Yogesh Chauhan's Blog

How to force your website to load securely with an .htaccess file?

in Miscellaneous on March 14, 2021

Most hosting providers such as Dreamhost automatically redirects the visitors to https URL after you install the free SSL certificate.

The ‘S’ at the end of HTTPS ensures to your users that their connection is secure and encrypted.

For example

  • https://yogeshchauhan.com

Most of the time you really don’t need to do anything to make the switch from HTTP to HTTPS once you’re done installing the SSL certificate. Most hosting providers will take care of it. But in some. cases, we need to force the website to use HTTPS instead of HTTP. We can add custom configurations to force the website redirect from unsecure HTTP to the secure HTTPS.

One way to do is using .htaccess file for apache servers.

Where is the .htaccess file located?

The .htaccess file should be located in your site’s root directory.

If you’re using FTP or SFTP to load the files from your website to your local machine then sometimes you might not see the .htaccess file as it might be hidden. You need to change your hosting settings to make it visible.

How to force the domain to use HTTPS for any website?

Here is the code that you can add to .htaccess file. It will force the domain to load the HTTPS version. For e.g. if the domain is yogeshchauhan.com then it will load https://yogeshchauhan.com instead of https://yogeshchauhan.com


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

NOTE: If that code doesn’t work, make sure you have every single line from the snippet above. Copy-paste from the browser to the .htaccess file sometimes doesn’t work properly.

How to force the domain to use HTTPS for a WordPress website?

Even if you have SSL certificate installed on your WordPress website domain, it’s possible to load your website using unsecured connection. So, it’s wise to force users to load the secure domain.

There are few plugins available to do so. They may or may not change your .htaccess file. If you want to just add the code below, it will force your website to load the secured version.

General HTTPS redirect code for .htaccess file

Force an HTTPS URL without WordPress default .htaccess code


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Force an HTTPS URL with WordPress default .htaccess code


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Domain specific HTTPS redirect code for .htaccess file

Force an HTTPS URL without WordPress default .htaccess code

Change the domain name in the code to your domain name.


RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yogeshchauhan.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Force an HTTPS URL with WordPress default .htaccess code

Change the domain name in the code to your domain name.


RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yogeshchauhan.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress


Most Read

#1 How to add Read More Read Less Button using JavaScript? #2 How to check if radio button is checked or not using JavaScript? #3 Solution to the error “Visual Studio Code can’t be opened because Apple cannot check it for malicious software” #4 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #5 How to uninstall Cocoapods from the Mac OS? #6 PHP Login System using PDO Part 1: Create User Registration Page

Recently Posted

#Apr 8 JSON.stringify() in JavaScript #Apr 7 Middleware in NextJS #Jan 17 4 advanced ways to search Colleague #Jan 16 Colleague UI Basics: The Search Area #Jan 16 Colleague UI Basics: The Context Area #Jan 16 Colleague UI Basics: Accessing the user interface
You might also like these
What are Modules and Components in Angular?AngularHow to check if a link has http or https in it in JavaScript?JavaScriptSome EASY-to-Understand CSS media query examplesCSSJavaScript: how to detect a browser using the user agent?JavaScriptHow to use @if and @else in SCSS?SCSSHow to find the HCF or GCD and LCM of two given numbers using Swift?Swift