How to Redirect HTTP to HTTPS

With so many benefits of installing an SSL certificate – including enhanced security and better search engine rankings – a growing number of website owners are moving in this direction.

Once you install an SSL certificate, your website is available over both HTTP and HTTPS.

While you’re not required to make any additional changes, it’s important to force HTTPS instead of HTTP. By doing so, you’ll redirect all your visitors to the encrypted version of your website.

There’s no requirement to install an SSL certificate, but Google recommends it because the encryption helps keep your users secure.

Getting Started

But first, before doing anything, it is suggested that you backup your website so that you can revert back to a previous version if something goes wrong.

Also, before you can redirect HTTP to HTTPS, you’ll want to secure a valid SSL certificate. There are many providers of SSL certificates, so be sure to compare your options based on reliability, reputation, and cost.

And, you need access to your hosting account control panel, as this is where you’ll make the necessary changes.

Here are the two steps to take to complete the redirect:

1. Locate and Edit .htaccess

The first step is locating or create the .htaccess file. This is where you will enter the redirection code.

Ways to edit an .htaccess file:

• Edit the file on your computer and upload it to the server using FTP.
• Use “Edit” mode in FTP program that allows you to edit a file remotely.
• Use a text editor and SSH to edit the file.
• Use the File Manager in cPanel to edit the file.

The fastest and easiest way to edit a .htaccess file for most people is to use the File Manager in cPanel; this article covers how to edit using this method and applies to Linux web hosting, such as Shared and Linux Dedicated Servers.

If you need any assistance finding this, contact your hosting company to walk you through the process.

2. Add the Redirection Code

Now that you’ve gained access to the .htaccess file, you can force all future traffic to use HTTPS by inserting the following code:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Tip: you may have existing code in your .htaccess file, so be careful to not repeat “RewriteEngine On.” If this already exists, omit it the second time and simply copy in the other two lines.

WordPress Plugins for SSL Redirection

Really Simple SSL automatically detects your settings and configures your website to run over https.

To keep it lightweight, the options are kept to a minimum. The entire site will move to SSL.

Three simple steps for setup:

1. Get an SSL certificate
2. Activate this plugin
3. Enable SSL with one click

What the plugin actually does:

• The plugin handles most issues that WordPress has with SSL, like when you’re behind a reverse proxy/loadbalancer, or when no headers are passed which WordPress can use to detect SSL.
• All incoming requests are redirected to https. Default with an internal WordPress redirect, but you can also enable a .htaccess redirect.
• The site url and home url are changed to https.
• Your insecure content is fixed by replacing all http:// urls with https://, except hyperlinks to other domains. Dynamically, so no database changes are made (except for the siteurl and homeurl).

Always backup before you go!

Really Simple SSL is on GitHub as well!

Conclusion

Once you have an SSL certificate, you can then take these two simple steps to redirect HTTP to HTTPS. By doing so, you’re guaranteed of directing all traffic to the most secure version of your website.