Need to redirect http:// traffic to https:// to force a secure connection? If you have access to a web hosting service that uses .htaccess files, you can add a snippet to the top of the file to redirect insecure traffic to a secure connection.
Here are the recommended steps for forcing the https:// protocol for all website traffic, parked domains, or a specific folder.
Force HTTPS for all website traffic
Here are the steps to forcing all website traffic to be on a secure connection.
- Find and open your .htaccess file. This might be in /home/username/public_html or /var/www/html folder.
- Add the following code snippet to the top of the file, then save.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Now refresh your website. You should see http:// requests get forwarded to https:// right away.
Forcing HTTPS on parked domains
Here are the steps to forcing parked domains (also known as “aliases”) to use a secure connection.
- Find and open your .htaccess file. This might be in /home/username/public_html or /var/www/html folder.
- Add the following code snippet to the top of the file.
- Change “yourdomain2.com” to be your parked domain, then save.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain2.com [NC]RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Forcing HTTPS on specific folders
Here are the steps to forcing a secure connection on a specific folder. This is common for legacy websites that only work on http://, but have a sensitive landing page within a directory.
- Find and open your .htaccess file. This might be in /home/username/public_html or /var/www/html folder.
- Add the following code snippet to the top of the file.
- Change “folder1|folder2|folder3” to be the names of your desired folder(s), then save.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Troubleshooting .htaccess Redirect Issues
If you’ve edited the .htaccess file properly, but the connection remains insecure, try clearing your browser cache, testing in a different browser, or checking from a different device.
If you’re still unable to force HTTPS, maybe check if you are using a service like Cloudflare or Sucuri that might have a separate cache to clear.
If all else continues to fail, open a support ticket with your web hosting company for assistance.
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure and is the secure version of HTTP, which is the primary method used for transferring data between a website and a web browser. It is designed to provide a level of security by encrypting data during transmission, which is especially important when users are transmitting sensitive information like account credentials, medical information, or personal information.
Modern web browsers like Google Chrome have started marking websites that do not use HTTPS look differently than those that do. To check if a page is secure, look for a padlock icon in the URL bar.
Web browsers take HTTPS seriously; in fact, Google Chrome and other browsers now flag all non-HTTPS websites as “not secure”. Therefore, it’s important for website owners to implement HTTPS to protect user data and ensure their website is trusted and considered safe by web browsers.