This is a complete step by step guide to redirect http to https using .htaccess.
Having an HTTPS is critical now a days. It is a symbol of trust. Google Chrome, Firefox, and other popular browser display a warning when a visitor load a website running on HTTP. They mark them as unsecure site.
For an eCommerce store, it is much more vital to load the site on secure socket.
In this post, I will tell you a simple and easy to follow procedure of forcing a redirect HTTP to HTTPS by using .htaccess.
Redirect HTTP to HTTPS using .htaccess
- Edit .htaccess file using FTP or cPanel
- Redirect HTTP to HTTPS in Apache
- Redirect HTTP to HTTPS in Nginx
- HTTP redirect to HTTPS in Cloudflare
Edit .htaccess file using FTP or cPanel
Don’t worry if you don’t know how to access the .htaccess file you can take the help from your developer or just follow along, first I will tell you how to edit it.
- Method #1: Edit the .htaccess file on your computer locally. Upload it to the server via FTP.
- Method #2: Open the FTP program, and use the Edit function to edit the file remotely.
- Method #3: Go to cPanel and open the File Manager to edit the .htaccess file. (I have written this method in detail)
Editing .htaccess in cPanel File Manager
Note: Take a backup of your site before messing with the cPanel File Manager.
How to edit .htaccess file in cPanel File Manager:
- Open your cPanel account
- Click on File Manager from the Files Tab
- Find the “Setting” at the top right corner of the page, click on it
- Click on the Document Root for (the domain name) and check the Show Hidden Files (image below)
- Save to update the File Manager
- Find the public_html file and click on it
- On the next page, you will find the .htaccess file
- Click once on the .htachess file and then click on the “Edit” at the top bar
- A warning box will pop up, but click on Edit
- On the next page, a code editor will open
- Edit the code
- Save the file
After everything is done, check the site if the changes are made. If anything goes wrong, follow the same procedure to find the .htaccess file and restore the older version.
Now, you know how to edit the .htaccess file, let’s redirect HTTP to HTTPS using the edit .htaccess file method.
Redirect HTTP to HTTPS in Apache
1. Redirect All Web Traffic
Add this code below the existing code in your .htaccess file.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
2. Redirect Only a Specific Domain
Add this code to redirect a specific domain to use HTTPS.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
3. Redirect Only a Specific Folder
Add this code to redirect a particular folder to use HTTPS.
Services we offer:RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]
Note: At the place of “yourdomain” in the code, add your domain name. Similarly, replace the /folder with your folder name.
HTTP to HTTPS redirect in NGINX
- Login to NGINX webserver
- Add return 301 https://$server_name$request_uri in server directive.
- Save the file.
- The last step is to restart your NGINX web server.
Note: Take a backup of nginx.conf or default.conf file
HTTP redirect to HTTPS in Cloudflare
If you are using Cloudflare, then you can perform HTTP redirection easily.
- Login to Cloudflare
- Selection your website
- Go to Crypto tab
- Scroll down to “Always Use HTTPS section”
- Make sure it is turned ON
What is SSL?
SSL or Secure Sockets Layer is a standard security protocol that encrypts the connection between the web browser and server.
It protects sensitive information like a credit card, login details, and other user information.
Use of the SSL ensures that the data transferring between the web server and browser remain encrypted. If someone captures the data packages in the middle, the person will not be able to make sense of the data without the keys.
These keys are provided by the SSL certificate.
Hence, the data is secure on HTTPS.
Why do you need SSL for your website?
Secure Transactions: If you are selling something on your blog, then the transactions must happen on HTTPS. Or there is a large risk of stealing of credit card information and various other shopping scams.
Boost SEO: Having an SSL on the site gives boost to SEO. The Google wants web to be a secure place, hence, it gives priority to secure sites.
PCI Compliance: The Payment Card Industry has established rules for the site that enable the online transaction on the site. If you want to enable the credit card on your eCommerce store, then you have to be PCI compliant. Or you will have to pay a hefty penalty.
