Force SSL with htaccess

How to force SSL with .htaccess – Redirect Http to Https?

Google has made it mandatory that the websites must use HTTPS protocol so that the data communication taking place from client to server is properly encrypted and secured. Owning an SSL guarantees that the data transfer will be over a secured network and will offer you with the following benefits:

  • Making site highly secured
  • Safeguarding all the sub-domains
  • Gaining the trust of your customers
  • Boosts SEO (Search Engine Optimization)

Enforcing SSL using .htaccess

What is .htaccess?

It’s a configuration file that’s utilized on web servers executing the Apache Web Server software. The .htaccess files are made use of to modify the Apache web server’s configuration such as enabling or disabling its feature and functionality. When a request is placed to the server, it passes via .htaccess file. Apart from that .htaccess offers the following usage:

  • Authentication – using .htaccess files, security limitations for the concerned directory can be mentioned.
  • Error messages can be customized – pages showing server-side error like HTTP 404 (Not Found) can be tailored.
  • Lengthy and cumbersome site’s URL can be rewritten
  • Managing Cache – .htaccess controls user agent caching thus minimizing bandwidth and server load.

Does your website has the SSL (Secured Socket Layer) certificate? Well if no, then get your free Let’s Encrypt SSL Certificate at SeekaHost and if yes, then this article can guide you how you can make use of .htaccess to enforce https on your website. Since you are searching for forcing SSL, it must be clear to you that carrying out this process will ensure that the entire communication taking place between the web browser and the server is being encrypted. For a better understanding read about SSL Handshake, which gives your better knowledge of the communication between server and client.

Before you attempt to edit the .htaccess files, go for a backup in case things don’t work the expected way and your site gives problem while loading. You can either make use of FTP or cPanel for performing the above.

2 ways of forcing https with .htaccess

  1. Creating and editing on a local computer (using FTP)

In case you are editing an existing file, at first download the .htaccess file using FTP client and use any text editor to view it. If your .htaccess files are not visible you can refer the FTP documentation for showing hidden files.

  1. Creating and editing on Web Server (using cPanel)

Go to the cPanel and click File Manager. Go to settings option which will on the top right corner and tick the checkbox option “show hidden files” (if unchecked) and Save. Choose the appropriate directory where the .htaccess will be created or edited- In most of the cases, it will be under Public_html folder. For editing the existing .htaccess file, open the file and click edit. For creating a new .htaccess file, go to the option New File and save it with name .htaccess.

Depending on where your .htaccess file resides, whether in website’s root directory or subdirectory, add the following code in the .htaccess file to enforce https or SSL for the concerned site.

RewriteEngine On

RewriteCond %{HTTPS} off

Rewrite Rule ^( .*)$ https: //%{HTTP_HOST}%{REQUEST_URI} [L,R =301]

After appending the above code, save and close the .htaccess file. Verify the modifications made by opening the website.