Forcing HTTPS on your website

by Peter WM
October 11, 2018

In my last post I mentioned the importance of forcing HTTPS if you’re using it on your website. (Which you absolutely should be.)

You don’t want visitors seeing the non-secure version of the site anyway, but from an SEO perspective Google doesn’t love it when they can see both either – they’ll interpret it as two different sites with the exact same content.

As long as your site is running on an Apache server (and most do) then you can edit the .htaccess file – this is the hidden file at the top level of your website that has specific instructions for how the server should load things.

To force HTTPS, just stick this at the top of it:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

And that’s it.

Or if you’re running a WordPress website you just want to stick this in that same file somewhere:

# Rewrite HTTP to HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]

And just one more quick tip to make it even easier to force HTTPS on a WordPress site; as long as you use the normal permalink structure (domain/postname) then just replace the WordPress code in the .htaccess file with this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# Rewrite HTTP to HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
# END WordPress

That will take care of the permalinks and forcing HTTPS.

force https htaccess apache wordpress - Forcing HTTPS on your website

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

SEO expert, web developer & designer, all-round nice guy, and ravenous information devourer.