Forcing HTTPS Using the .htaccess
Your website’s visitors should be accessing your site using an SSL-encrypted connection for added security, accessibility, or PCI compliance. If you’re unfamiliar with SSL, our article "[5 Key Reasons Why You Need SSL for Your Website](https://help.serverfreak.com/en/article/5-key-reasons-why-you-need-ssl-for-your-website-9xuhpm/)" ? will get you up to speed.
ServerFreak includes SSL for all Wordpress Hosting and cPanel Hosting packages. Please refer to this article to enable SSL.
Before proceeding, please make sure your site has https enabled.
NOTE: For WordPress sites, consider a SSL plugin such as Really Simple SSL instead.
To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website’s root folder.
NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website’s root folder:
NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
If this doesn’t work, try removing the first two lines.
Make sure to replace example.com with the domain name you’re trying force to https. Additionally, you need to replace www.example.com with your actual domain name.
If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder:
NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.
ServerFreak includes SSL for all Wordpress Hosting and cPanel Hosting packages. Please refer to this article to enable SSL.
Before proceeding, please make sure your site has https enabled.
# Forcing HTTPS with .htaccess
NOTE: For WordPress sites, consider a SSL plugin such as Really Simple SSL instead.
Redirect All Web Traffic
To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website’s root folder.
NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Redirect Only Specified Domain
To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website’s root folder:
NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]If this doesn’t work, try removing the first two lines.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]Make sure to replace example.com with the domain name you’re trying force to https. Additionally, you need to replace www.example.com with your actual domain name.
Redirect Specified Folder
If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder:
NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R=301,L]Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.
Updated on: 15/03/2020
Thank you!