Force HTTPS connections with the .htaccess to make sure every connection is a secure one. Your website’s visitors should be accessing your site using an SSL-encrypted connection for added security, accessibility, or PCI compliance. If you’re unfamiliar with SSL, our article, “What is SSL and why is it important?” will get you up to speed. Just having an SSL is not enough if someone can accidentally reach your site with an unsecured connection. Read below to see how to force HTTPS connections on your site.
Why Force HTTPS for a Secure Connection?
InMotion Hosting includes a free SSL Certificate for all Business Class Hosting Plans. It’s easy to activate this SSL in your Account Management Panel (AMP) under My Account > Manage Free SSL.
We highly recommend that you require all visitors to your site to access it through a secure connection. At this point, a large majority of sites are running through SSL, and search engines may penalize you if you are not on SSL. More importantly, Google now seems to prioritize search results with secure connections over those without.
Forcing visitors to use SSL can be accomplished through a variety of plugins, or by manually editing your .htaccess file using mod_rewrite.
Forcing HTTPS with .htaccess
The .htaccess file is a configuration file used on Apache servers. It is a ‘dot file,’ as the period at the beginning of the file name means that it is hidden from view by default. If you cannot see it, be sure that you can view hidden files in cPanel’s file manager.
NOTE: For WordPress sites, consider an SSL plugin such as Really Simple SSL instead.
Redirect All Web Traffic
To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website’s root folder.
WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteEngine On RewriteCond %{HTTPS} !on RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Redirect Only One Specified Domain
To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website’s root folder:
WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
If this doesn’t work, try removing the first two lines.
RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
NOTE: Make sure to replace example.com with the domain name you’re trying to force to https. Additionally, you need to replace www.example.com with your actual domain name.
Redirect Specified Folder
If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder:
WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} folder RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R=301,L]
NOTE: Make sure you change the folder reference to the actual folder name. Then, be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.
If you’re setting up an SSL for a WordPress site, be sure to check out our guide to setting your SSL up on a WordPress site. If you want advanced information on the .htaccess file, take a look at the official Apache .htaccess documentation. If your browser does not seem to indicate that you have an SSL even after you set this up, be sure to check our SSL ‘lock’ troubleshooting guide.
Go Unlimited with Exceptional Shared Hosting
Upgrade your Shared Hosting today and take your business to the next level! Get unlimited NVMe SSD storage, cPanel, professional email and over $400 in savings.
Free Domain 24/7 Human Support 100% Money-Back Guarantee
Thank you! Your tutorial made this so easy, first time!
Glad we could help, Frannie!
Note is confusing and is not applicable for all traffic version.
============================
Redirect All Web Traffic
To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website’s root folder.
WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
Copy
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
NOTE: Be sure to replace www.example.com with your actual domain name.
****MOVE NOTE BELOW. NO “www.example.com above”.***
Thanks for bringing that to my attention, David! I’ll go ahead and fix it now.
Question: I’m getting dinged for 2 redirects using your code (above) to force https as well as WordPress’ dynamically created code for permalinks. Can you either give me a code snippet to 1) do what your code does for SSL validation in a mod_rewrite format or 2) do what the dynamic WordPress code does in a non-mod_rewrite format? Basically, I’m trying to condense these two sections into one so as to only have one redirect. Is this possible? Your code in a mod_rewrite format is probably preferable as I can make the WordPress code static and block WordPress’ ability to rewrite that section. Thanks in advance!
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Hi davelabz,
Thank you for your question. We don’t have such a code snippet available at this time. I recommend contacting our Technical Support team to see if they can provide a possible solution to this issue.
Best Regards,
Alyssa K.
Thanks for your Information. Its working for my Website
Hi all, I’, trying to do website redirection but not successful due to my rewritecond input = ‘www.example.com’ but host in browser debugger showing ‘example.com’ how do I change the input or http_host? Where does it refer to? I’m expecting my website to redirect from https://example.com to https://www.example.com
Hello and thanks for contacting us. You may need to do the redirect from within the website (if you’re using a content management system like WordPress) or from the server depending on your hosting plan. I recommend you contact our Live Support with more information for further assistance.
Did I added this at right place????
# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{HTTP_HOST} ^sophiatravels\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.sophiatravels.com/$1 [R=301,L]
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
I followed the ‘Route All Traffic’ code, but encountered an interesting situation when I was testing my page speed on Google PageSpeed Test. It’s claiming the following redirects are causing performance issues because it’s more than needed:
*changed the URL for security reasons
(Initial: https://www.example.com/)
0 ms
https://www.example.com
630 ms
https://example.com
480 ms
Is it possible to modify the redirect code so it goes straight to https://example.com without going to www first?
Here is the code I’m using:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Hello and thanks for asking. You could try changing the RewriteRule to the actual domain.
I want to redirect my site
https://hikingannapurna.com
tohttps://www.hikingannapurna.com
without redirecting tohttps://hikingannapurna.com
. Is it possible?Hi Eric,
You should be able to set up the redirect with the www. via your cPanel. For additional assistance, please reach out to our live support.
My webmaster has use this code, is this correct?
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]
Hey Peter! There are a few different ways to set up .htaccess redirects, and some will be right in certain situations and wrong in others. If it isn’t working how you expect, I’d suggest getting in touch with our 24/7 Technical Support team directly, so that they can compare your code against what you are trying to do specifically (and make sure there are no other issues that would affect the redirect).
hello i want to force download mp4 and mp3 file when open not play how edit .htaccess file
Hello and thanks for asking. You can try options from this StackExchange thread.
Nice tutorial
Helped !
Hello want to redirect
https://www.example.com
tohttps://example.com
What code should i use in .htaccess
I’m using below code
Hello Yatin324 – If you follow the instructions in the article, it will give you the proper code. (The code below is directly from the article).
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
thanks !!!
Hi, i am using angularjs application, i tried to redirect http to https,
i am using below code, but its not working, plz suggest me for proper code.
The redirect works for me. I recommend clearing your cache and trying again.
Hello which is easier when working on redirects, is it angualr js or php, i’m on a project about football betting and i’m designing a site that is similar to Soccervista zulubet and statarea i wanna handle the redirect issue for better understanding by my users
Hello Israel, AngularJS is a framework based on JavaScript. PHP is a complete programming language. Your question is more suited for an experienced programmer and depends on needs of your coding project. If you’re building the entire site, I’d recommend PHP, but be aware that it’s intended for back end development.
