How To Force HTTPS With Your .htaccess File

It is becoming increasingly important to have an SSL certificate installed on your website. Browsers such as Chrome and Safari are actively marking sites without an SSL certificate as “insecure” and Google now considers HTTPS a ranking factor in their algorithm.

But just having an SSL certificate installed won’t automatically apply the benefits of an SSL certificate to your site. Unless your traffic is being redirected to the HTTPS URL of your site, users can still view your site without HTTPS. If you have an established site, it’s highly likely you’ve already got plain HTTP URLs indexed by search engines or linked to from other sites.

While some servers or content management systems may have settings to force HTTPS, if your site is running on an Apache server the best way to force HTTPS is to add a redirect to your .htaccess file. Simply copy the below code into your .htaccess file, making sure to place it above any other rules in the file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
view raw htaccess.txt hosted with ❤ by GitHub

On some environments however, this will cause a redirect loop. If that happens, try using the code below instead.

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
view raw htaccess2.txt hosted with ❤ by GitHub

Did you find this post useful?