How to force HTTPS using the .htaccess file

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between our browser and the website that we are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between our browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.

Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect.

Sometimes it’s necessary to make sure our website’s visitors use the SSL encrypted connection. SSL (Secure Sockets Layer) is a standard technology behind establishing an encrypted connection between a web server (host) and a web browser (client). SSL is an industry standard and is used by millions of websites to protect their online transactions with their customers.

To enable https on your website you can use Free Let’s Encrypt SSL. Let’s Encrypt is a free, automated, and open Certificate Authority. Now a days some hosting company also provide Free SSL.

Let’s say your hosting provider providing SSL and you have also enabled SSL in your website but browser is not redirecting http to https. For force https enable you just add the following two lines into your  .htaccess file. Make sure hidden files are showing in your public_html directory.

Code:
RewriteCond %{HTTPS} !^on$
RewriteRule (.*) https://yoursite.com/$1 [NC,R=301,L]

Let’s enjoy..

Continue Reading