If you’re using an Angular app, your problem will be ensuring HTTPS and url rewrites as everything must be proxied through Index.html. I used this:
BUT I’m getting an infinite redirect loop for some reason. Does anyone know what I’ve done wrong in the above? I need to ensure the HTTPS and also make sure to rewrite all routes through index.html (if I do both of these redirect commands on their own they both do what I need, but using together is an issue).
Hello Robert,
Typically, we do not provide too much support on coding issues as they tend to be specific to a situation and there can be many approaches to provide a solution. In looking at your code, the issue looks like it’s the end where you are using the [L] option. You can see more information on the actual apache.org page for the mod_rewrite function. You can also test it by removing parts of the code and seeing how it affects your results. We recommend speaking with an experienced web developer for more in depth assistance.
Thanks for the Tutorial my websites.
Hello Good Day, The code above works but I have a problem. Why does it adds index.php at the end? Please help me.
Desired Result: https://siteurl/
Current Result: https://siteurl/index.php
Here is my htaccess
Your code is putting out the “index.html” because of the rewrite rule creating the URL with the “$1” – basically this instructs the code to include the folder path AFTER the .com (or whatever your domain ends with). You can try removing it (the “$1”) and see if that’s what you want to force. This is typically regex coding which we don’t provide. However, check out that link for additional information.
To check up on this go analyze your website on this website: https://www.whynopadlock.com/
This will tell you, what the reason is, that the padlock isn’t on your website.
Below my .htaccess code how can I redirect to “https” I tried all above codes and my domain is Kindly help me.
…………………………………………………………………..
Forcing https:// use with your website is heavily influenced by the software you used to build your website. However, if you would like to force it using your .htaccess file, simply update this line of your code:
to add the ‘s’ in “https://”, like so:
2019-01-10 6:19 pm Reply Hi jhon,
i don`t know how to replace http to hhtps please give me easist way guide me through video link / screen shots . you have access in my websit c-panel also you can do it please because i am using same inmotionhosting.
Thanks
Moin
I appreciate your feedback and am glad we can help! I recommend contacting your host to inquire what kind of SSLs they have available that will satisfy the requirements for browsers to not display insecure warnings.
Hi Moin.
I’m sorry but we are unable to modify your account via a request through the public forum. Please contact technical support for further assistance with your account specifically.
Hi Moin.
Please contact technical support for further assistance with your account specifically.
Hi John-Paul,
show this error: in my website how to fix this please help me and please give me your email address how to talk you directly through email.
https://www.whynopadlock.com/results/41677241-85de-4c0f-b6bd-8e80f737e66e
Error Returned: Navigation Timeout Exceeded: 30000ms exceeded
Hi John-Paul,
please help me i am trying http to https this way also but still not show SSL pad lock please check and contact me via email please.
https://www.youtube.com/watch?v=KRCcNjSlt9M
Thanks
Hello.
I recommend using the website WhyNoPadLock.com to run a scan of your website, to determine why it is not showing the padlock. This will help you identify the security implementations that are required for the padlock to display for your website. I hope this helps!
Sincerely,
Carlos D.
My website www.*******.com is not show SSL pad lock please tell me how to fix this issue i already post this issue in this link below also if you have any shortcut to fix this issue please help me i am also using your hosting please you can do fix this issue please
https://magento.stackexchange.com/questions/256812/magento-1-9-ssl-issue
The solution will differ based on how your site was built. If you are using a CMS such as WordPress, Drupal, or Magento you should first set up the SSL/https in the Dashboard or Admin section. If that doesn’t help there may be a plugin or addon module for accomplishing this.
In some cases you may have to do a “Find and replace” in the database. Replacing all instances of https:// with https://
Thank you,
John-Paul
What if I can’t find the ,htaccess file? I have a cpanel with one main domain that hosts 8 others.
The .htaccess file is a hidden file. You may need to adjust the File Manager settings to show the hidden files in order to locate it.
i want to redirect my client domain qatarprayertimes.com http to https . kindly help me
Please follow the directions provided in the article above to force your site to https. If you’re having problems, then please explain the issues that you are having.
Hi Inmotion,
Just wanted to say THANK YOU sooooo much for saving this girls web life 🙂
After having watched several youtube video tutorials, and after having read several articles on the topic – your little code snippets regarding the .htaccess file were all it took to redirect my
examplesite.com
to thehttps://www.examplesite.com/
like a charm!I only have 1 question : On the address bar, to the right ( next to the star on Chrome ) – I now see a “shield” with a tiny red mark on it. When I click on it, it states the following :
Insecure Content Blocked
This page is trying to load scripts from unauthenticated sources.
This is really strange, because all I have running on my server is an CSS/ HTML / JS “Coming Soon Page” which contains NO IMAGES whatsoever ( aside from my favicon ) and runs on JQuery + Ajax. This is quite perplexing to say the least…
Is there anything I can do to resolve this ? Any advice/suggestion you can offer is greatly appreciated.
Thank You once again for the script 🙂
Hello.
I’m glad that we were able to assist! In regards to the insecure content message, I recommend checking out the website Why No Padlock?. There, you can enter your URL you are seeing this happen on and the report should provide insight into how to correct the insecurity detected.
I hope this helps!
Sincerely,
Carlos D.
I like you code and I use it!
A little problem more:
I use it to force http to https
I’d like also to force e.g. www.example.com into example.com
How can I do both?
Thanks
fp
You can edit add another line to your .htaccess file to force the use of www or not.
Really Simple SSL is not free, you must pay.
Try Force HTTPS plugin (free one)
https://wordpress.org/plugins/force-https-littlebizzy/
Our installation guide covers working with the Really Simple SSL free version which includes the needed functions for most situations.
how to add verification codes in a website?
google , bing, ownership etc?
The process of verification for your domain depends heavily on how you created your website. For instance, you could use Jetpack Site Verification Tools, if your website was built on WordPress.
Let us know how you built your website and we may be able to assist you further.
Hello…This is my website..After installing SSl and editing the .htaccess fill it redirects to
https://www.********.com/
But the post URL is opening on https and http both…You may check.https://www.********.com/seo/top-10-tips-for-keyword-research-you-must-know/
I can’t understand what is the actuall problem…Please help..otherwise Google may penalize my site…as it will be considered two different URL.
Since it seems your site is running on WordPress, adding .htaccess rules directly can sometimes cause issues with existing rules. Due to this, I recommend using a WordPress plugin to force https.
Thank you,
John-Paul
Thanks for the Tutorial but my websites still have 2 versions. HTTP and HTTPS.
