Yogesh Chauhan's Blog

How to force your website to load securely with an .htaccess file?

in Miscellaneous on March 14, 2021

Most hosting providers such as Dreamhost automatically redirects the visitors to https URL after you install the free SSL certificate.

The ‘S’ at the end of HTTPS ensures to your users that their connection is secure and encrypted.

For example

  • https://yogeshchauhan.com

Most of the time you really don’t need to do anything to make the switch from HTTP to HTTPS once you’re done installing the SSL certificate. Most hosting providers will take care of it. But in some. cases, we need to force the website to use HTTPS instead of HTTP. We can add custom configurations to force the website redirect from unsecure HTTP to the secure HTTPS.

One way to do is using .htaccess file for apache servers.

Where is the .htaccess file located?

The .htaccess file should be located in your site’s root directory.

If you’re using FTP or SFTP to load the files from your website to your local machine then sometimes you might not see the .htaccess file as it might be hidden. You need to change your hosting settings to make it visible.

How to force the domain to use HTTPS for any website?

Here is the code that you can add to .htaccess file. It will force the domain to load the HTTPS version. For e.g. if the domain is yogeshchauhan.com then it will load https://yogeshchauhan.com instead of https://yogeshchauhan.com


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

NOTE: If that code doesn’t work, make sure you have every single line from the snippet above. Copy-paste from the browser to the .htaccess file sometimes doesn’t work properly.

How to force the domain to use HTTPS for a WordPress website?

Even if you have SSL certificate installed on your WordPress website domain, it’s possible to load your website using unsecured connection. So, it’s wise to force users to load the secure domain.

There are few plugins available to do so. They may or may not change your .htaccess file. If you want to just add the code below, it will force your website to load the secured version.

General HTTPS redirect code for .htaccess file

Force an HTTPS URL without WordPress default .htaccess code


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Force an HTTPS URL with WordPress default .htaccess code


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Domain specific HTTPS redirect code for .htaccess file

Force an HTTPS URL without WordPress default .htaccess code

Change the domain name in the code to your domain name.


RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yogeshchauhan.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Force an HTTPS URL with WordPress default .htaccess code

Change the domain name in the code to your domain name.


RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yogeshchauhan.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress


Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to add Read More Read Less Button using JavaScript? #4 How to uninstall Cocoapods from the Mac OS? #5 PHP Login System using PDO Part 1: Create User Registration Page #6 How to Use SQL MAX() Function with Dates?

Recently Posted

#Aug 15 Is PHP still good for back-end programming? #Aug 10 How to create a multisite network in WordPress? #Aug 3 How to create a circle that follows a cursor using JavaScript and CSS? #Aug 3 How to make a curtain slider using jQuery and CSS? #Aug 2 How to progressively load images and add a blurry placeholder? #Aug 1 How to create a placeholder loader (throbber) using CSS?
You might also like these
How to create a vertically rotating texts using CSS?CSSGive buttons accessible namesUI/UXWordPress: How to loop through a repeater field in ACF?WordPressLIKE and ILIKE Operators in PostgresPostgresHow to get recent posts in WordPress?WordPressWordPress: How to print ACF repeater field values?WordPress