How to force a site to use SSL ( HTTPS:// )

We all want to stay safe on the internet and it's easier to do so when SSL (Secure Sockets Layer) is in use. SSL ensures that all communications between your web browser and the site you are visiting is encrypted. Sites using SSL will usually show a green padlock at the start of your browsers address bar.

This article shows you how to have the web server force all connections to your site using SSL, this means all connections will be made using https:// instead of http://. Keeping your information safe from hackers.

This article does not detail how to ensure all your content is available over https:// - you need to ensure your site is configured correctly. We have a separate article on fixing mixed content issues.
  1. Prior to completing these steps you need to ensure that a valid SSL certificate is in place for the domain you want to force SSL on.
    This can be a purchased/EV SSL certificate or a free Let's Encrypt certificate. We have a separate article on how to configure Lets Encrypt on your domain.
  2. To force SSL connections to a site edit the .htaccess file in the folder containing the site. You can do this through cPanel File Manager or via FTP (download the file, edit it and upload again).
    Add the following lines to the top of the .htaccess file
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  3. After saving the file, try visiting your website using a http:// URL - you'll find that it gets redirected to the https:// version

How did we do?

© Krystal Hosting Ltd 2003–2019