Even if you have a valid SSL certificate activate on your site, it’s still available on both HTTP (non-encrypted) and HTTPS (encrypted) versions.
That’s why it’s best practice is to redirect all your website’s traffic to the HTTPS version as it encrypts and secures your visitors’ data while they are on your website.
In this article, we’ll show you how it’s done!
.htaccess SSL redirects
Most redirects can be set up manually by using the .htaccess file.
To access and edit the .htaccess file, log in to your web hosting control panel, in our example, we’ve used the cPanel control panel.
Once in your hosting control panel, go to the File Manager. In cPanel, this is located under the Files section.
Show hidden files
Once the File Manager interface is loaded, click on the Settings button at the top-right corner, and ensure that the Show Hidden Files (dotfiles) option is enabled:
Once you’ve enabled Hidden Files, you’ll be able to see the .htaccess file in the File Manager and edit it using the Edit button in the top toolbar.
All traffic to HTTPS
To force all traffic to go to HTTPS, add the following rules to your .htaccess file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]Note: Make sure to replace yourdomain.com with your actual domain name. Also make sure that you only have one RewriteEngine On line in your entire .htaccess file, and that it’s not repeated. If it already exists in the file, copy the rest of the code and paste it beneath.
HTTPS on a specific domain
If you have two domains that load the same website, but you want to force SSL only on a specific domain, use these rules:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]Note: Make sure to replace domain.com with the actual domain name.
HTTPS on a particular folder
You can force SSL on a specific folder, but make sure to edit the rules in the .htaccess file in that particular folder.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]Note: Make sure to replace folder 1 and 2 references with the specific folder names. Also make sure to replace yourdomain.com with your actual domain name.
WordPress SSL redirect
You can use the same .htaccess rules in the .htaccess file if you run your website on WordPress, but we recommend using a plugin to handle this automatically for you.
Really Simple SSL WordPress plugin
Here are the steps to redirect all traffic to HTTPS using a WordPress plugin:
Install
Login to your WordPress dashboard and head to Plugins > Add New. In the search bar in the top-right corner, type in Really Simple SSL and click on the Install Now button:
Activate
Once the plugin is installed, click on the Activate button to activate it:
Settings
Head to the Settings > SSL section and click on the Go ahead, activate SSL! button:
If you see any issues with mixed content on your website (showing both HTTP and HTTPS URLs), go to the Settings tab of the plugin configuration screen, and enable Use alternative method to fix mixed content:
If you use a caching plugin on your WordPress website, make sure to purge all cache first before testing your site again.
With these steps implemented, all of your website’s traffic will redirect automatically to HTTPS.
