I’ve talked in the past the importance of SSL and how to get an SSL certificate for free. This is important for creating a secure connection between your website and those who use it, particularly when someone submits information or with E-commerce transactions. Once you HAVE that SSL certificate and your website has the ability to load the HTTPS iteration of the site, you want to make sure that all traffic goes to that HTTPS instance. Here is how to redirect HTTP to HTTPS once you’ve gotten your SSL certificate.
How to Redirect HTTP to HTTPS
You can’t control whether someone goes to the HTTP or HTTPS version of your site in some situations. Old links to your site may still point to the HTTP version. You also will have some people specifically typing in the HTTP version.
The easiest way to force someone to go to the HTTPS version is with a redirect, and the easiest way of how to redirect HTTP to HTTPS is using your site’s .htaccess file.
This is a file which instructs web browsers on how to open and engage with your website. Adding a simple line of code here will tell the web browser to automatically reload to the HTTPS instance of your site when someone goes to the HTTP.
Whether you use an FTP client locally or go through your host, locate the .htaccess file for your website.
It will be located in the root directory of your website. If you don’t see it, click the “Settings” icon in the top right and make sure the “Show Hidden Files” is ticked.
You should now see the .htaccess file. Click on this file and select “Edit”.
Go to the bottom of this file and paste in the following lines of code:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Replace “Example” with your website’s address (change the extension if your site is not a .com), and click “Save Changes” in the top right.
That’s all you have to do in how to redirect HTTP to HTTPS. You can test it now by trying to open the HTTP instance of your website. It should redirect you automatically to the secure version and you should see that coveted lock in the browser destination field.
This is important not just for security but for tracking purposes, as well. Now you don’t have to worry about your reports leaving out traffic to the HTTP version or checking two instances; everything should be funneled to the secure version of the URL.
Again, if you don’t have an SSL certificate for your website, grab one for free now as I detail in how to get an SSL certificate for free.
Congrats, all traffic is now being sent to the HTTPS version of your site!