Which WP Plugin can I install to fix it ?
For SSL’s on WordPress you’ll likely want to install a SSL plugin to force content to HTTPS such as Really Simple SSL.
Hi-
I have a desktop site and a mobile site. The mobile site is accessed via a script in the html code anytime some visits on a mobile device. When I changed the .htaccess file to force https, only the desktop site loads regardless of device.
How do I get the mobile site to load on mobile devices and force https for the desktop site?
I recommend you check our guide for redirecting mobile website versions. If you’re using a CMS like WordPress or Drupal, it could be helpful to check their forums as well.
I used a redirect in .htaccess, but now when I try to update my xml sitemap,
my completed crawled sitemap only includes the index page of my site???
Do I need to update manually all my links on my webpages to https?
Hello,
Thanks for your question about the XML site map updates after implementing HTTPS. It appears that you will have to update your XML sitemap to include the HTTPS links. This may depend on the tool that you are using. Check out this article on updating XML site maps. They say that you need to go into the sitemap and update the links. If you are using a tool then you may want to see if their support or documentation identifies how you can get the sitemap to be update using https.
Thanks!
No problem! We’re glad you found this helpful!
From my understanding of that question, he wants to redirect all 404 errors/pages to the index page. If you’re using wordpress, get a plugin names 404 redirect and you’re covered.
Thanks for the comment!
Thank you for the code at the top “Forcing HTTPS with .htaccess directing all web traffic. It works great!
I would like to add a condition to the .htaccess code you provided that if the file doesn’t exist to he redirected (404 error). I’ve tried different ways to add the statement to the .htaccess: “ErrorDocument 404 https://www.example/index.html” without success.
Any help would be appreciated.
Sorry to see you’re having trouble with redirecting the 404 error. The correct syntax would be:
“ErrorDocument 404 https://example.com/404/” replacing example.com with your actual domain. From your comment, it appears you are missing the “.com” portion of the domain which may be preventing it from working properly.
Hi,
I want to force ssl on only one specific folder but that folder is my main root folder which is the full name of the website so it ends with the website URL instead of a folder name and does not work – what folder name can I use instead of the website URL?
What you’re saying is a little confusing. The defined root or “document root” of the website is the folder in which the website files are being served. If you have a folder outside of that main, I would highly recommend that you move it within the document root folder. That way, you reference the folder properly to force https for that folder. You complicate the issue if your folder is outside of the root. If the files need to be accessed through the website, then that folder should be in the document root. Simply placing them outside of the root will not protect them if these files need to be accessed from the website in the first place. You can also define a folder outside of the root with a subdomain. For example,you could create a subdomain called folder.domain.com, where the folder path is defined the location outside of the document root.
So, the easier (and recommended) solution is to simply move the folder into your website’s document root folder. Otherwise you will need to make a definition of that folder using a subdomain option as provided in the cPanel.
i am added the folloing code after added the code back ended is disable
Please clarify the steps you are taking. We would need to have more explicit information about your website in order to determine what’s happening. If you want the matter handled privately, then please contact our live technical support team for further assistance.
After doing this all implementations I found few url like https://www.example.com/blog is not opening in good interface. For this what we do.
I recommend checking the software documentation you are using for the site in the “/blog” directory. You may need to configure the software to use the https:// protocol for the resources it uses to load properly.
If this is custom code, then you may need to review the code to ensure that resources for the website are being coded with https:// included, rather than https://. I hope this helps!
Hello guys. How I combine force HTTPS and force WWW on my htaccess?
The one redirect to www should take care of that, but if it’s still resolving to the domain by itself then perhaps the .htaccess file is not being processed properly or the syntax of the redirect rule is wrong. I advise contacting Live Support for further assistance.
Help! I added the code to force https. After saving the edit, I realized I forgot to change the www.example.com to my domain. So I replaced it with mine and saved it again. Now, when I type my domain, my website shows up, but if I try to access it without typing the www it goes to www.example.com.
After getting frustrated and deciding to forget the whole thing, I went back into the file and removed the new code, so that the only thing in there now is this:
But I still have the exact same problem. How do I fix this so my website appears whether or not someone types www?
Thanks
Kristal
It sounds like it’s cached. I would recommend clearing your browser cache. It could still have the old code saved.
Hi All,
If I am using a WP site, and I want to redirect all domains addresses to https://www.domain.com/
Do I need to a condition and rule for each possible scenario?
Example:
Is there one universal rewrite rule that will redirect all possible domain scenarios instead of manually typing each one? I want everything to point to a domain with https and www.
Hello,
Thanks for your question about forcing the use of SSL through .htaccess. Actually, if you properly set up your WordPress site to use an SSL, then it should automatically generate the URLs so they use HTTPS. Check out this article on enabling HTTPS in WordPress.
The code works like a charm.. External links redirect everithing works fine.
BUT:
To be seo friendly.
Do I need a 301 from all http subpages to all https subpages?
It’s necessary to change all the EXTERNAL links to be seo friendly?
THXS
Hello.
According to this third party tool, the code presented in our guide appears to identify a 302 redirect. However, you can modify the redirect code to force a 301 redirect. This is accomplished by adding =301 after [R in the last line of the code.
For example:
This will work for all your pages under that domain. A 301 redirect tells Search Engines that the content has permanently moved from https:// to https://. A 302 redirect tells Search Engines that the authority of the content should remain as the originating domain, rather than the domain that the redirect ends at. With a 301 redirect, you should not need to add redirect codes for each page to adhere to SEO best practices. I hope this helps!
Sincerely,
Carlos D
Hi,
The code you guys have given works, but doesn’t work (in the following scenario) if one has a parked domain with the same domain name, and the primary domain name is a HTTPS.
Code refering above is the below one;
Scenario;
eg: me.com and me.net.
If me.net is parked and redirected using the redirect option in inmotion to https://me.com > the re-direct works fine.
And then we force a redirct in .htaccess to force https://me.com to https://me.com > again the re-direct works fine. (had to do this, since after inmotion set me up the server, .com domain and ssl, it didn’t auto redirect to https when entering the domain name in the browser)
But the problem is, with the code above added to .htaccess, for both these re-directs, it will throw a 302 instead of a 301 permanent re-direct. Which is really bad.
I used the below code to force my primary http .com domain to https .com, and now both re-directs show up 301.
Kindly let me know if this is an issue and if what i did was correct, since the code here didn’t work for me.
Thanks!
