Forcing HTTPS Using .htaccess Modifications

Work on computer

There are lots of benefits to switching your website from HTTP to HTTPS including better SEO and online reputation. Perhaps you’ve already made the transition to HTTPS. If so, congratulations! But what happens to all those backlinks you’ve built that use HTTP? How do you ensure that people who click those links end up seeing your site over HTTPS instead of HTTP?

The Magic of the .htaccess File

Luckily there’s a simple way to do it via your .htaccess file. If you’re unsure how to find or modify your .htaccess file, check with your website hosting company for their documentation. It’s usually done via FTP or CPanel.

In general, you want your .htaccess file to look at the incoming URL request and rewrite it to HTTPS if it’s not already using it. You’ll use the RewriteEngine to accomplish this. If you’re using a WordPress installation, there will already be some WordPress code in the .htaccess file – ensure that you place the RewriteEngine rules before all of the WordPress code. To enable a redirect to a single site, you can use any of the 3 blocks listed below in .htaccess:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^yourdomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com$
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^yourdomain\.com$|^www\.yourdomain\.com$
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?yourdomain\.com
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

You’ll want to replace “yourdomain” with your domain name and the “.com” with your generic top-level domain – usually “.com”, “.net”, or “.org”.

For the most part, all of the rule sets above do the same job. Line 1 enables the RewriteEngine and line 2 checks the port (80 for http, 443 for https). The final line rewrites the URL with https://. The line or lines in between the first 2 and the last verify whether a domain name in the initial request is with or without “www.” alias.

Check With Your Hosting Company

Your web hosting company may have different guidelines for modifying the .htaccess file. The company we use, InMotionHosting, already has a “www” alias rewrite built into their servers so their recommendations don’t include that portion of the modification since it’s not needed. Although leaving it won’t hurt, there’s no point in forcing every request to process that extra line.

Sharif Jameel is a business owner, IT professional, runner, & musician. His professional certifications include CASP, Sec+, Net+, MCSA, & ITIL and others. He’s also the guitar player for the Baltimore-based cover band, Liquifaction.

share this article:

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on whatsapp

2 thoughts on “Forcing HTTPS Using .htaccess Modifications”

Leave a Comment

Your email address will not be published. Required fields are marked *

If you found this article useful, please consider helping us out and subscribing to our mailing list. We won’t spam you. We rarely send more than a few emails each year and you can always unsubscribe.

Subscribe

* indicates required
/ ( mm / dd )

share this article:

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on reddit
Reddit
Share on whatsapp
WhatsApp
Speedometer close up background
Web Hosting
4 Simple Ways to Speed Up Your Website

Before you start adding a bunch of optimization techniques, check this list to make sure you have your foundation for speed.

Scroll to Top
Days
Hours
Minutes
Seconds

This website uses cookies to ensure you get the best experience on our website. We'll assume you accept this policy as long as you are using this site.