How to Redirect HTTP to HTTPS, [Force HTTPS htaccess]

How to Redirect HTTP to HTTPS, Learn about SSL and how to force the secure version of the hypertext transfer protocol, a.k.a., HTTPS.

Updated: 31 Jul, 24 by Antoniy Yushkevych 18 Min

List of content you will read in this article:

If a website doesn't have an SSL certificate, then Firefox and Google Chrome shows "insecure warnings" when visitors load that website. SSL encrypted connection is necessary for the accessibility and safety of visitors to your website. It is also essential to redirect HTTP to HTTPS. Still, there is a way for forcing a website to load it into HTTPS (Hypertext Transfer Protocol Secure) rather than HTTP(Hypertext Transfer Protocol); by editing the .htaccess file. So this particular article will give detailed information on "how to force HTTPS" with step by step procedure.

Secure Sockets Layer is the full form of SSL, so it works for the security protocol for creating encrypted links between browsers and a web server for online communication. Your website will be available on HTTPS and HTTP after installing an SSL certificate in it. SSL makes sure that data transmitted between browsers and a web server always stays encrypted.  

How to Redirect HTTP to HTTPS

Once you have the SSL certificate, install it on your website hosted by a VPS hosting. Hence, VPS hosting plays an essential role in creating a link between the SSL certificate and your website. 

Buy SSL Certification
Need SSL Certification?

85% Promo on SSL Certification

How do you go about accessing websites? Actually, HTTP (Hypertext Transfer Protocol) serves as the cornerstone for this operation. Computers use a set of rules to communicate and share data across the internet. HTTPS is that set of rules. Consider HTTP a language that browsers and servers use to "talk" to one another. When you enter a website address into your browser, you use HTTP to request the webpage from the server.

HTTPS (Hypertext Transfer Protocol Secure) is just HTTP with an extra layer of protection. HTTPS protects your data by scrambling it like a secret code. In this manner, even if someone attempts to look at your information while it is in transit, they will be able to interpret it with the secret key.

Differences between HTTP and HTTPS

  • Security: HTTPS encrypts data, while HTTP does not.
  • Verification: HTTPS verifies the identity of the website, ensuring you're connecting to the correct server.
  • Trust: Websites using HTTPS are generally considered more trustworthy by users and search engines.

Why You Should Switch to HTTPS?

As we mentioned before, HTTPS provides an extra layer of protection. You'll now have a safety lock for your website. It protects your visitors' information, which makes Google happy. Google wants websites to be secure, thus sites that employ HTTPS receive higher results as Google gives your website better rankings. It's like receiving a reward for keeping people secure online.

When you use HTTPS, customers trust your website more because they know their information is secure. It's like putting up a sign that reads, "Your data is safe here!" In brief, HTTPS improves your website's reputation, security, and search engine ranking. If you are still utilizing outdated HTTP, it is time to upgrade! Let`s see how to redirect HTTP to HTTPS with different methods. 

HTTPS helps:

  • Protect your visitors' information like passwords and credit card numbers.
  • Make people trust your website more.
  • Improve your website's ranking on search engines like Google.

So now you know it is better to redirect HTTP to HTTPS for more security. The steps for doing this may vary depending on your website host, but generally, you should follow the below instructions:

  1. Obtain an SSL certificate: This provides encryption for your website's data.
  2. Inform Google of the protocol change: Update your sitemap and use Google Search Console to manage the transition.
  3. Update internal links: Ensure all links on your website point to the HTTPS version of your pages.

After completing these steps, you can proceed with the host-specific configuration to implement the redirect. Let`s explain the steps in detail.

1. Choose an SSL certificate

Before anything, you need an SSL certificate to make a secure connection with your websites` visitors. This digital document verifies your website's identity and encrypts data transmitted between your site and users. An SSL certificate includes:

  • Server name: Your website's address.
  • Certificate authority: The trusted organization that issued the certificate.
  • Public encryption key: Used to secure data transmitted to your server.

