How To Force SSL with .htaccess

Today in this tutorial we learn how to force ssl using .htaccess with. After installing an SSL certificate, your website is available over HTTP and HTTPS. However, it’s better to use only the latter because it encrypts and secures your website’s data. You can force an HTTPS connection on your website by adding these rules in your website’s .htaccess file.

Force HTTPS Using .htaccess on All Traffic

One of the many functions you can perform via .htaccess is the 301 redirects, which permanently redirects an old URL to a new one. You can activate the feature to force HTTPS on all incoming traffic by following these steps:

    1. Go to File Manager in your hosting panel and open .htaccess inside the public_html folder.
    2. Scroll down to find RewriteEngine On and insert the following lines of code below it:
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    3. Save the changes.

Force HTTPS Using .htaccess

IMPORTANT: Make sure that the line RewriteEngine On is not repeated twice. In case the line already exists, simply copy the rest of the code without it.

Force HTTPS Using .htaccess on a Specific Domain

Let’s say that you have two domains: and Both domains access the same website, but you only want the first one to be redirected to the HTTPS version. In this case, you need to use the following code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace yourdomain1 with the actual domain you’re trying to force HTTPS on.

Force HTTPS Using .htaccess on a Specific Folder

The .htaccess file can also be used to force HTTPS on specific folders. However, the file should be placed in the folder that will have the HTTPS connection.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to change the folder references to the actual directory names.

After making the changes, clear your browser’s cache and try to connect to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version.


Congratulations! you have successfully edited your .htaccess file and redirected all HTTP traffic to HTTPS, the safe version of your website.

If you have any tips, tricks, or suggestions that you want to share, we are looking forward to seeing them in the comments!

We hope that this article helped you. Feel free to leave a comment below if you have something to add  You may also want to bookmark our guide on  Complete WordPress tutorial

Boost your Carrier to Next Level: How to How to Become a WordPress Developer in 2020 – A Complete Guide

Leave a Comment