×


Force HTTPS using .htaccess - Step by step guide ?

After installing an SSL certificate, your website is available over HTTP and HTTPS. However, it's better to use only the latter because it encrypts and secures your website's data. 

While most Web Hosts allows users to configure this setting in just one click, you can also use the .htaccess file to force HTTPS connection.

Here at IbmiMedia, we shall look into how to configure HTTPS for WordPress websites using .htaccess file.


How to force HTTPS on All Traffic ?

One of the many functions you can perform via .htaccess is the 301 redirects, which permanently redirects an old URL to a new one.

You can activate the feature to force HTTPS on all incoming traffic by following these steps:

1. Go to File Manager in your hosting panel and open .htaccess inside the public_html folder. If you can't locate it, make sure to create or unhide it.

2. Scroll down to find RewriteEngine On and insert the following lines of code below it:

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

3. Save the changes.

Note: Make sure that the line RewriteEngine On is not repeated twice. In case the line already exists, simply copy the rest of the code without it.


How to force HTTPS on a Specific Domain ?

Let's say that you have two domains: http://yourdomain1.com and http://yourdomain2.com. Both domains access the same website, but you only want the first one to be redirected to the HTTPS version.

In this case, you need to use the following code:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^yourdomain1.com [NC] 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace yourdomain1 with the actual domain you’re trying to force HTTPS on.


How to force HTTPS on a Specific Folder ?

The .htaccess file can also be used to force HTTPS on specific folders. However, the file should be placed in the folder that will have the HTTPS connection:

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to change the folder references to the actual directory names.

After making the changes, clear your browser's cache and try to connect to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version.


[Need help in fixing Apache configuration issues ? We can help you. ]


Conclusion

This article covers how to edit your .htaccess file and redirect all HTTP traffic to HTTPS which is the safe version of your website.


How to configure HTTPS for WordPress websites using .htaccess ?

1. Login into wp-admin and go to “Settings -> General”. Make sure the URL have https.

2. From the file manager, edit your .htaccess and replace the WordPress rules by the following code:

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
# Rewrite HTTP to HTTPS
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

Note: Replace domain.com by your domain name. Make sure the position of the https Rewrite rule is same as mentioned above.