An SSL certificate encrypts data to prevent unwanted access to sensitive data like passwords, credit card numbers, and personal information. So, both your users and your website's reputation will be protected.

2. Tell Google About Your New Protocol

Google treats HTTP and HTTPS versions of a website separately, so it's essential to notify them about your redirect. This ensures search engines direct users to the correct, secure version of your site. To inform Google, verify your HTTPS site in Google Search Console. This process establishes ownership of your secure website.

Remember to use the same email as Google Analytics. This helps confirm your domain ownership.

Note: Allow a few days for Google to process the change. Once complete, your redirect will be active.

3. Update internal links

To ensure a seamless user experience, verify that all internal links on your website now use HTTPS. Use a site crawling tool like Site Audit to identify any links that still point to the HTTP version.

  1. Navigate to the "Issues" tab.
  2. Filter by "Links" to view potential problems.

Correcting these links will prevent broken links and maintain smooth navigation on your website.

There are two primary methods to redirect HTTP traffic to HTTPS on your WordPress website:

  1. Using a plugin: Many plugins specialize in handling this task efficiently.
  2. Manual configuration: For users comfortable with code, direct editing of WordPress files is an option.

We'll explore both approaches in detail below.

1. Using a plugin

For beginners, using an SSL plugin is the simplest way to switch to HTTPS.

  1. Install and activate: Choose a reputable SSL plugin from the WordPress repository.
  2. Automatic setup: The plugin typically handles:
  • SSL certificate verification
  • Force HTTPS for WordPress URLs
  • Redirecting HTTP traffic to HTTPS
  • Fixing mixed content issues (where content loads via HTTP on an HTTPS page)

Note: Keep the plugin active to maintain your secure connection. Deactivating it can cause website errors.

2. Manual configuration

If you prefer a hands-on approach, you can manually configure your WordPress site for HTTPS. To do that, follow these steps:

1- Update WordPress Address and Site URL

  1. Go to Settings > General.
  2. Replace `http://` with `https://` in both fields.
  3. Save changes.

2- Create an `.htaccess` Redirect

  1. Access your website's root directory via FTP or your hosting control panel.
  2. Create or edit the `.htaccess` file.

  • Add the following code:

     <IfModule mod_rewrite.c>

     RewriteEngine On

     RewriteCond %{HTTPS} off

     RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

     </IfModule>

This code redirects HTTP requests to HTTPS using a permanent (301) redirect.

Note 1: Editing `.htaccess` incorrectly can break your website. Proceed with caution or seek assistance if unsure.

Note 2: While this method works, it's generally considered more complex and prone to errors than using a plugin.

Nginx offers flexible options for redirecting HTTP traffic to HTTPS. Let's explore the two primary methods.

1- Redirect All HTTP Sites to HTTPS

Do you want to redirect all HTTP Sites to HTTPS? To redirect all HTTP traffic on your Nginx server to HTTPS, you'll create a single server block that listens on port 80 and uses either the `return` or `rewrite` directive to force a redirection.

Example using `return`:

server {

    listen 80;

    server_name _;

    return 301 https://$host$request_uri;

}

The meaning of code in detail:

  • listen 80: Listens for HTTP traffic on port 80.
  • server_name _: Matches any hostname.
  • return 301 https://$host$request_uri: Returns a permanent (301) redirect to the HTTPS version of the requested URL.

2- Redirect Specific Sites

If you only want to redirect specific sites, you'll create separate server blocks for each site.

Example:

server {

    listen 80;

    server_name www.example.com;

    return 301 https://www.example.com$request_uri;

}

server {

    listen 443 ssl;

    server_name www.example.com;

    # SSL configuration here

}

The meaning of code in detail:

  • The first server block listens on port 80 for `www.example.com` and redirects to HTTPS.
  • The second server block listens on port 443 for HTTPS traffic for `www.example.com`.

Remember to:

  1. Replace `www.example.com` with your actual domain name.
  2. Ensure correct SSL configuration for the HTTPS server block.
  3. Test your configuration thoroughly before deploying changes.

