Need Help?

We’re a full-service agency building websites, apps and delivering great marketing campaigns! We donate our profits back to the community through some super projects including our own STEM education centre.

Sturminster Newton, Dorset
(+44) 01258 808577
help@dorset.tech
web design dorset

How to force your website to use https and SSL

You may have noticed that most website addresses start with https these days.

This means that the site has an SSL certificate or Secure Sockets Layer, which means that data sent from the website and back again is encrypted and can’t be tampered with. You’re probably used to seeing this sort of thing when doing online banking or shopping on the web.

So, aside from actually getting an SSL for your domain, which you definitely should if you haven’t already, if only from an SEO point of view, what else should you do?

Well, unless your hosting company is very kind and sets this up for you, you’ll need to ensure that you force your website to always load securely via https. How to do this will vary by hosting company, but the principle is the same.

You’ll need to edit your websites .htaccess file.

This file contains rules for how pages are delivered from your website to the browser of the person looking at it. It should usually be in your website’s main directory. Note that the file is called .htaccess and not htaccess.

How to edit your .htaccess file

You usually access this file via FTP client – there are loads of options for both PCs & Macs, for example, Transmit for the Mac and Filezilla for the PC. If you’re unsure of how to use your FTP client, reach out to your hosting company or a friendly geek.

One quick tip, though – ensure that ‘show hidden files’ is turned on, otherwise, you’ll be unable to see .htaccess to edit it.

Next job is to edit it & again, this will vary by host but in my case, I can right-click on the file and select edit.

You’ll want to force any request to load http://www.mywebsite.co.uk to load the https://www.mywebsite.co.uk version. By doing this, you also force directly linked assets (like images) to load over https. So, what do you need to change?

The code to achieve this is:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] 

Save the file and upload it back to your server and test it. This should do the trick, but if not, then chances are you’ve got an issue with line endings, especially if you have cut and pasted. As soon as you’ve pasted into the text editor you’re using, get rid of existing line breaks and put them back in using the return key – don’t forget to resave and upload the file again.

WordPress and HTTPS

WordPress can also be made to force https, even if an http address is used. The first method is exactly the same as that used above but there’s a word of caution. If your .htaccess file already contains some default WordPress code, enter the following above or below that code. Never enter code inside of the comment tags that start and end with:

# BEGIN WordPress
# END WordPress

The second way to do this is to put the following in your .htaccess file:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L,NE]

Where example.com is changed to your domain name.

We’d suggest placing the code before the #BEGIN WordPress, so your .htaccess file (with standard WordPress code looks at bit like this:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L,NE]
# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

If you managed to follow this brief overview, then you should consistently see https on your website, even if your visitor typed in http. Google and your visitors (especially if they’re purchasing from you) will love you for it.

We’re always happy to help our lovely customers if you have any questions or comments about this article, let us know.

Dorset Tech Support

No Comments

Post a Comment