Sorry for the problem with the 301 re-direct. It doesn’t sound like your site is using the code specified in the .htaccess file. Or maybe it’s being re-directed elsewhere. Without any specific site information we can’t investigate here. .htaccess code can be overridden by an .htaccess file that has a higher priority (usually done by position of the file). My advice would be to contact our live technical support team. They can look at the .htaccess file in real time with you and provide an immediate solution. If the .htaccess file is set to use 301 for its re-direct, then it won’t do anything else unless something else is overriding it.
When doing the redirect from http to https, I get this message. What should I do to correct?
The validation required 1 HTTP redirect, but the AutoSSL provider “cPanel (powered by Comodo)” does not permit HTTP redirects.
This issue commonly happens when there is something in the .htaccess file that is forcing a redirect to https://, I would recommend commenting out any redirects in your .htaccess file and then re-running AutoSSL.
How do I get the padlock to show up even if just www.example.com is typed in browser..my not redirect from www to https..even after i purchased ssl
I recommend checking your .htaccess file as there may be other rules interfering with the redirect.
Also, if you are using a CMS (such as WordPress, Joomla, OpenCart) I recommend using a plugin or extension to force ‘https’. We are happy to help you troubleshoot further if you can provide a link to the website.
Thank you,
John-Paul
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Hello, i have this code on my .htaccess but this method redirect to https only the homepage and not other post i write. How can i solve to force redirect on all pages?
The instructions in the first example above provide the answer for your question. We do not provide for support for user-provided code. However, you should be able to use the code from above:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
How to disable the https with htaccess ??
You’re not disabling HTTPS unless you’re also removing the SSL certificate. If you want to force certain URLs to use the non-HTTPS urls, then you can do that with the .htaccess file. It’s just change in the code provided in the tutorial above. Note that disabling HTTPS from a website may also depend on the application you’re using for your webite (e.g. WordPress, Joomla). If you’re not using an application, then typically, you’re making references to HTTPS in your code and you have to remove it.
I’m new to this website building so please bear with me. Where do I go in my cpanel to add this code?
This code needs to be placed in your .htaccess file. You can edit the .htaccess file in cPanel, by going to the File Manager in cPanel. The location of the file (if it exists) depends on where the files are located for your website. The links included in my comment should help guide you in the right direction. I hope this helps!
This works perfectly.
My setup is 4 domains, A, B, C, D
A = unused domain
B = email hosted at gmail app, used for website
C = email hosted at gmail app
D = email at hosting.
Managed to force redirect all traffic to domain B via https.
Thank you so much for this info. I recently upgraded to an SSL certificate. I had everything working in the redirects for the site itself. But I have a shopping cart in a folder and had no idea how to force that to the https version.
Takara
If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]
Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.
I added the .htaccess edits to the root file and i added a .htaccess in the folder I want to force ssl and still it is not working. My site still tells me there are 2 image files that are being called as http files. The 1 specific file I am only using in 1 place on my site. I replaced it with one with https link and it still gives me the same error. I even went into file manager and physcially deleted the file. It still tells me there is a call to that http file but not also tells me it calls to the file but file is deleted. I just cannot figure out how to fix this. At this point I am afraid of making any other modifications and breaking my site. I have even tried force ssl plugins and mixed content fixers. No luck.
If you are using a CMS (such as WordPress, Joomla, etc.) try using a plugin or extension. Since many CMS’ rely on .htaccess rules, manually adding rules can sometimes interfere with the site.
Can you provide a link to the site for us to test?
Thank you,
John-Paul
Can someone please provide the correct https redirect code for connecting to the Cloudflare CDN Plus.
Thanks
Cloudflare has an always use https tool I recommend using, read more in their knowledge base on How do I redirect all visitors to HTTPS/SSL?.
Thank you,
John-Paul
I want to add the code in my .htaccess file to redirect http to https but on downloading the .htaccess file to notepad on my computer, i saw the following code in the .htaccess file:
# BEGIN WordPress
AddHandler application/x-httpd-ea-php70 .php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Pls where exactly should i paste the code I need to redirect http to https in the above OR should i just delete the above code and paste the http to https code
in the .htaccess file. Please advice, am confused.
It is best advised to leave the WordPress rules in there. They are integral to some of WordPress’s functions working properly. I advise leaving the .htaccess file as it is and using a WordPress plugin to do the https redirect.
the RewriteRule line should read like this:
RewriteRule ^(.*) https://www.mydomain.com/$1 [R=301,L]
Dear Sir
This article help me to redirect my new domain aglatax.com to https, I face https redirect problem from many days, but after following your guide i am successfully redirect my website.
Thanks again
Any idea how to configure the htaccess file for cloudflare server?
You can find more information about CloudFlare in their Support Forums. If you’re trying to whitelist their IPs, then check out this post.
Hello there,
I wasn’t sure which code to use for my problem. Here is my issue.
My website is indexed two weeks back. It has HTTPS or SSL certificate installed.
Actually it looks like this: https://example.com/
But it is indexed in Google in two versions, like this: example.com/ and https://example.com/
Now, I don’t want example.com/ in Google Index. I’ve been waiting to see if it naturally goes off from the Google Index. But it is not.
How can I redirect this (example.com/) to https://example.com/? In my sitemap also, I have this version – https://example.com/. Please help me solve this issue.
The instructions to force HTTPS are at the top of this article. If you read through it and have specific questions let us know.
just fixed ssl problem in my site
Great! We are glad to see that.
Hi,
I have SSL for a domain but not subdomain. I have a mobile site and if i use the code your code i get ssl error on the mobile site. masically i want all traffic to www.mydomain.com to redirect to https://www.mydomain.com but m.mydomain.com to remain http.
I´m using the code bellow, is this the correct code or you have a better solution.
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} www.mydomain.com
RewriteCond %{REQUEST_URI} !/robots.txt
RewriteRule (.*) https://www.mydomain.com/$1 [R=301,L]
Hello,
I don’t see anything wrong with that but I do not see any redirects for the mobile site in that code. I would think the simplest solution would just be to force SSL on the main domain and then you redirect to the mobile site ensure the redirect is specifying http instead of https.
Best Regards,
Kyle M
Watch out for this issue with cPanel and AutoSSL. cPanel will edit your .htaccess files unless you prevent it.
https://features.cpanel.net/topic/ability-to-prevent-autossl-editing-htaccess-fles
https://features.cpanel.net/topic/autossl-act-differently-based-on-apache-version
Thanks for the heads up on that! We appreciate your feedback regarding this guide.