Important notes:

  • HTTP/2: If you're using HTTP/2, ensure your Nginx configuration is optimized for it.
  • HSTS: Consider implementing HTTP Strict Transport Security (HSTS) for enhanced security.
  • Caching: Clear browser and server caches after making changes.

There are only 2 steps to ensure that visitors to your Windows IIS website are automatically redirected from HTTP to the more secure HTTPS protocol. Here are the steps:

Step 1: Install and configure the IIS URL rewrite module

  • Download the IIS URL Rewrite Module: Obtain the module from the official Microsoft website and install it on your server.
  • Access IIS Manager: Open the IIS Manager tool on your server.
  • Select Target Website: Navigate to the specific website within IIS Manager that requires the HTTP to HTTPS redirect.
  • Enable URL Rewrite: In the Features View of the selected website, double-click on the "URL Rewrite" module to open its configuration.
  • Create a New Rule: Click on the "Add Rules..." button. Choose the "Blank Rule" template and click OK. Provide a descriptive name for your rule.

  • Configure Rule Properties:

Match URL: Define the pattern of URLs to be redirected. For a simple HTTP to HTTPS redirect, you would typically use a wildcard pattern like ".*".

Conditions (Optional): Add conditions to specify when the rule should be applied based on specific criteria (e.g., HTTP method, server variables).

Action: Set the action type to "Redirect". Specify the redirect type (e.g., Permanent (301)). In the "Redirect URL" field, construct the HTTPS version of the incoming URL. You can use server variables or regular expressions to build the target URL dynamically. Check the "Append query string" box if you want to preserve query parameters in the redirect.

  • Apply Changes: Click the "Apply" button to save the rule and activate the redirect.

Note: The specific configuration options within the IIS URL Rewrite module may vary depending on your IIS version and desired redirect behavior. Refer to the official IIS documentation for detailed instructions and examples.

Implementing an HTTP to HTTPS redirect on your Apache web server is very easy. The method you choose depends on your server access level.

Option 1: Direct Server Access (Recommended)

If you have direct access to your server's configuration files, editing the Apache Virtual Host configuration is the preferred method. This provides more control and efficiency. To do this, follow these steps:

  1. Locate the virtual host configuration: The exact location depends on your Apache setup, but it's typically found in directories like `/etc/apache2/sites-available` or `/etc/httpd/conf/httpd.conf`.
  2. Edit the virtual host: Open the configuration file for your domain.
  3. Add redirect directive: Insert the following code within the appropriate Virtual Host block:

   Redirect permanent / https://yourdomain.com/

   Replace `yourdomain.com` with your actual domain name.

  1. Restart Apache: Save the configuration changes and restart the Apache web server for the changes to take effect.

Option 2: Limited Access (Using .htaccess)

If you don't have direct access to the server configuration, you can use an `.htaccess` file to implement the redirect. However, this method is generally less efficient and might be restricted by your hosting provider.

  1. Create or edit .htaccess: Create an `.htaccess` file in your website's root directory if it doesn't exist.
  2. Add RewriteRule: Insert the following code into the `.htaccess` file:

   RewriteEngine On

   RewriteCond %{HTTPS} off

   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This code enables the rewrite engine, checks if the connection is not HTTPS, and redirects to the HTTPS version of the URL.

Things to consider:

  • Ensure that your website is configured to use HTTPS with a valid SSL/TLS certificate before implementing the redirect.
  • The permanent redirect (301) is generally preferred as it informs search engines about the permanent URL change.
  • Test the redirect thoroughly after implementation to avoid any issues.

Easily secure your website by redirecting all HTTP traffic to HTTPS using a simple .htaccess file. But what is .htaccess? An .htaccess file is a configuration file that can be used to customize the behavior of your Apache web server. Here are the steps to implement HTTPS redirect:

1. Access Your .htaccess File

Employ an FTP client like FileZilla to access your website's root directory. If your hosting provider offers cPanel, navigate to the File Manager and locate your website's root directory. Enable "Show Hidden Files" to see the .htaccess file.

