How do I force HTTPs ?

Without HTTPS active, even with an installed certificate, your site will not be correctly secured using SSL/TLS. Therefore, it’s important it is enabled to reap the benefits of having an SSL/TLS certificate.

Why should I force HTTPs on my site?

HTTPS is the secure version of HTTP. Alongside SSL, it helps ensure that privacy and data integrity is maintained across your site. 

The importance of both HTTPS and SSL is well documented. Browsers such as Google Chrome and Mozilla Firefox will show sites as untrustworthy or dangerous if they are not active. 

Interested in learning more about SSL and the different types of certificates?

Force HTTPS with .htaccess

  • To redirect your website to HTTPS. Enter the following to your .htaccess file.

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  • After you have added this text to your .htaccess file, save it.
  • You can test if it was successful through entering the site URL in your browser.

For example, in cPanel, hidden files are enabled by clicking the settings cog.

cPanel enable hidden files in settings
Enabled .dot files

Forcing HTTPs in cPanel

If you have cPanel you can choose to use the AutoSSL feature which will automatically install an SSL certificate and enable forced HTTPS. 

  1. Firstly, login to your cPanel control panel, navigating to “SSL/TLS Status” in the Security section.
  2. From here, you can select the domain you’d like to install an SSL on.
  3. Finally, Run AutoSSL sit back and relax whilst it runs.
  4. When it completes successfully, the page will update with a success notification.
  5. cPanel will then request a certificate from the issuing authority. 
  6. If successful, it will be visible in AutoSSL.  

Forcing HTTPs in Plesk

If you have Plesk, you can avoid manual modifications of .htaccess.

  1. Firstly, login to Plesk control panel and click Websites & Domains in the left sidebar.
  2. From here, choose the domain to configure and click Hosting Settings
  3. Select SSL/TLS support and Permanent SEO-safe 301 redirect from HTTP to HTTPS checkboxes under Security
  4. Select corresponding SSL certificate from the Certificate drop-down list
  5. Finally, Confirm the changes by clicking the OK button
Categories