YogeshChauhan.com

How to force your website to load securely with an .htaccess file?

March 14, 2021

Most hosting providers such as Dreamhost automatically redirects the visitors to https URL after you install the free SSL certificate.

📢 Sponsored 📢

Dreamhost provides great prices on hosting for different kinds of hosting such as Shared Hosting, VPS Hosting, Dedicated Hosting and DreamPress Hosting (specifically made for WordPress website owners).

The ‘S’ at the end of HTTPS ensures to your users that their connection is secure and encrypted.

For example

  • https://yogeshchauhan.com

Most of the time you really don’t need to do anything to make the switch from HTTP to HTTPS once you’re done installing the SSL certificate. Most hosting providers will take care of it. But in some. cases, we need to force the website to use HTTPS instead of HTTP. We can add custom configurations to force the website redirect from unsecure HTTP to the secure HTTPS.

One way to do is using .htaccess file for apache servers.

Where is the .htaccess file located?

The .htaccess file should be located in your site’s root directory.

If you’re using FTP or SFTP to load the files from your website to your local machine then sometimes you might not see the .htaccess file as it might be hidden. You need to change your hosting settings to make it visible.

How to force the domain to use HTTPS for any website?

Here is the code that you can add to .htaccess file. It will force the domain to load the HTTPS version. For e.g. if the domain is yogeshchauhan.com then it will load https://yogeshchauhan.com instead of https://yogeshchauhan.com


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

NOTE: If that code doesn’t work, make sure you have every single line from the snippet above. Copy-paste from the browser to the .htaccess file sometimes doesn’t work properly.

How to force the domain to use HTTPS for a WordPress website?

Even if you have SSL certificate installed on your WordPress website domain, it’s possible to load your website using unsecured connection. So, it’s wise to force users to load the secure domain.

There are few plugins available to do so. They may or may not change your .htaccess file. If you want to just add the code below, it will force your website to load the secured version.

General HTTPS redirect code for .htaccess file

Force an HTTPS URL without WordPress default .htaccess code


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Force an HTTPS URL with WordPress default .htaccess code


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Domain specific HTTPS redirect code for .htaccess file

Force an HTTPS URL without WordPress default .htaccess code

Change the domain name in the code to your domain name.


RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yogeshchauhan.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Force an HTTPS URL with WordPress default .htaccess code

Change the domain name in the code to your domain name.


RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yogeshchauhan.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

dreamhost

Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to uninstall Cocoapods from the Mac OS? #4 How to Use SQL MAX() Function with Dates? #5 How to add Read More Read Less Button using JavaScript? #6 PHP Login System using PDO Part 1: Create User Registration Page

Recently Posted

Apr 7 Solution for “Yarn build: Failed because of a stylelint error” Apr 7 Make sure your links have descriptive text Apr 7 How to add Laravel to WordPress using Sage theme (and install Tailwind CSS)? Apr 2 How to create a sidebar using pure CSS? Apr 1 How to switch dark and light themes using pure CSS? Apr 1 How to calculate elapsed time in JavaScript?

You might also like these

How to add a scroll back to top button using JavaScript and CSS?CSSHow to change value of a span tag using a reference from another div using jQuery?jQueryHow to replace HTML lists using CSS Counters?CSSValues and Types Basics in JavaScriptJavaScriptWordPress: How to access first and random row values from a repeater field in ACF?WordPressclip and clip-path properties in CSSCSS