How to force your website to load securely(HTTPS) using .htaccess file
  John Mwaniki /   05 Oct 2021

How to force your website to load securely(HTTPS) using .htaccess file

Having an SSL certificate on your website adds an extra layer of security.

It establishes a secure HTTPS connection for the communication and data transfer over the internet between a web browser(or applications) and the webserver.

The information in transit is encrypted into a non-readable format making it impossible for hackers to read or modify it. This improves data integrity and privacy.

It's therefore crucial that every website should have an SSL certificate installed. In the previous article, we covered the complete guide to SSL certificate installation on a website.

After installing an SSL certificate, your website is accessible via both HTTP and HTTPS. Just having an SSL certificate installed is not enough. People may still continue accessing your website via insecure HTTP.

The next step should be to ensure that all the traffic is redirected to the HTTPS version.

In this article, I will take you through the process of forcing the website to redirect and load via a secure HTTPS connection.

Forcing all website traffic to HTTPS

The most common way is to use a .htaccess file.

.htaccess file (in full Hypertext Access) is a directory level configuration file for Apache-based web servers used to extend server configurations in the directory in which it is placed and all its subdirectories.

How to view the .htaccess file

The .htaccess file is a hidden file, meaning that by default it won't be visible to you. You will need to enable viewing of hidden files as shown below in your hosting cPanel account.

Step 1: Log in to your hosting account cPanel.

Step 2: Click on the File Manager icon, located in the Files Section.

cPanel File Manager

Step 3: Click Settings in the top right corner of the File Manager.

cPanel file manager settings

Step 4: Check/tick the box for “Show hidden files” and click “Save”.

Showing hidden files in cPale file manager

Now you will be able to see hidden files and folders whose names start with a dot (.).

There can be multiple .htaccess files within the file system in different directories.

Creating or editing the .htaccess file

In order to redirect/force all website traffic to HTTPS, you will need to place your .htaccess file in the root folder of the website. This is the "public_html" folder. In the case of a subdomain, you will do so in the subdomain root domain.

Navigate to it and check whether there exists a file named ".htaccess". If it exists, you don't need to create a new one. All you have to do is to edit it by right-clicking on it and selecting the "Edit" option.

If none exist, click on the “+ File” menu item at the top left of your file manager.

creating a file in cpanel file manager

A popup appears, write the file name as “.htaccess” and click the “Create New File” button.

Creating a .htaccess file in cpanel file manager

You will be able to see it among other files and you can open it by right-clicking on it and selecting the "Edit" option.

Writing the redirection code to HTTPS

Copy and paste the code below into your .htaccess file:


RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Redirecting to HTTPS with "www"

Or you can use the code below and replace example.com with your domain name if you would wish to redirect the traffic to "www" URL version with HTTPS:


RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301,NC]

Redirecting HTTPS on a specific domain

If your website is accessible via several domain names such as mydomain1.com and mydomain2.com, etc, but you only want one of them to be redirected to the HTTPS version, you can do it as below:


RewriteEngine On 
RewriteCond %{HTTP_HOST} ^mydomain1.com [NC] 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

All you have to do is replace "mydomain1.com" with your actual domain name that you want to force to HTTPS.

Redirecting only to a specific folder

If for some reason you just want to enforce the redirection in a particular folder, you just need to specify the name and location of the folder in the .htaccess file as shown below.


RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]

In the above lines, replace "example.com" with your actual domain name, and "/folder" with the actual folder name and path.

Alternatively, you can have the configurations as in the root domain but place the .htaccess file in the folder you want the redirection rules to apply.

Make sure you save the .htaccess file after you are done editing it by clicking on the "Save Changes" button at the top-right corner as shown below:

Saving changes to .htaccess file

Note: Make sure that the line RewriteEngine On is not repeated. If the line already exists, simply copy the rest of the code without it. Make sure that this line appears at the very top before any other line starting with Rewrite... in order for the redirection configurations to work.

That's all!

If you implement the above then your website should always redirect to the HTTPS version.

If you had been accessing the website before making these changes, you may need to first clear the browser cache for the changes to reflect in that browser.

It's my great hope that this article was helpful to you. If so, please share it to help more people or link to it from your website.