HTTPS browser trust indicator: The browser displays the Green bar for the site that loads on HTTPS. It gives a trust boost to the site.
Read More: HTTPS vs HTTP
Wrapping Up
Having an SSL certificate on your site, and loading it over the HTTPS is a necessity if you are running an online business.
In this article, I told you how to force redirect HTTP to HTTPS using htaccess file.
If there is any problem at any steps, leave it in comments.
75 thoughts on “How to Force Redirect HTTP to HTTPS using htaccess?”
Thanks for sharing this complete tutorial.
I have been trying to this in my cpanel but finally figure it out, thanks for sharing
it’s not the best
thank you ..
Hi, i don't know how true it is. I wanted to redirect https:// www to https:// only but some bloggers said it has negative impact on on SEO. Is it true? Can anyone help out?I want to redirect http to https using this method and I hope it will work. Though I need to read keenly first because I fear making mistakes. Thanks a lot for this.
Thanks for sharing this useful information. This information really helped me a lot
I am having this problem with this website: http://mananheartcare.com. please tell how can I solve this problem using WordPress
Your store is not loading on HTTPS, but SSL is installed. For WordPress, you can edit .htacccess file. Or you can use Really Simple SSL Plugin.
Do you have any video of that? I’d like to find out some additional information.
thanks for share this code
Thank you!
Aw, this was an exceptionally nice post. Taking a few minutes and actual effort to make a great article… but what can I say… I procrastinate a whole lot and never seem to get nearly anything
done.
Hi, can i use redirect premium plugins or cpanel redirect, which is better?
Thanks so much for this info.
Hi, i tried couple of times resolving redirect issues on my website but still not getting it right
What do these stamps mean when redirecting https – some recommend such ^ (. *) $ Others such (. *) – what does this mean?
this article is really helpful for me thanks for sharing this information
Thanks a lot, sir for sharing this article this really helpful for me because before reading the article I don’t know that how to redirect HTTP to https
Thank you.
As you create content and administrate servers, you will often find the need to redirect traffic from one place to another. This guide will discuss the different use-cases for these techniques, and how to accomplish them in Apache and Nginx.
Hi, this is very interesting. I’m just wondering can I have my http to https redirect both in the main server configuration file, and in htaccess?
Reason being I have no control over the main server configuration file, I can’t even access it as it’s on the server (although I can see it is itself redirecting http to https as if I enter an http web address it gets automatically redirected to the https address), but I want to have the redirect in my htaccess file as well just to be sure. Would this be a problem having it in both the main server configuration file and the htaccess file? I can’t see why it would since the htaccess redirect would only be triggered should an http get to it, which it wouldn’t if the main server configuration file is doing it?
Hope you can clear this up for me! Thanks!
Thanks so much i was having issue with it for a long time
Thanks so much for this info. just moved my site today
Thank you for sharing this.
You saved my day!
Anyone can help? how to redirect from https back to http?
Hello, Thank you for this article. I have one question: My web site is in a subfolder on the server, I want to make the sub folder appear as the root when someone visits the site, At the same time I want to force ssl. How to do that using .htaccess? Thank you.
thank very much
I have placed the redirect code on .htaccess file. But my website redirection is 302. Is it bad for seo
Internal Server error 500 ;( any ideas
CNAME in the DNS will do this; in BIND:
www 3600 IN CNAME oursite.com.
—last dot very important
Thanks its working but not secure in firefox and mobile chorme browser. please help
Awesome!!! Helped me a lot. Thank you Admin.
Thank you for this useful article.
In my case, I did convert https to https. so what must i write?
Thank you! I just saw this.
I did create a new property! I have been seeing traffic there. I also see it in the old property too! Isn’t that weird, given the fact that there isn’t an http version of the site anymore?
Thank you so much! No one could help me from tech support, but this worked! Thank You!!!
Thank you so much for this.
