How to Force Redirect HTTP to HTTPS using htaccess?

htaccess redirect to https

This is a complete step by step guide to redirect http to https using .htaccess.

Having an HTTPS is critical for the sake of trust. Chrome, Firefox, and other popular browser display a warning when a visitor load unsecure site.

For an eCommerce store, it is much more vital to load the site on secure socket.

In this post, I will tell you the procedure of redirecting HTTP to HTTPS by using .htaccess.

Redirect HTTP to HTTPS using .htaccess

  1. What is SSL?
  2. Why do you need SSL for your website?
  3. Edit .htaccess file using FTP or cPanel
  4. Redirect HTTP to HTTPS in Apache
  5. Redirect HTTP to HTTPS in NginX
  6. HTTP redirect to HTTPS in Cloudflare

What is SSL?

SSL or Secure Sockets Layer is a standard security protocol that encrypts the connection between the web browser and server.

It protects sensitive information like a credit card, login details, and other user information.

Use of the SSL ensures that the data transferring between the web server and browser remain encrypted. If someone captures the data packages in the middle, the person will not be able to make sense of the data without the keys.

These keys are provided by the SSL certificate.

Hence, the data is secure on HTTPS.

Why do you need SSL for your website?

Secure Transactions: If you are selling something on your blog, then the transactions must happen on HTTPS. Or there is a large risk of stealing of credit card information and various other shopping scams.

Boost SEO: Having an SSL on the site gives boost to SEO. The Google wants web to be a secure place, hence, it gives priority to secure sites.

PCI Compliance: The Payment Card Industry has established rules for the site that enable the online transaction on the site. If you want to enable the credit card on your eCommerce store, then you have to be PCI compliant. Or you will have to pay a hefty penalty.

HTTPS browser trust indicator: The browser displays the Green bar for the site that loads on HTTPS. It gives a trust boost to the site.

Read More: HTTPS vs HTTP

Difference Between HTTP and HTTPS

Edit .htaccess file using FTP or cPanel

Don’t worry if you don’t know how to access the .htaccess file, first I will tell you how to edit it.

  • Method #1: Edit the .htaccess file on your computer locally. Upload it to the server via FTP.
  • Method #2: Open the FTP program, and use the Edit function to edit the file remotely.
  • Method #3: Go to cPanel and open the File Manager to edit the .htaccess file. (I have written this method in detail)

Editing .htaccess in cPanel File Manager

Note: Take a backup of your site before messing with the cPanel File Manager.

How to edit .htaccess file in cPanel File Manager:

  1. Open your cPanel account
  2. Click on File Manager from the Files Tab
  3. Find the “Setting” at the top right corner of the page, click on it
  4. Click on the Document Root for (the domain name) and check the Show Hidden Files (image below)
  5. Save to update the File Manager
  6. Find the public_html file and click on it
  7. On the next page, you will find the .htaccess file
  8. Click once on the .htachess file and then click on the “Edit” at the top bar
  9. A warning box will pop up, but click on Edit
  10. On the next page, a code editor will open
  11. Edit the code
  12. Save the file
redirect http to https cpanel

After everything is done, check the site if the changes are made. If anything goes wrong, follow the same procedure to find the .htaccess file and restore the older version.

Now, you know how to edit the .htaccess file, let’s redirect HTTP to HTTPS via .htaccess file.

Redirect HTTP to HTTPS in Apache

1. Redirect All Web Traffic

Add this code below the existing code in your .htaccess file.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

2. Redirect Only a Specific Domain

Add this code to redirect a specific domain to use HTTPS.

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^yourdomain\\.com [NC] 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

3. Redirect Only a Specific Folder

Add this code to redirect a particular folder to use HTTPS.

Services we offer:RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

Note: At the place of “yourdomain” in the code, add your domain name. Similarly, replace the /folder with your folder name.

HTTP to HTTPS redirect in NGINX

  1. Login to NGINX webserver
  2. Add return 301 https://$server_name$request_uri in server directive.
  3. Save the file.
  4. The last step is to restart your NGINX web server.

Note: Take a backup of nginx.conf or default.conf file

Bonus: HTTP redirect to HTTPS in Cloudflare

If you are using Cloudflare, then you can perform HTTP redirection easily.

  • Login to Cloudflare
  • Selection your website
  • Go to Crypto tab
  • Scroll down to “Always Use HTTPS section”
  • Make sure it is turned ON

Wrapping Up

Having an SSL certificate on your site, and loading it over the HTTPS is a necessity if you are running an online business.

In this article, I told you how to force redirect HTTP to HTTPS using htaccess file.

If there is any problem at any steps, leave it in comments.