2. Edit the .htaccess File

Use a text editor like Notepad or Sublime Text to open the .htaccess file. If the file doesn't exist, create a new one named ".htaccess" (without quotes).

3. Add the Redirect Code

Paste the following code at the beginning of the .htaccess file:

     RewriteEngine On

     RewriteCond %{HTTPS} off

     RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

And then, save the .htaccess file.

How the code works:

  • RewriteEngine On: Activates the Apache rewrite module.
  • RewriteCond %{HTTPS} off: Checks if the current connection is not HTTPS.
  • RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]: Redirects any incoming HTTP request to the HTTPS version of the same URL, using a permanent redirect (301).

Additional Tips:

  • Make sure your website is already set up to use HTTPS with a valid SSL certificate.
  • After implementing the redirect, test your website to ensure everything works correctly.
  • If you prefer to use "www" in your domain, you might need additional rules in your .htaccess file.

While it's possible to redirect HTTP to HTTPS using PHP, it's generally less efficient than using an .htaccess file, as the PHP code needs to be included on every page. Here's a basic PHP function to achieve this:

function redirectToHttps() {

  if ($_SERVER['HTTPS'] != 'on') {

    $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

    header("Location: $redirect");

    exit; // Ensure no further code execution

  }

}

To use this function, place the code in a PHP file that is included on every page you want to redirect. Call the `redirectToHttps()` function at the beginning of your script.

Example:

<?php

include 'redirect_function.php'; // Include the function file

redirectToHttps();

// Rest of your PHP code

?>

Additional tips:

  • Ensure your server has a valid SSL certificate installed.
  • For site-wide redirects, using an .htaccess file is typically more efficient and less code intensive.
  • Always validate and sanitize user input before using it in headers or URLs to prevent vulnerabilities like header injection.

Want to ensure your website is secure and optimized for search engines? Start by checking your HTTPS implementation using Site Audit. This tool provides a comprehensive analysis of your website's technical SEO health, including a detailed assessment of your HTTPS setup. Here's how to use it:

  1. Run a Site Audit: Conduct a thorough audit of your website to identify potential issues.
  2. Check HTTPS overview: Navigate to the Site Audit overview to find a dedicated section for HTTPS.
  3. Review your score: Assess your overall HTTPS implementation score and identify specific areas for improvement.
  4. Get detailed insights: Click on any issue to understand its impact and receive actionable advice on how to fix it.

Using this method, you can confidently optimize your website's security and SEO.

This wraps up our article on “how you can force HTTPS” quickly, and it can be a useful option if you want to change your website from HTTP to HTTPS. We have included the guidelines for multiple scenarios, so this article can help you to force HTTPS for specific conditions. Use this procedure if you face any issues while installing an SSL certificate on your website while using VPS hosting, then let us know in the comments.

Antoniy Yushkevych

Antoniy Yushkevych

Master of word when it comes to technology, internet and privacy. I'm also your usual guy that always aims for the best result and takes a skateboard to work. If you need me, you will find me at the office's Counter-Strike championships on Fridays or at a.yushkevych@monovm.com
user monovm

ToTemat

2021, Nov, 21

And what is better to choose, redirect through the code in htaccess or how to force in the server settings. Which method will be better?

user monovm

Mia Kertzmann

2024, Jul, 24

Great post on the importance of SSL certificates and the process of forcing HTTPS! Ensuring a secure connection is crucial for the safety and trust of website visitors. The step-by-step guide on editing the .htaccess file is very helpful. It's also good to know the different methods to handle the .htaccess file, whether through cPanel, FTP, or SSH. Thanks for the detailed instructions!

user monovm

Prof. Evan Effertz

2024, Aug, 24

This article is incredibly informative for anyone looking to enhance their website's security by redirecting HTTP to HTTPS. The step-by-step instructions make the process clear, whether you're using Apache, Nginx, or Windows IIS. It's great to see the emphasis on SSL certificates and how crucial they are for data protection. The details on using .htaccess and the PHP function are especially useful. Highly recommend implementing these changes to improve security and trust for your site visitors. Well done!