How to Redirect HTTP to HTTPS automatically

May 24, 2017 0 comments

Chrome and Firefox have started showing insecure warnings on sites without SSL certificates.

Without SSL, your website will show insecure to the visitors.

Therefore, using an SSL-encrypted connection for safety, accessibility or PCI compliance reasons is necessary. It becomes very important to redirect from HTTP to HTTPS.

Please note that your FTP client must be configured to show hidden files. If not, you will not see the .htaccess file

How to Redirect HTTP to HTTPS automatically

Even though If you have a secure certificate (SSL) on your website, you might be facing problem several times while redirecting automatically redirect visitors to the secured (HTTPS) version of your website to make sure their information is protected.

After installing an SSL certificate, your website is available over HTTP and HTTPS. However, it’s better to use only the latter because it encrypts and secures your website’s data.  You can also use the .htaccess file to force HTTPS connection. This tutorial will show you how.

Forcing HTTPS on All Traffic

One of the many functions you can perform via .htaccess is the 301 redirects, which permanently redirects an old URL to a new one. You can activate the feature to force HTTPS on all incoming traffic by following these steps:


  • Login to respective domain
  • Enter correct username and password to enter into Cpanel as belows and Click into the file
  • Select Public_html folder and Click Setting at the right
  • Check Show Hidden files and Select OK
  • Right Click on .htaccess file then click code edit and again click edit
  • Insert the Following Code before closing tag </Ifmodule>
  • Save the changes.
  • Make sure to change the folder references to the actual directory names.
  • After making the changes, clear your browser’s cache and try to connect to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version.

IMPORTANT: Make sure that the line RewriteEngine On is not repeated twice. In case the line already exists, simply copy the rest of the code without it.

For example

I have my own domain and I want to redirect it to

Forcing all traffic to HTTPS

One of the many functions you can perform via .htaccess is the 301 redirects, which permanently redirects an old URL to a new one. You can activate the feature to force HTTPS on all incoming traffic by following these steps:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Forcing HTTPS on a Specific Domain

Let’s say that you have two domains: and Both domains access the same website, but you only want the first one to be redirected to the HTTPS version. In this case, you need to use the following code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace yourdomain1 with the actual domain you’re trying to force HTTPS on.

Forcing HTTPS on a Specific Folder

The .htaccess file can also be used to force HTTPS on specific folders. However, the file should be placed in the folder that will have the HTTPS connection.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(<foldername1>|<foldername1>|<foldername1>) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Do you know how to install SSL in WordPress,if not

Windows & Plesk

Windows-based accounts use web.config files to handle redirection.

Using the following code in your web.config file automatically redirects visitors to the HTTPS version of your site.

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />

if you have an existing web.config file:

  • Ensure you have sections (i.e. opening and closing tags) for:
  • System.webServer (which contains rewrite)
  • rewrite (which contains rules)
  • rules (which contains one or more rule sections)
  • Insert any of those sections that do not exist.
  • Insert the entire rule section, including match, conditions, and action, inside the rules section
  • Finally save the file and enter the domain and experience the magic


Hope you have successfully edited your .htaccess file and redirected all HTTP traffic to HTTPS, the safe version of your website.

Depending on the platform where you developed your website, there could be alternative methods to enable this feature.

Ashok kuikel

Ashok Kuikel is DevOps Engineer(Cloud Computing and Cyber Security), Entrepreneur working on Socio-Economic Development via Technology

He has been actively contributing as Joint Secretary of Federation of Computer Association of Nepal Kavre Chapter. Beside that, he is an official Global Peace Ambassador for Global Peace Chain, Nepal Chapter and Member of Internet Society, Nepal Chapter.

Above all, he enjoys learning about new trends and technologies and loves to share innovative ideas to contribute for the growth of the industry.

You can follow me on Social Media, GitHub, and via my Blog Channels.

Leave a Reply

Articles and Tutorials

We love writing about WordPress and latest plugins tutorials, WooCommerce stats, and much more.