Hi when I insert the code
the site goes HTTPS but when you hover over a menu item the header and menu duplicate.
Hello,
Sorry for the problem with your menus. If you remove the code and look at your menus do you see the same duplication? This code has been in use for a long time without affecting other sites (or there would be many reports of a problem). Please review your site or at least provide a URL so that we can look at the issue as well.
If you have any further questions, please let us know.
Kindest regards,
Arnel C.
I installed SSL on my server and added the code on the guide. But still get this error
An error occurred during a connection to (domain). SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
Thanks
It looks like the SSL was either installed or configured improperly. I advise contacting Live Support if you are hosted with us.
The article is incorrect for the recent changes to the auto ssl -> lets encrypt which writes its own code into the the htaccess file
Since the httpd.conf file can not be relied on to function with distiller – as this does not function either – you need a top level redirect
Hi,
I am using heroku with Cakephp 3
My .htaccess code looks like this
I can’t reach out to heroku they are not reachable.Tried every stack overflow but none of them worked.
Hello,
Sorry for the problem with using Heroku. If the .htacess changes are not working then you may need further configuration for the change. You will need to consult with their technical support as we are not familiar with their particular application.
If you have any further questions or comments, please let us know.
Regards,
Arnel C.
when i insert the code in htaccess the code is running but your connection is not fully secure error going on what i do for fully secure can you guide me step by step
This is most often due to some links on the page connecting to http and not https. You will need to correct those in order for the page to be fully secure.
This is better than the 302 redirect IMH example provides. I tested this in SEO Powersuite and they did not like the version without the 301 which seems correct.
I would change this Inmotion to the example with the 301 in it.
Thanks for the help though.
This one seems to be correct with the 301. IMH you might wish to update your example.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
Hi
I am using the following for SSL
I have tried various options but can’t get any of them to work.
Any suggestions?
Many thanks
Those do not appear to be the correct syntax. I advise copying and pasting one of the above snippets from this article.
Hi,
thanks for putting the time i to monitor this interesting thread.
I am thinking of using this code to redirect login.php to https.
Problem is I have a login.php, will this not redirect my admin login to the customer login page?
Best fix? I may just have to rename my admin login page if not.
The second example given should work for you. This should redirect anything with example.com (your domain) to https://www.example.com
You may want to rename the current .htaccess file and test it with a new blank one. If it works, then remove that file and rename the original one back to .htaccess and insert it at the top of the file. Be sure to remove any other failed code prior to inserting the working one.
You may want to put an .htaccess file in the /admin folder with just the redirect code in it. That should govern that specific file.
Thank you for this little tutorial. I have a problem now:
https:// traffic redirects to https://www.
https:// traffic redirects to https://www.
But https://www. traffic doesn’t redirect to https://www.
Is there any way to fix this as well?
I have to mention that I tried a lot of .htaccess codes, but every single one gave me a redirect loop and only the codes on this page have worked so far. I have a simple Let’s Encrypt certificate issued on its related page in cPanel, but I have not been able to install it on the SSL/TLS page. (Private Key problem)
Dear sir I have a webhosting account of hostgator and I am using more than 5 domains in one account.
1 is main domain and others are addon domains.
whenever I have used any code which is like this
it gives the several redirections error
please suggess me if htaccess of main domain is infecting on addon domains.
Abdul, I don’t see anything wrong with your current .htaccess code, but ultimately I’m not a website developer. I would, however, point out that .htaccess files are recursive. This means that any .htaccess file that you have in a parent folder will affect all the child folders.
Just wanted to say thank you for this post… know it’s been up for a while, but for some reason I can’t get the htaccess rules to stick in my head. Use this post to jog my memory more than I am comfortable admitting :-/
I need help, i forced ssl on all pages of my website but the layout is scattered… any advice?
Sounds like some of your resources are loading over HTTP. Make sure your CSS, images, and JS all load over HTTPS. Depending on how your website is built this can be accomplished many ways. If it’s a WordPress website, there’s a plugin to force HTTPS which works well.
This code does NOT add www.
Hi Dorian,I use the code below and work great:
RewriteEngine on
#RewriteBase /
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule (.*) https://example.com/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If not work remove the part #RewriteBase / .
Check my website for example:gamesunblocked.us.
Try all version in your browser.
Hi,
I have:
in my .htaccess, and all of my pages forward to HTTPS properly except when the URL includes the page file name.
For instance, domain redirects to HTTPS, but domain/index.php does not.
Anytime the page’s filename is included, it won’t forward. I’ve searched all over the web and can’t find a fix for this. Can you help, please?
Thanks,
D
D, I used your exact code on a brand new site with only three files. A test index.php, a phpinfo.php file, and a .htaccess file that only had your code in it. My site redirected even if I put a filename at the end. This would indicate either a browser caching issue, or an issue with your web hosting setup. I recommend clearing your browser cache, and trying again.
Great, easy-to-follow examples, thanks a lot. Have to say I’m pretty impressed by the inmotionhosting support pages – they’re very well written.
THanks! it worked pretty well!
thanks!
My current .htaccess file currently has the following syntax:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I would like to force the domain.com to go to the www.domain.com everytime. I want to add something like the following to the .htaccess above:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.com[nc]
RewriteRule ^(.*)$ https://www.domain.com/$1 [r=301,nc]
The problem is that when I add this additional syntax to my .htaccess and then test the WordPress website, I get an error, “too many rewrite conditions.”
Any ideas on how I should include the additional syntax into the existing .htaccess file?
Alan, the easiest and most effective way to do this as you’re using WordPress, is to update your site URL and WordPress address to use the www for your domain.
You really made my day, i was pulling my hair out as the ssl was installed properly but site was going to https:// instead of https:// and was showing connection not secure…
After the .htaccess change, everything worked as a charm.
By the way I am usinghost, domain and SSL all provided by godaddy…
I am using OpenCart. I want call URL www.mydomain.com/api/common.php.
I added this new line in the .haccess file, but it’s not working:
Please help me.
Thanks
Dao, as this has to do with making custom changes to the coding of your site or sites, it is outside of the scope of support that we are able to provide. You will want to work with an experienced web developer, if you don’t have one already, to assist you in resolving this. Alternatively, you may wish to have a look at https://code.tutsplus.com/tutorials/the-ultimate-guide-to-htaccess-files–net-4757
add [R=301,L] to the end of the last line; it’s sets the redirect to Permanent (for Google and/or for my mom–cuz I moved out of her bsmt for good.)
