users that enter through http://example2.com to stay on the HTTP version. In such a case, you can use the following line of code in the .htaccess file in your website’s root folder.

RewriteCond %{HTTP_HOST} ^example1\.com [NC]

The full HTTPS redirection code would be:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example1\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace example1.com with the domain name you’re trying to force to use HTTPS.

If you want to force SSL only on specific folders you can insert the code below into a .htaccess file, keep in mind that this .htaccess file should be placed in the folder where you want to force HTTPS:

RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure you change the folder references to the actual directory names.

After you have added the code to your .htaccess file you should Save the changes. After that, clear your browser’s cache and re-check the connectivity to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version automatically.