How to force HTTPS via .htaccess

Nowadays most web browsers will show a warning when you visit a site that is not using an SSL certificate. The message looks like in Chrome Web Browser:

chrome insecure site
Not private connection

Your connection to the site is not secure.
You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.

To fix this message you should install an SSL certificate. You can buy one, or if you are using cPanel, you can ask your host to install one for free. cPanel offers free SSL certificates (powered by Comodo).

When loading the same site – which now has an SSL certificate installed – you will see:

Secure connection

Secure connection.
Your information (for example, passwords or credit card numbers) is private when it is sent to this site.

Now you probably will want to redirect requests made to http to https. Do this, edit the .htaccess file in your site’s and add the following lines to the beginning of it (replace domain.com with your domain name):

RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

If you don’t want to use www in URLs, use:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]

Related KB article: How to force www or non-www URLs for your domain via .htaccess in cPanel

Leave a Reply