Without HTTPs active even with an installed certificate your site will not be correct secured using SSL/TLS. Therefore, its important that it is enabled.
Why should I force HTTPs on my site?
HTTPs is the secure version of HTTP. Alongside SSL it helps ensure that privacy and data integrity is maintained across your site.
The importance of both HTTPs and SSL is well documented. Browsers such as Google Chrome and Mozilla firefox will show sites as untrustworthy or dangerous if they are not active.
Force HTTPS with .htaccess
- To redirect your website to HTTPS. Enter the following to your .htaccess file.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- After you have added this text to your .htaccess file, save it.
- You can test if it was successful through entering the site url in your browser.
For example, in cPanel hidden files are enabled by clicking the settings cog.
Forcing HTTPs in cPanel
If you have cPanel you can choose to use the AutoSSL feature which will automatically install an SSL certificate and enable forced HTTPs.
- Firstly, login to your cPanel control panel, navigating to “SSL/TLS Status” in the Security section.
- From here you can select the domain you’d like to install an SSL on.
- Finally, Run AutoSSL sit back and relax whilst it runs.
- When it completes successfully the page will update with a success notification.
- cPanel will then request a certificate from the issuing authority.
- If successful, it will be visible in AutoSSL.
