This article about .htaccess has been improved and updated! Please view a more in depth article here.
Even with an SSL certificate your website will not automatically use the secure HTTPS (HyperText Transfer Protocol Secure), without the user accessing the website through the user either specifically requesting the HTTPS URL or by forcing all connections to utilise the secure protocol using a redirect, disallowing any HTTP connection.
Why should I force HTTPS?
HTTPS is a secure extension of HTTP. Together with SSL, it maintains privacy and data integrity across your website. The significance of HTTPS and SSL is well-documented. Popular browsers like Google Chrome and Mozilla Firefox will flag sites as untrustworthy or dangerous if these protocols aren't enabled.
If you are interested in learning more about different types of SSL certificates and their benefits then click here!
Force HTTPS using .htaccess
.htaccess is a dot file. These files are hidden by default. To view the .htaccess file, enable hidden or dot file viewing in your cPanel or FTP settings first.
- We will first need to create a .htaccess file if you don't already have one. Using a FTP client or cPanel create a new file called `.htaccess`
- You will need to enter the following code into the file
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]1]
- After you have added this text to your file you can save and close it.
- Visit your website using the http protocol to see if it redirects you onto the secure protocol.
If it doesn't work
Should you find that this doesn't work first please ensure that you have a valid and in date SSL certificate connected to your domain, you can get one here. If you do have a valid SSL certificate that has been setup correctly and HTTPS isn't working then contact out support team here.