From time to time we are asked how you can force your website visitors to view your website over https. For example, if a visitor access http://domain.com, you can force them to https://domain.com so that they are always using the SSL certificate.

Please note, if you use the Premium Website Builder to create your site, please see our article on How to Force your Premium Website Builder site to use SSL.

The following instructions gives you code to add to an .htaccess file. If your .htaccess file has existing code, then you shoud place the following code examples above the existing code of your .htaccess file so that the newly added code is executed first.

How to force your visitors to use your Shared SSL Certificate

To force your visitors to use your Shared SSL certificate:

  1. log into your cPanel and access the redirects section
  2. Set Type to Permanent (301)
  3. Next to http://(www.)? choose the domain name you are working with
  4. Next to redirects to, enter your website's url using the Shared SSL Certificate
  5. We recommend having Redirect with or without www. selected, so that the user will be forced to use SSL whether they use domain.com or www.domain.com
  6. Ensure Wild Card Redirect is selected
  7. Click Add

When testing, we were redirecting whhsupport.com to https://secure21.webhostinghub.com/~whhsup5/

You can see below how the rewrite was setup before we clicked "Add"

force_https_cpanel

When you save this redirect, cPanel actually sets up the redirect by editing your .htaccess file. You don't need to do anything further from here (other than test). If you were actually looking for the .htaccess code to perform this type of redirect, cPanel added the following code to the .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^whhsupport.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.whhsupport.com$
RewriteRule ^(.*)$ "https\:\/\/secure21\.webhostinghub\.com\/\~whhsup5\/$1" [R=301,L]

How to force your visitors to use your Dedicated SSL certificate

If you try to setup a Dedicated SSL redirect using the same steps above, cPanel will fail with an error message, similar to:

Redirecting to https://www.whhsupport.com/ will cause a redirection loop because 'http://whhsupport.com/'

which is located at /home/whhsup5/public_html/

is above 'https://www.whhsupport.com/'

which is located at /home/whhsup5/public_html/

The following changes to the .htaccess file will require that you make use of the edit options available within the cPanel. You will need to edit the .htaccess file to force the re-direct. Depending on your situation, you may need to re-direct all website traffic, only a specific domain, or a folder to use HTTPS.

Forcing a specific domain to use HTTPS

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^abcd\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.xyz.com/$1 [R,L]

In the .htaccess code above, if abcd.com website is accessed, it will re-direct to https://xyz.com You will need to replace abcd\.com with the domain name you're forcing to https and also replace www.xyz.com with the domain name to where the website traffic will be re-directed. Here's an example:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^test-site\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.some-website.com/$1 [R,L]

In the example above, any one typing in http://test-site.com will automatically be re-directed to https://some-website.com.

Forcing all website traffic to use HTTPS

In order to force all web traffic to use HTTPS, use the following code in your .htaccess file. If you are hosting multiple websites on your account, it is possible to have an .htaccess file for each website. Make sure that you are editing the .htaccess file that is in the root folder where you want the re-direct to occur.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Be sure to replace www.yourdomain.com with your actual domain name.

Forcing SSL on a specific folder

If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yourdomain.com/folder with your actual domain name and folder you want to force the SSL on.

If you need further assistance please feel free to ask a question on our support center website.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Comments

n/a Points
2014-03-22 11:51 am

I tried the redirect as above but instead it make the site not visible at all with too many redirects. I need to figure out how to change in the htaccess file. Are you able to help me? I know nothing about this. Please help?

Staff
10,412 Points
2014-03-24 9:55 am
Hello Sabrina,

If you are getting a redirect error, most likely your existing .htaccess file has a rule that is interfering with the redirect you are adding.

There may be another way to accomplish this within your CMS; for example with a plugin. What CMS are you using? Wordpress, joomla, Concrete5?

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul
n/a Points
2014-03-24 2:25 pm

Thank you so much. I am using Wordpress and have compared the htaccess file from the not working site to a properly working site and they are the same. I don''t know enough to go beyond that.

