Customers and readers expect any website, be it an e-commerce platform or small personal blog, to offer a secure connection. When a secure connection to a website is established, the visitor's web browser will display a padlock and the URL in the address bar will include "https://".
However, just having an SSL certificate installed is not enough if someone can still reach your site with an unsecured connection. To ensure all connections to your site are secure, you'll need to force the use of HTTPS.
Here we cover the steps to force HTTPS by adding a redirect to your website's .htaccess file.
Related Articles
Getting Started with cPanel
Force HTTPS Using Really Simple SSL WordPress Plugin
Enable AutoSSL
Edit File with File Manager
Find the Document Root of a Domain
Show Hidden Files in File Manager
Edit .htaccess
- Log into cPanel
- Navigate to File Manager, located under the Files section
- Navigate to the domain's document root
- Locate the .htaccess file, right-click on it and click Edit
NOTE: As .htaccess starts with a "." it is a hidden file, so you will need to ensure hidden files are shown. See the guide on showing hidden files for instructions. - Copy and paste one of the following to the top of the file, depending on your needs
- Force HTTPS:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] -
Redirect a specified domain only:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]REPLACE: domain\.com with your actual domain, retaining the backslash. For example, google\.com. Replace www.domain.com with your domain. The "www." is optional.
-
Redirect a specified directory only:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} directory
RewriteRule ^(.*)$ https://www.domain.com/directory/$1 [R=301,L]REPLACE: www.domain.com with your actual domain and both instances of the word directory with the name of the directory you wish to redirect.
- Force HTTPS:
-
Click the Save Changes button