Had so many problems redirecting http to https via CPanel. The code supplied by GoDaddy who are the hosting company was completely ineffective. This solved it instantly.
thanks works like a charm
Thank you So much…
Working fine for me …
You’re my hero! It worked just as you said.
Thanks for the great tutorial to HTTPS from server level. It’s work excellent for me
Totally agree with your post.
I am not confident the way the 301 rule is described above is correct.
Thanks for sharing!!!!
Thanks a lot!
Thank you so much
Thanks for the guidance!
so helpful thank you so much
Anybody help me to write the code
This not work for me.Can somebody help?
Thanks for this article.
Thank you for this information. I have implemented it on my website.
Thanks so much for this, your article was very helpful
Hello, I have it working without the www. When I add that in the .htaccess file I get an error on the website.
thank you sir your article is helpful.
David W, you are my new friend! You think like I do and you ask questions like I do! Those are EXCELLENT questions. Just today alone I have found about 2 dozen versions of the Apache rewrite condition and rule. I’m still in the midst of trying to figure out the best one. And, of course, once I pick one I will worry that I’m still not using the best one 🙂
Hi,
I found this piece of code somewhere else. Is this also a correct way to redirect all your pages of one domain from http to https?
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
If it is a good code – what is the last letter an i or an L?
Kirsten
Hi Kirsten,
Yep that looks good, nice one-hit way to redirect all non-https to https. Here’s a slightly more complete version:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You’ll notice the additional ‘[L,R=301]’ part.
The ‘L’ is for ‘Last’ and means: Stop the rewriting process immediately and don’t apply any more rules. This is useful if you have an .htaccess file with other directives in it.
The ‘R=301’ means Redirect, and send a 301 (permanently moved) response code. This is helpful to tell browsers and search engines that the page should be served over https.
The “URI” part means ‘Uniform Resource Identifier’, so the last letter you mentioned is a capital i.
Hey Ben, i tried your code and it works. Thank you very much.
Thank you
It works
Hi Sakshi,
Thank you very much for this. You’ve literally saved me from hair loss. I had really struggled with this issue for hours and nearly pulled out all my hair.
You have explained it in a clear manner that is both easy to understand and follow.
For the “existing code” option, do we put the HTTPS redirect before or after the existing code? There are about 20 lines of pre-existing redirects in our .htaccess file and I’m afraid that one or both will get overwritten if putting it in the wrong place.
very helpful article thanks for sharing
Hello Admin,
I have a query that, we have to add this code in the starting of .htaccess file or somewhere else.
Please revert back.
But before writing this particular code we need activated SSL certificate.
Even after trying first two methods my website is accessible on both http and https.
What to do now?It is accessible on both https://www.mywebsite.com and https://www.mywebsite.com
Whenever in other website’s URL I try to remove ‘s’ from https it is automatically redirecting url to https where in my case when I tried to remove ‘s’ from https in the url then website redirected to https://www.mywebsite.com.
what to do now?
Hi. If yours is a wordpress site and you have already taken SSL and still the the http version is not redirecting to https, you might check wordpress settings and change the website address to https version. Also still in case you have the same issue, you should check the links on your page. There might be some links that are coded in http instead of https.
I have the same issue. WordPress is set up correctly using https defined in the config and the urls are all https.
If I remove the (s) from any page other than the home page the insecure page loads. I’ve tried various .htaccess methods, some create too many re-directs and the others don’t seem to help.
The Certificate was purchased from a third party service from the hosting control panel.
Thanks to you for sharing this information it’s really helpful for me .I know that’s how to redirect http to Https . Thanks you
I learned that how to redirect http to Https . thankful
Thanks <3
Thanks For sharing. Actually I was looking for redirect concept. Really helpful.
Thank you sir for sharing this post this is very helpful for me. Now my blog redirect from http to https.
best help for http>https! clever syntax, works like magic
thanks
plus you will credited on our site
how do you resolve this problem ?
Good post thanks for sharing website