Thanks for your response… I do use WordPress… I noticed though, that Google started showing me search results with my new HTTPS URL where my old one used to be, so I hope that I’m good. I did register the HTTPS account in GWT, as you also advised. Thanks again!
Does the code above transfer Page Rank to the HTTPS site too? I know I’m supposed to do a 301 redirect, but when I tried to do a 301 on top of this, the page would stop loading due to too many re-directs.
If you are using a CMS like WordPress or Joomla, there are already existing .htaccess rules that can be causing the conflict. If that is the case, you may want to consider using a plugin to switch to https. In most cases, a sophisticated search engine should be able to tell it is looking at the same site with https instead of http. However, you can adjust your preferred protocol in something like Google’s Webmaster Tools and then wait for Google to re-crawl the site.
I inserted the following code into my .htaccess file on the root directory. I placed it at the top lines, above the lines of code that were already there. Despite doing this, when I type in my website name it doesn’t work.
Hello Tallyho,
We would need to see what else is in the file in order to assess the issue. Additionally, make sure that you don’t have another .htaccess file that might be overwriting this one. Please first start that check and let us know if you require any further assistance.
If you have any further questions, please let us know.
Kindest regards,
Arnel C.
Thank you sOooooOOOoo much, this worked perfectly 🙂
My website is static website. and I want to clear my all canonical issues. Only one URL should come up or it should show. How I need to do?
You need to force either WWW or non-WWW and force either HTTPS or HTTP. This can be accomplished via the htaccess file.
htconfig files exicute server-side, then send the “final-product” to the client; so, Search Engines will index the final URI. So if your htaccess says your home page is https://mysite.com, then it is so. The caviot is that if you write an internal link to http://mysite.com and Google ends up at https://mysite.com then it will be aware that it was redirected; so, you must be careful about how you handle it.
Generally, search engines don’t care about protocol redirects, but if you use your htaccess file to redirect to a new domain, such as https://mysite.com to https://anothersite.com, expect to get flaged.
Lastly, if you want to use it to redirect between internal pages where you want to change your URL, but keep all of your SEO goodness that has already been indexed, such as https://mysite.com/wordpress to https://mysite.com/blog, make sure to use a 301 or 302 redirect.
Thank you
I am using the above code and its working well but when i open my wp admin panel then its redirect to the home page and i couln’t reach my dashboard so plz help me.
Since WordPress relies on .htaccess rules, we do not recommend adding code directly to the file.
Instead, you should enable SSL in your WordPress Site URL. This reduces the chances of a rule interfering with the functionality of WordPress.
Thank you,
John-Paul
I love it: simple, elegant, and it worked perfectly for my site.
Thanks!
Thanks Brother.. I just loved it, cause it worked. Thank you so much…
I am trying to use an MVC approach in my site programming, that has one entry file index.php. How would I redirect to https with this approach? This is what I have in my .htaccess file right now:
If you place the https redirect code above the code sample you provided you should not have any trouble.
Thanks so much for your reply. However I just get an error when I use your code.
This is what I have that works, I just want to combine it into a single redirect:
# 301 to www
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.com
RewriteRule (.*) https://www.domain.com/$1 [R=301,L]
# 301 to https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Thanks.
We recently purchased SSL certificate for our website.
We currently have 2 redirects
For eg:
Original URL – https://www.example.com
Now after purchasing SSL:
https://www.example.com
Kindly help
Thanks!
You will want to make sure that you redirect to the domain that is on the certificate, whether it is www or non-www.
I am forcing https as above without issue. However, some subdirectories have .htaccess files that use authorization via AuthType Basic. The authorization is happening pre-rewrite (in the clear, http). Is there a way to rewrite to https before authentication therefore securing the transfer of the user/pw within the https context?
htaccess files are processed top-down. Do you get a better response by rearranging the order of the codes?
Hi, some really useful examples here. Could you please help me out?
I have a website and the customer wants everything to redirect to example.com/en/ by default.
Is there a single rule that will forward, https:// and https://www to https://www.example.com/en/ ?
I am asking for a single rule as my understanding is the fewer redirects the better for Google? Thank you!
Adam
Adam, you should be able to use the following:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^fromcrimsontowool\.com [OR]
RewriteCond %{REQUEST_URI} !^/en
RewriteRule ^(.*)$ https://www.fromcrimsontowool.com/en/$1 [L,R=301,NC]
Hi,
I want to redirect https://www.example.com/notice to ( my another server )
https://info.example.com/notice
Both have SSL installed, https://www.example.com is wordpress site.
what should i write to .htaccess ? i have several redirection same way, please help
Thanks
Since you are using WordPress which also relies on .htaccess rules I recommend using a “301 redirect” plugin. This will reduce the chances of a rule interfering the the functionality of your site.
If you are determined to hand code this, it is covered in our guide on setting up a permanent 301 redirect via .htaccess.
Thank you,
John-Paul
Thank you this post my website is working now.. i use this code
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
this one will replace all your links to https
So i have ssl on a .co domain name and i also have a http .com domain that redirects to the https .co domain, if someone should put the https infront the .com domain, it will give a security error, anyway to fix or adjust that?
Howard
The easiest way to fix this is to install an ssl for the .com domain.
Thank you,
John-Paul
Hi I want to remove the folder name from URL access. How to achieve that?
Hello Vinoth,
You would need to use a Rewrite rule. This will rewrite the URL so that they see only what you want them to see.
If you have any further questions or comments, please let us know.
Regards,
Arnel C.
Hello,
I have many pages that I would like to redirect to a new domain in a htts://www. version of my website. Could you please tell me the .htaccess code for each one of them?
conditions :
if https://www.example.co.uk/page1
or https://example.co.uk/page1
or https://www.example.co.uk/page1
or https://example.co.uk/page1
redirect (301) to
https://www.example.com/page1
—-Your reply with the code will be used many times, for each one of these pages (page1, page2, page3 etc)
Thanks in advance
Hello Andreas,
Thank you for contacting us. We do not provide custom solutions, but you should be able to accomplish this by adjusting the examples above.
Thank you,
John-Paul
How can I install it in a subdomain
Hello Daniel,
You simply need to add the subdomain into the URL in the rule. This is not an “installation”.
For example:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]
If you have any further questions or comments, please let us know.
Regards,
Arnel C.
brilliant!!! this the most simple solution I’ve seen. Any advice as to how search engines will look at this?
