YogeshChauhan . com

How to force your website to load securely with an .htaccess file?

in Misc on March 14, 2021

Most hosting providers such as Dreamhost automatically redirects the visitors to https URL after you install the free SSL certificate.

📢 Sponsored 📢

Dreamhost provides great prices on hosting for different kinds of hosting such as Shared Hosting, VPS Hosting, Dedicated Hosting and DreamPress Hosting (specifically made for WordPress website owners).

The ‘S’ at the end of HTTPS ensures to your users that their connection is secure and encrypted.

For example

  • https://yogeshchauhan.com

Most of the time you really don’t need to do anything to make the switch from HTTP to HTTPS once you’re done installing the SSL certificate. Most hosting providers will take care of it. But in some. cases, we need to force the website to use HTTPS instead of HTTP. We can add custom configurations to force the website redirect from unsecure HTTP to the secure HTTPS.

One way to do is using .htaccess file for apache servers.

Where is the .htaccess file located?

The .htaccess file should be located in your site’s root directory.

If you’re using FTP or SFTP to load the files from your website to your local machine then sometimes you might not see the .htaccess file as it might be hidden. You need to change your hosting settings to make it visible.

How to force the domain to use HTTPS for any website?

Here is the code that you can add to .htaccess file. It will force the domain to load the HTTPS version. For e.g. if the domain is yogeshchauhan.com then it will load https://yogeshchauhan.com instead of https://yogeshchauhan.com


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

NOTE: If that code doesn’t work, make sure you have every single line from the snippet above. Copy-paste from the browser to the .htaccess file sometimes doesn’t work properly.

How to force the domain to use HTTPS for a WordPress website?

Even if you have SSL certificate installed on your WordPress website domain, it’s possible to load your website using unsecured connection. So, it’s wise to force users to load the secure domain.

There are few plugins available to do so. They may or may not change your .htaccess file. If you want to just add the code below, it will force your website to load the secured version.

General HTTPS redirect code for .htaccess file

Force an HTTPS URL without WordPress default .htaccess code


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Force an HTTPS URL with WordPress default .htaccess code


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Domain specific HTTPS redirect code for .htaccess file

Force an HTTPS URL without WordPress default .htaccess code

Change the domain name in the code to your domain name.


RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yogeshchauhan.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Force an HTTPS URL with WordPress default .htaccess code

Change the domain name in the code to your domain name.


RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yogeshchauhan.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

amazon

Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to add Read More Read Less Button using JavaScript? #4 How to uninstall Cocoapods from the Mac OS? #5 How to Use SQL MAX() Function with Dates? #6 PHP Login System using PDO Part 1: Create User Registration Page

Recently Posted

Jun 16 What are Stored Procedures for SQL Server? Jun 16 What are Class Constants in PHP? Jun 15 A short basic guide on states in React Jun 15 How to define constants in PHP? Jun 15 How to define visibility for a property in PHP? Jun 15 How to use @if and @else in SCSS?

You might also like these

OOP, Class and Objects Strategies For Beginners (PHP)PHPHow to add a scroll back to top button using JavaScript and CSS?CSSHow to add a Line Chart in Angular App?AngularHow to apply style only to first child and/or only to children other than the first child?CSSHow to add Date and Time picker in HTML and get the values using JavaScript?HTMLHow to make WordPress main stylesheet (style.css)?WordPress