How to Force HTTPS using .htaccess?

We are sharing this simple and quick guide to ensure your website is using HTTPS instead of HTTP. Why would you need such enforcement? When you want to be sure that your SSL encryption is working perfectly, this is the best method through which you can check and force HTTPS for your website.

3 step process to force HTTPS:

Yes, it is this simple. All you need to do is follow along, and you will be able to manage it yourself.

Note: create a backup of your .htaccess file before trying any of the following steps. In case any of the steps go wrong, you will still have the backup to restore functionality.

Step 1: find your .htaccess file:

The easiest way to locate your .htaccess file is through c-panel. Find the FTP Client and look for /httpdocs folder.

In some cases, your .htaccess file could be hidden. So, to access it, you will need to modify your settings and enable the hidden files.

Once you have found your file, download it to your system, and open it using your code editor.

Step 2: Force your traffic to use .htaccess:

To force your HTTP traffic to HTTPS, you need to write the following code in your .htaccess file.

RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

Header always set Content-Security-Policy "upgrade-insecure-requests;"

You can copy-paste it above your rewrite rules, and the result would be the implementation of HTTPS on all your traffic.

Step 3: Upload your .htaccess file back:

Once you have made these changes, you should open /httpdocs, and upload the modified version of the .htacess file.

With this step, your problem will be solved, and you have managed to write a few lines of code, which can redirect the traffic from HTTP to HTTPS.

Also Check: Basic Linux Commands