Wow! It works! YES… so easy, so simple. Thank you… Finally SSL without errors
Hi I too need a force SSL option on my website via .htaccess. What will I need to redirect all http pages/posts to their https counterparts using a 301 redirect? I would like to pass the “link juice” along to the https version so it isn’t lost. Thanks.
Google should not penalize you for using 301 redirects to redirect your traffic.
Here is a helpful link to the Google guide on how to Change page URLs with 301 redirects for more information.
Thank you,
John-Paul
Working prefect for my domain: jodyshop.com
Thank you
I installed SSL on my domain and changed http to https.now what my problem is if i want to view a page with https://mydomain.name/page.html it redirects to homepage.but https://mydomain.name/page.html means it shows correctly
Hello Akilan,
If your linkings are FORCING you to go to HTTPS, then HTTP may not be available. Make sure that your links are not forcing you to use HTTPS, then you should be able to use the non-HTTPS urls to access your site. Re-directs are found within the .htaccess file. Check this file to see if you have any re-directs/re-write rules that are affecting how you get to your HTTP URL.
If you have any further questions or comments, please let us know.
Regards,
Arnel C.
Please help me. After installing latest SSL in my website, i found out that old browsers can not access my website, though i have added this(RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] ) to force my site to https. So since because of that old browser issue, i want to make only my index.php page to beecome http so that i can notify my users to upgrade there browser before going to another page. please i need help.
You can redirect https to a specific folder you would like to secure, like “example.com/store” or “/secure”, following the final steps of the article above. Use the code from the last example.
Hey!
I used your code for my website ans when I open it in the browser it shows me: ERR_TOO_MANY_REDIRECTS
It is possible there are other .htaccess files that are affecting each other. I advise checking your Home directory.
If I use this in my .htaccess it tells me either that the page doesn’t work because it redirected me too many times or it gives me an internal server error
It’s possible the file may be conflicting with rules in another .htaccess file in the same directory or nested elsewhere.
Hello Joshua,
Thanks for the question about forcing the SSL on your other pages. You should first make sure to follow the tutorial above. You should also go to any links that reference your other pages and make sure that they are using HTTPS. The re-write rule above should work for any domain or subdomain that has been covered by the SSL certificate. However, if you intend to keep all of your pages to use SSL, then your page links should using the SSL link and not HTTP.
I hope this helps to answer your question, please let us know if you require any further assistance.
Regards,
Arnel C.
I have a blog installed in a subdirectory with no SSL.
In the root directory we have another WordPress installation which is membership based and has SSL.
Sometimes the blog switch over to HTTPS and the blog’s CSS goes missing.
Is there a way to reverse this, i.e. force the blog to display https:// instead of https:// ?
Thanks
Torkild
Hello Torkild,
You can use the last code provided in the tutorial above and change it to use HTTP instead of HTTPS.
If you have any further questions or comments, please let us know.
Regards,
Arnel C.
in first “example.com” you need to replace it with your full domain like this www.example.com in this way it worked for me.
this is my domain name
****.com
****.com/xf
and i removed the htaccess for ***.com
The code below should work fine:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
You can also try:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Be sure it is up at the top of your .htaccess file.
Kindest Regards,
Scott M
iam usin this code
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://mydomin.com/$1 [R,L]
and when i go to my domain this message appear
The domain.com page isn’t working
domain.com redirected you too many times.
can u help me on that please
What is your actual domain name?
Great tutorial.
Work perfect on website.
Hi, i want to force https for my subdomain, where do i need to place above code? it is in root or htaccess in subdomain folder? i have try both, but didn’t work. When i place this code my page cannot be open and dislay this
This site can’t be reached
www.XXX.com’s server DNS address could not be found.
Typically, you would put it in the document root of your subdomain.
Keep in mind if you are using a CMS (such as WordPress, Joomla, Drupal, etc.) that they also rely on .htaccess redirect rules, and we recommend changing the setting in the dashboard instead of forcing it directly in the .htaccess file.
Thank you,
John-Paul
You should change the code to R=301 so it becomes a 301 redirect. This will preserve people’s backlinks and rankings in google.
Hi
i have a problem with my 301 redirects. I have 1 going from non www to www and http to https. So far so good. If I go non https version of home page either www or non www it directs to https://www as it should. It go to the non https of a page it doesn’t redirect.
I advise commenting out other rules to see if they might be having an affect on the rewrite rules.
Hi, I want to redirect http to https only for home page not all other pages.Please advise me.
Thanks
Here is a link to an online post I found via search engine, where they discuss possible solutions.
Thank you,
John-Paul
Just installed SSl on my domain. To force all web traffic to use SSL, Where do i add this code:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
My current htaccess looks like like this...
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress
WordPress relies on .htaccess rules, which can cause issues when you add code directly to your .htaccess file as described in the guide above.
Since it seems you are using WordPress, you should enable HTTPS (SSL) in WordPress.
Thank you,
John-Paul
Hello John-Paul,
Thanks for that well thought out reply. Whynpadlock was very useful to test. Thank you. The TLS 1.2 I had requested this year, so be aware some of your reps don’t have perfect knowledge. Of course what this shows is that forcing into https does not alwasy work. At the end of the day you have to hard code all the links.
But I appreciate your reply which has improved my confidence in inmrtion hosting. Thank you.
This does not work. I have some pages that go to https and other that go to http. After hours with inmotion hosting they told me that I have to hard all my web pages, which is silly and I am confident is wrong. I mean why use this in that case? Maybe they should have qualified the statement that this will only work if you hard code it, whatever that means.
So I hard coded (meaning put https to all the links) some of the pages to test their theory and what they say does not work. I suspect the SSL has been badly configured by inmotion which make mistakes like the time i asked for TLS 1.2 and they said they do not offer it. But after pushing them for a while I discovered they do indeed offer it in upgraded server. This is why proper training and knowledge is important.
Hello Asela,
Thank you for contacting us. Sorry to hear you are having issues forcing https on your website. I first checked your SSL with an SSL Checker tool, and it is installed correctly. Since we now know the SSL is not badly configured, we can rule this out.
TLS 1.2 has been available on our shared servers since December 2015, it was available on VPS/Dedicated servers before since you have the ability to change your server settings. If you asked for TLS 1.2 on shared servers prior to December 2015, it may not have been available yet.
When I test your site, the example.com redirects to https://www.example.com, which seems to be correct. But, when I check the links in your site menu, many are pointing to http URL’s instead of https. For example:
Home, all of the products (such as Tea, Powder, etc.), all of the “Benefits” links, Blog, and Cart.