Latest Magento Tips, Guides, & News

Stay updated with new stuff in the Magento ecosystem including exclusive deals, how-to articles, new modules, and more. 100% Magento Goodness, a promise!

64 thoughts on “How to Force Redirect HTTP to HTTPS using htaccess?”

  1. Aw, this was an exceptionally nice post. Taking a few minutes and actual effort to make a great article… but what can I say… I procrastinate a whole lot and never seem to get nearly anything
    done.

  2. As you create content and administrate servers, you will often find the need to redirect traffic from one place to another. This guide will discuss the different use-cases for these techniques, and how to accomplish them in Apache and Nginx.

  3. Hi, this is very interesting. I’m just wondering can I have my http to https redirect both in the main server configuration file, and in htaccess?

    Reason being I have no control over the main server configuration file, I can’t even access it as it’s on the server (although I can see it is itself redirecting http to https as if I enter an http web address it gets automatically redirected to the https address), but I want to have the redirect in my htaccess file as well just to be sure. Would this be a problem having it in both the main server configuration file and the htaccess file? I can’t see why it would since the htaccess redirect would only be triggered should an http get to it, which it wouldn’t if the main server configuration file is doing it?

    Hope you can clear this up for me! Thanks!

  4. Mohammed Ashour

    Hello, Thank you for this article. I have one question: My web site is in a subfolder on the server, I want to make the sub folder appear as the root when someone visits the site, At the same time I want to force ssl. How to do that using .htaccess? Thank you.

  5. I have placed the redirect code on .htaccess file. But my website redirection is 302. Is it bad for seo

  6. CNAME in the DNS will do this; in BIND:

    www 3600 IN CNAME oursite.com.

    —last dot very important

  7. Thank you! I just saw this.
    I did create a new property! I have been seeing traffic there. I also see it in the old property too! Isn’t that weird, given the fact that there isn’t an http version of the site anymore?

  8. Thank you so much for this.
    Had so many problems redirecting http to https via CPanel. The code supplied by GoDaddy who are the hosting company was completely ineffective. This solved it instantly.

  9. David W, you are my new friend! You think like I do and you ask questions like I do! Those are EXCELLENT questions. Just today alone I have found about 2 dozen versions of the Apache rewrite condition and rule. I’m still in the midst of trying to figure out the best one. And, of course, once I pick one I will worry that I’m still not using the best one 🙂

  10. Hi,
    I found this piece of code somewhere else. Is this also a correct way to redirect all your pages of one domain from http to https?

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    If it is a good code – what is the last letter an i or an L?
    Kirsten

    1. Hi Kirsten,

      Yep that looks good, nice one-hit way to redirect all non-https to https. Here’s a slightly more complete version:

      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

      You’ll notice the additional ‘[L,R=301]’ part.

      The ‘L’ is for ‘Last’ and means: Stop the rewriting process immediately and don’t apply any more rules. This is useful if you have an .htaccess file with other directives in it.

      The ‘R=301’ means Redirect, and send a 301 (permanently moved) response code. This is helpful to tell browsers and search engines that the page should be served over https.

      The “URI” part means ‘Uniform Resource Identifier’, so the last letter you mentioned is a capital i.

  11. Hi Sakshi,

    Thank you very much for this. You’ve literally saved me from hair loss. I had really struggled with this issue for hours and nearly pulled out all my hair.

    You have explained it in a clear manner that is both easy to understand and follow.

  12. Neon Buffalo Digital Marketing

    For the “existing code” option, do we put the HTTPS redirect before or after the existing code? There are about 20 lines of pre-existing redirects in our .htaccess file and I’m afraid that one or both will get overwritten if putting it in the wrong place.

  13. Hello Admin,

    I have a query that, we have to add this code in the starting of .htaccess file or somewhere else.
    Please revert back.

    1. Hi. If yours is a wordpress site and you have already taken SSL and still the the http version is not redirecting to https, you might check wordpress settings and change the website address to https version. Also still in case you have the same issue, you should check the links on your page. There might be some links that are coded in http instead of https.

      1. I have the same issue. WordPress is set up correctly using https defined in the config and the urls are all https.

        If I remove the (s) from any page other than the home page the insecure page loads. I’ve tried various .htaccess methods, some create too many re-directs and the others don’t seem to help.

        The Certificate was purchased from a third party service from the hosting control panel.

  14. sumit kumar gupta

    Thank you sir for sharing this post this is very helpful for me. Now my blog redirect from http to https.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top

We can help you. Right now.

Fast growing merchants depend ServerGuy for high-performance hosting. Experience counts. Let's get started.

Talk to a sales representative

USA / Worldwide

+1.714.2425683

India

+91.9852704704