How to force SSL redirection within the .htaccess file

This FAQ will walk you through how to force visitors of your website to an SSL/encrypted connection of httpS instead of http without the S.

CAUTION 1 : Be sure to backup your website before making changes to your .htaccess file.  Please know that making a mistake in the .htaccess file can completely break your website.

CAUTION 2 : If you have a WordPress website, it is important to first modify your WordPress settings to point to the SSL/httpS connection. Otherwise you may cause an infinite loop of bouncing back and forth between secure and non-secure and the page will fail to load.

Now, to modify your .htaccess file to force redirection to SSL.

First, get yourself logged in to cPanel by following these instructions.

Once logged in to cPanel, click on the File Manager icon under the Files section.

File Manager

You may be prompted to choose the website that you’re going to be working with.  Be certain to choose the correct website, and also be sure to check the box that says “Show Hidden Files (dosfiles)”. Then click the Go button.

Host Pond Web Hosting show hidden files

Please note that if you’re not presented with the above opportunity to show the hidden files, you may need to click the “Settings” link in the upper right hand corner to locate the checkbox for showing hidden files.  See the 4 steps below to show the hidden files, and then to select the public_html as the current folder.

File Manage Show Hidden Files

Next, locate and select the .htaccess file in the document root, and then click the Code Editor icon in the toolbar. If you do not find the .htaccess file, you may need to click the “New File” icon to create the file. If you do create it, make sure you put it in the correct folder, and make sure you have the DOT before it, as in .htaccess.

Host Pond Web Hosting code editor click

If you receive the following pop-up warning, you can probably just click through by clicking edit. This warning is to remind you about having a good backup before proceeding forward.

Code Editor Backup Warning

Next, you’ll want to insert the three important redirect lines at the top of the file, and then save it.  Here those lines are as text so that you can copy and paste them. MAKE SURE YOU RENAME THE “techdruid.com” part and make sure that it reflects your website name PRECISELY. If you had the WWW. present in your WordPress settings, make sure you have them present here too to avoid any endless redirect loops.

CAUTION 3 : If you have multiple websites hosted under a single account, be sure to read past this next step before saving these changes.  You could end up breaking other websites.  You may need to use more specific/detailed code to avoid redirecting all of the websites.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^techdruid\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://techdruid.com/$1 [R,L]

 

htaccess code editing for redirect to https

That should be it in terms of forcing redirection to the secure URL for your website.

FOLLOWUP TO CAUTION 3 : Please note that if you have multiple websites, you may need to limit the redirection to a single website, or you may need to redirect multiple websites under the same account.  Here is an example of a redirect for the www.pdxwebsite.com, and NO other websites.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.pdxwebsite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.pdxwebsite.com/$1 [R,L]

The above will redirect anyone coming to www.pdxwebsite.com to the secure connection of https://www.pdxwebsite.com.  However, if you have additional websites, such as techdruid.com in my case, or a sub-domain such as demo.pdxwebsite.com, the above redirect would not effect visitors to that secondary website. You would need to add the same lines above a second time, replacing pdxwebsite with techdruid to cause the second website to also redirect properly.  Here is a full example that would redirect two different websites hosted under the same account. Note the exclusion of “www” in the techdruid entries. This is entirely depending on how your websites are configured whether you include that www or not. As I don’t use the www on my techdruid.com website, I have excluded it from the .htaccess file.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.pdxwebsite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.pdxwebsite.com/$1 [R,L]
RewriteEngine On
RewriteCond %{HTTP_HOST} ^techdruid\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://techdruid.com/$1 [R,L]