So, while it may force SSL on the main domain, these links seem to navigate visitors back to http (non SSL) pages.
Also, for a page to be secure, everything being called on the page must be from an https address. When I reviewed your site, many files are being called in insecurely. You can view these by reviewing your site on whynopadlock.com, which is a free tool.
If you suspect the redirect rules are not working, I recommend reviewing the other rules in the .htaccess file as one may be interfering. You can also troubleshoot the .htaccess by renaming it, for example to .htaccess.old
Thank you,
John-Paul
How would you exclude certain paths? Some Magento extensions do not work well with forced SSL in the admin area. Thanks in advance!
Hello Alex,
We don’t really have a tutorial about that ourselves, but you can find regular expression tutorials through search that discuss it. Here’s one that may help.
If you have any further questions, please let us know.
Kindest regards,
Arnel C.
Why not use Server Name parameter ? this way you can copy and paste it to all the website’s you need. Or even put it as a global rule for apache.
Over the past month I have installed five SSLs on five sites. And this htaccess code has not worked on one. Not one. (All are WordPress sites.)
I had to trouble shoot each site and each site had a different solution.
I don’t want to hashout what did and didn’t work here. I could really care less. (Really, it is too frustrating.)
But I DID FIND A WAY THAT SEEMS TO WORK FOR WordPress. I just installed a sixth SSL. Instead of all the plugin/htaccess mess I just went into phpmyadmin and changed the site URL and home URL from https://mysite.com to https://mysite.com.
This appears to have done the trick. Is there anything wrong with doing this?
Thanks.
Hello Steve,
The method you used is what was needed to enable SSLs for WordPress. We have a tutorial for WordPress HTTPS here. If you have any further questions, please let us know.
Kindest regards,
Arnel C.
As I just mentioned above…. this will solve all of your issues and automtically add www. if your domain is set up that way.
In your .htaccess, add:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Hello i have the following error https://www.*****.co.za ” when i place this code
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.isolarsolutions.co.za/$1 [R,L]
if i try to access my admin i get the error below
Not Found
The requested URL /wp-admin/ was not found on this server.
Apache Server at ******.co.za Port 443
The website is made from wordpress
Thanks
Since you are using WordPress (which relies on .htaccess rules), manually adding rules can cause issues.
Instead, I recommend forcing https in WordPress. This is covered in our full article How to Enable https (SSL) in WordPress.
Thank you,
John-Paul
Hello!
Thank you for that, quite simple.
But, if I try to access “domain.com/folder/page”, works perfectly. But if I try with the prefix “www.domain.com/folder/page”, my browser say it’s an insecure connection.
Would you have any hints on that?
Thank’s!
Hello Lucas,
Have you checked your pages source code to check what content is not being loaded via https://?
Best Regards,
TJ Edens
Please clear me that how your code is different from below code (Jake mentioned too). What are the implications of using your code and below code?
Thanks!
Our code is just one way to force the https. Glancing at the code you have, it appears it may do the same thing. You can use whichever one works best for you.
You may want to try a more generic code like the one below:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I see your site is a WordPress site. Did you set the Home and Site URLs to use HTTPS?
I have…wild card SSL
1. wildcard SSL for site xyz.com
2. hosted wordpress on subdomain abc.xyz.com
but when I enable https on wordpress abc.xyz.com from General Settings (dashboard) and access the https://abc.xyz.com it redirects to https://xyz.com
Could you please help
Thanks
Hi,
My website has minor problem only home page doesnt redirect to https but all other pages does redirects to https.
If I click on any other page and then go back to home page then it stays on https. can you please help.
below is the code in my .htaccess file
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)$ https://www.e-astrologer.com/$1 [L,R=301,NC]
RewriteBase /astro/
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /astro/index.php [L]
</IfModule>
# END WordPress
What about domains that don’t use “www”. Actually, I need ssl for both the “www” and the non-www versions of my site.
Should I add anything more to the code?
Hello Steve,
You should not have to add anything as long as your SSL is setup for the www version and non-www version.
Best Regards,
TJ Edens
Hi,
I want to redirect url without www to https://www using .htaccess or any. Please support me . It’ s urgent.
Thanks.
Hello Rajesh,
Thanks for the question about redirecting without using WWW in the URL. Your question is a little confusing because you use “www” in the HTTPS url that you indicate. However, you can use the tutorial above by simply changing the rewrite to rewrite to the https:// with no WWW in the URL. The condition for the change would indicate the WWW version of the URL.
I hope this helps to answer your question, please let us know if you require any further assistance.
Regards,
Arnel C.
Yes it did perfectly worked for me…. Thanks a lot …. I was after this solution for about two days….
This approach is better, automatically gets your URI:
===================================
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Hello faiz,
Thank you for contacting us. If you are using a CMS (such as WordPress, Joomla, Drupal, etc.) I recommend using a Plugin, or module to avoid conflicts.
Are you getting any error messages?
Best Regards,
John-Paul
Hi,
my host is Siteground and the it wrote me this code that write in htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.sergiopinna.it/$1 [R,L]
And it works perfect.
This is the coding I had in my .htaccess file:
##### RewriteEngine enabled – BEGIN
RewriteEngine On
##### RewriteEngine enabled – END
RewriteCond %{HTTP_HOST} ^mydomainname\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.mydomainname.com/$1 [R,L]
And this is what was displayed in the browser window:
“An error occurred during a connection to www.mydomainname.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG”
Of course I substituted mydomainname with the name of my domain.
Please advise.
Hello Jim,
The error message indicates that the redirect is working as it is an SSL error message. You will want to check the SSL itself to make sure it is a) setup at all and b) set up correctly.
Kindest Regards,
Scott M
when i add the above code the site going down .
thanks
Is there a way to force SSL on a single post in wordpress via the .htaccess codes above? Thanks!
Hello Joe,
Thank you for contacting us. Since you are using WordPress (which also relies on .htaccess rules), I recommend using a plugin instead of adding a .htaccess rule directly.
This is to avoid a rule interfering with the functionality of your website.
Thank you,
John-Paul
Thanks, nice somple howto.
Hi
I would like to interesting how can I set just 1 or 2 pages?
sample : xxx.com/cart and xxx.com/checkout
thank you
victor
Hello Victor,
Your SSL would still need to be for the domain, but then the code would be exactly the tutorial displays above for the folders:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]
If you have any further questions or comments, please let us know.
Regards,
Arnel C.