Staff
14,508 Points
2014-03-24 2:49 pm
Hello Sabrina,

Thanks for the question. If you are trying to use a shared SSL with WordPress, you can find a published article on this issue here.

WordPress is URL-centric in that it uses the URL that you designated during installation and generates the links that a user will see BASED on that URL. So, the main problem with using a shared SSL is that it is totally dissimilar from your original URL. There is a plugin that resolves this issue: Wordpress HTTPS. It's free and is the solution we recommend for you, since it makes it much easier to manage. Make sure to review the plugin page for notes and troubleshooting information should you run into any problems.

NOTE: This plugin will also work with normal SSL links.

I hope this solves the problem for you! Please let us know if you require any further assistance!

Regards,
Arnel C.
Staff
3,713 Points
2014-03-24 3:20 pm
Hello Sabrina,

When using WordPress, if you want to have the entire site secured over HTTPS then you would just want to login to your WordPress dashboard, then under the Settings > General section you'd want to change your WordPress Address (URL) and Site Address (URL) to begin with https://.

Another alternative you have if you didn't want to secure the entire site, would be using a plugin like WordPress HTTPS to only protect certain pages.

Please let us know if you're still having any issues.

- Jacob
n/a Points
2014-03-24 3:44 pm

It is not a shared ssl. It is a multi site ssl. I checked the general settings and it is set to https://www.luxuriouslashesbillings.com

Staff
14,238 Points
2014-03-24 5:23 pm
Hello Sabrina,

I am seeing the site fine with the https however there is a warning regarding the SSL stating there are portions of the site that are insecure. This typically means there are hardcoded URLs in the code somewhere that are using http:. In checking the code on your site the only issue I saw was with the CSS. The background image is defined as http://.

This can be found by entering your domain name at www.whynopadlock.com

You can correct the issue by using a plugin such as the WordPress HTTPS. Alternatively, you can edit the CSS file itslef in your theme editor and remove the http: portion there. That way it will use whichever protocol is being called at the time (http: or https:)

Kindest Regards,
Scott M
n/a Points
2014-07-17 8:13 am

Hello, I wonder how can I change all http access to https,  I using wordpress, when I change my .htaccess, I can't access my websites,  the error says that too many redirect, hope to get a answer.

Staff
2,342 Points
2014-07-17 2:08 pm
This would not work in WordPress due to the internal redirection that happens there. There, is, however, a plugin that you can use to force SSL within WordPress at the following:

WordPress HTTPS (SSL)
n/a Points
2014-12-07 10:09 am

Use the above plugin HTTPS for wordpress as suggested by JeffMA. My friend Mike is the author of that plugin. I really believe Mike knows more about developing for Wordpress that Mullenweg does himself.

n/a Points
2014-12-10 1:26 pm

does this work for subdomains as well

Staff
14,508 Points
2014-12-10 2:00 pm
Hello Ian,

Thanks for the question. Yes it does. You would simply need to change the URL to include the subdomain.

I hope this helps to answer your question, please let us know if you require any further assistance.

Regards,
Arnel C.
n/a Points
2014-12-10 2:21 pm

so it would only put the subdomain into https not the main domain ?

Staff
14,238 Points
2014-12-10 3:15 pm
Hello Ian,
The SSL only works for the domains that it is assigned to along with any subfolders. For instance an SSL set for example.com would work for example.com/store but not for store.example.com. Subdomains are considered part of the domain name, so subdomain.example.com would not be valid for example.com

Kindest Regards,
Scott M
n/a Points
2015-01-07 6:16 pm

Anyone here have tried forcing http to https in volusion store?

We contacted the support and they said that SSL cert is working on our site. But when I checked I found out that SSL only works if you start clicking product item below but if you first arrive in http, ssl would not work to https causing it lot of duplicate URLs on both http and https version of our site. I've search for a solution but haven't yet try.

