How to force all traffic to HTTPS

After you’ve enabled SSL for your website, you’ll probably want to redirect all traffic on your website to the https version of your site. There are multiple ways to do that. Let’s compare some commonly used ways.

Using script configuration

Some scripts (including Wordpress) have a setting which allows you to set your website URL. By changing this URL from http://example.com to https://example.com, the script will probably redirect visitors to the https version of your site. Even if your script does not redirect people, it’s still highly recommended to check if your script has a setting for the URL because it will prevent other problems with links on your page.

Using .htaccess

Probably the most common way to force traffic to https is by redirecting requests using .htaccess. The .htaccess is a simple text file simply called ‘.htaccess’ which contains additional settings passed to the web server to support some more complicated functionality. If you are using a script created by other people (including CMS like Wordpress), you can probably find a .htaccess file already in the htdocs folder of your website. If you don’t have a .htaccess file yet, you can create a file using the File Manager with the file name .htaccess. Using the File Manager is recommended, some systems (especially Windows) don’t work well with .htaccess files.

After you’ve found or created your .htaccess file, you can edit it in the File Manager or using any text editor (like Notepad). You need to add the following lines to the file:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:CF-Visitor} !{"scheme":"https"}
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Using Cloudflare settings

If you’re using Cloudflare on your website, you can let Cloudflare enforce HTTPS for you. Simply login to Cloudflare’s website, go to the Crypto settings for your domain, and enable “Always use HTTPS”.

Final notes on forcing HTTPS

If your website doesn’t work anymore after applying any of these settings, there are a few common issues you should check for.

If your website does not display any content at all or shows a 500 - Internal Server Error and you’re using the .htaccess method, that means there is an error in your .htaccess file. Please make sure you copied the content exactly as shown above. If you’re sure it’s correct, you can try getting help in the forum. If you do, be sure to include the contents of your .htaccess file in the message.

If your website does show content but is missing styles, scripts or images, those files are probably linked to with http:// urls instead of https:// urls. Most browsers block requests to http:// content on https:// pages for security reasons. Check your script settings (if applicable) or update your pages to ensure only https:// urls are used on the page.

4 Likes
How to make your website use HTTPS (SSL)
How to get Free SSL (HTTPS) on InfinityFree
SSL not working on chrome mobile
Ssl lock not showing before url
Why do I have two different models with my website?
HTTP to HTTPS automatically
I've bought and uploaded my SSL certificate, but my website is still "not unsecured"
SSL Issue
The website is different than in my preview ie the code is not expected to behave like this
Ssl certificate / site insecure
Why is the title not showing in https
Connection Not Private Error frequently while valid SSL certificate
Need Some Privacy info
Colocar ssl
I'm Back
.htaccess Error please help! [ERROR 404]
How do I redirect my domain tomy HTTPS domain?
Unable to install wordpress , stuck at 95%
Unable to make https work for subdomain
SSL certificate installation
Redirect from Http to Https doesn't work
My website shows SSL errors
Self signed cerificate issue
Mixed content
Please help - Problem Enabling https
My cloudflare is not working
SSL verschlüsselung und Dateien über 10 MB.
Force https
Ssl error help!
Flashed message during SSL install
SSL Certificate
Ssl error help!
Custom Error Pages does not support HTTPS
My website didn't redirect http to https
Removing old http to use https
Domain not resolving to https
SSL installation from InfinityFree
Several ssl certificate no https website not working free hosting
SSL NET::ERR_CERT_AUTHORITY_INVALID error
SSL not ready yet
Frustrating with the SSL issue
Ssl
Why can't some browsers load my website?
Https
HTTP to HTTPS (And redirection to other website)
I installed SSL on my Site. when I open it on my Android phone it opens on "http". Please help me
I installed SSL on my Site. when I open it on my Android phone it opens on "http". Please help me
Ssl error
Please help - Problem Enabling https
Mywebsite.gq have ssl but mywebsite.gq/blabla not have ssl
Mywebsite.gq have ssl but mywebsite.gq/blabla not have ssl
I`m not able to login through wp-admin, but my website is
I’m abdulhadi i have a problem i am add certificate on my website but when i open mmy website its op
A site doesn't work with new ssl certificate with new https address
Unable to enter the website after installing the SSL plugin
Why is my website only secure when the url has a trailing slash?
Dns_probe_finished_nxdomain
I've bought and uploaded my SSL certificate, but my website is still "not unsecured"
Why can't I add ca_bundle in infinityfree
"Your Key and Certificate directories are not properly protected"
Url Shortener Redirects to 404 page
Certificado ssl
Certificate verify failed
"Not Secure" with SSL
WordPress error when saving: "There was an error. You are probably offline."
The certificate you have entered does not match the current private key
Ssl certificate / site insecure
Connection Not Private Error frequently while valid SSL certificate
My website is unsafe without typing https:// in the address bar
SSL certificate issue
SSL certificate issue

A post was split to a new topic: Https