How To Force HTTPS On Your Website

Mar 9, 2020

Skystra automatically installs an SSL certificate on your website for free once you sign up to our services.

But even after a valid SSL certificate is activated, your website is still available on both HTTP (non-encrypted) and HTTPS (encrypted).

Best practice is to redirect all your site traffic to the  HTTPS version as it encrypts and secures your visitors’ data while they are on your website.

In this article, we’ll show you how it’s done!

.htaccess SSL Redirects

Most redirects can be set up manually by using the .htaccess file.

To access/edit the .htaccess file, log in to your cPanel control panel. Click here for instructions on how to get to cPanel. Then click on the File Manager icon under the Files section.

Show Hidden Files

Once the File Manager interface is loaded, click on the Settings button in the top-right corner, and ensure that the Show Hidden Files (dotfiles) option is enabled:

Once you’ve enabled Hidden Files, you’ll be able to see the .htaccess file in the File Manager and edit it using the Edit button in the top toolbar.

All Traffic to HTTPS

To force all traffic to go to HTTPS, add the following rules to your .htaccess file:

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Note: Make sure that you only have one RewriteEngine On line in your entire .htaccess file, and that it’s not repeated. If it already exists in the file, copy the rest of the code and paste it beneath.

HTTPS on a Specific Domain

If you have two domains that load the same website, but you want to force SSL only on a specific domain, use these rules:

RewriteEngine On  
RewriteCond %{HTTP_HOST} ^ [NC]  
RewriteCond %{HTTPS} off  
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace with the actual domain name.

HTTPS on a Particular Folder

You can force SSL on a specific folder, but make sure to edit the rules in the .htaccess file in that particular folder.

RewriteEngine On  
RewriteCond %{HTTPS} off  
RewriteRule ^(folder1|folder2) 
https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace folder 1 and 2 references with the specific folder names.

WordPress SSL Redirect

You can use the same .htaccess rules in the .htaccess file if you run your website on WordPress, but we recommend using a plugin to handle this automatically for you.

Really Simple SSL

Here are the steps:


Login to your WordPress Dashboard and head to the Plugins > Add New option. In the search bar in the top-right corner, input Really Simple SSL, and click on the Install Now button:


Once the plugin is installed, click on the Activate button to activate it:


Head to the Settings > SSL section and click on the Go ahead, activate SSL! button:

If you see any issues with mixed content on your website (showing both HTTP and HTTPS URLs), go to the Settings tab of the plugin configuration screen, and enable the Use alternative method to fix mixed content option:

If you use a caching plugin on your website, make sure to purge all cache first before testing your site again.

That’s it!