Staff
14,508 Points
2015-01-07 6:54 pm
Hello John,

Thanks for the question and sorry for the problem with the website. Forcing HTTPS is typically something that is enforced through the .htaccess file. When someone goes to your site the server receives the request for a page, then the rule in .htaccess re-writes the URL so that it uses HTTPS instead of HTTP. This is described in the article above. That being said, Volusion is a third party ecommerce software and they also have their own hosting solution. If you're having problems with SSL, you will want contact their technical support to see why you are unable to force HTTPS whenever someone goes to your website. We unfortunately can't change it for you, but their support services should be able to aid with that issue as SSL usage is a very common issue with ecommerce.

I hope this helps to answer your question, please let us know if you require any further assistance.

Kindest regards,
Arnel C.
n/a Points
2015-01-07 7:45 pm

I believe .htaccess won't work on our server since we are using IIS 6 windows server. We already contact our support but still no feedback from them until now. Do you think using file name web.config or httpRedirect.htm will work for windows II6 Server? Have you ever tried it before.

Staff
14,508 Points
2015-01-07 9:00 pm
Hello John,

We do not use IIS servers here - everything is Linux based. We work with .htaccess here all the time, so we are familiar with how it works. You would not be re-directing, but re-WRITING the URL so that it is using HTTPS. You will need to speak with your web host technical support for further assistance on that issue.

Regards,
Arnel C.
n/a Points
2015-01-21 9:42 am

I am trying to get my Worpress site to hand off certain pages I wish to be using SSL, as I do not want the entire site to be using SSL.  I think I have narrowed down my issue to the .htaccess file.  However I am not able to get the URL: for www.littleangeloliveoil.com/my-account to load with SSL.  Below I have shown my .htaccess file, can someone direct me in telling me what I have wrong.# BEGIN .HTACCESS WordPress<IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteRule ^index\.php$ - [L]RewriteCond %{SERVER_PORT} 80#RewriteCond %{REQUEST_URI} my-accountRewriteRule ^(.*)$ https:///www.littleangeloliveoil.com/myaccount/$1 [R,L]#RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</IfModule># END .HTACCESS WordPressThank you,Kevin P.

Staff
14,508 Points
2015-01-21 10:17 am
Hello Kevin,

Sorry for the problem for the re-write. Since you posted the .htaccess in your comment without formatting it, the problem is that we can't really tell if the rule was written correctly (format wise). Here's an example what it could like:


#Force non-www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com/subdomain [NC]
RewriteRule ^(.*)$ https://www.example.com/subdomain/$1 [L,R=301]


If you are a customer with Web Hosting Hub, then please provide us more information on the account and we can look more closely at it. If you're not a customer and you require further assistance, then please provide the .htaccess with the line breaks so that we can tell if the .htaccess entries are correct.

If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2015-01-21 11:24 am

Thank you so much for responding.  I thought the .htaccess file formatted properly, but I now see it did not.  If you could please look at the following URL as an example of the current .htaccess file that I am using.http://www.littleangeloliveoil.com/htacccess-exmple.txt Thank you again,Kevin P.

Staff
14,508 Points
2015-01-21 11:55 am
Hi Kevin,

Thanks for providing the .htaccess info! The issue is probably the ORDER of your .htaccess rules. Try putting the rule at the top. Make sure to add "RewriteEngine On" above the rule. Also, the comment "#force non-WWW:" - I forgot to change that. It's just a comment, but you might want to change it to say something like "#Force HTTPS on URL. Remember that the [L] option after the rule basically tells the Apache server to not process any further rules if that one is used. So, if you require the other .htaccess rules (such as the main one for WordPress), then you might need to consider other methods for this to work. For example, check out this WordPress plugin for using SSL. It allows you to specify that only certain pages use SSL (according to its documentation).

I hope this helps to clarify the issue! If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2015-01-21 11:49 am

Is this something I can contract your company to fix for me?  As we would like to get this working, and so far we arent able to figure out the issue.Thank you,Kevin P.

Staff
14,508 Points
2015-01-21 11:57 am
Hello Kevin,

Just saw this reply after researching and thinking about your issue. We generally don't really provide code (we're not programmers and we don't provide that kind of service), but we will provide solutions or at least point in the direction of a good solution when we can find one. Hopefully, my answer above helps resolve the issue for you, though.

Sincerely,
Arnel C.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.