How to Redirect from HTTP to HTTPS (Force SSL)
To ensure your website is always accessed securely, you should redirect all non-secure HTTP traffic to HTTPS. This protects user data and is required by modern browsers and search engines.
Before you begin
- An SSL certificate must already be installed and working for your domain.
- Your hosting must support Apache rewrite rules.
Create or edit the .htaccess file
Create a file named .htaccess in your website root directory:
- Linux hosting: public_html
- Windows hosting: wwwroot
Recommended HTTPS redirect rule
Add the following rules, replacing mydomain.com with your actual domain name:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]Explanation: This rule checks whether HTTPS is disabled and permanently redirects visitors to the secure version of the site.
Redirect without forcing www (optional)
If your site does not use the www prefix, use this instead:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]After applying the redirect
- Clear your browser cache.
- Test by visiting
http://yourdomain.com. - You should be automatically redirected to HTTPS.
Note: If your site enters a redirect loop, remove the rules immediately and contact support for assistance.