From time to time we are asked how you can force your website visitors to view your website over https. For example, if a visitor access http://domain.com, you can force them to https://domain.com so that they are always using the SSL certificate.

Please note, if you use the Premium Website Builder to create your site, please see our article on How to Force your Premium Website Builder site to use SSL.

How to force your visitors to use your Shared SSL Certificate

To force your visitors to use your Shared SSL certificate:

  1. log into your cPanel and access the redirects section
  2. Set Type to Permanent (301)
  3. Next to http://(www.)? choose the domain name you are working with
  4. Next to redirects to, enter your website's url using the Shared SSL Certificate
  5. We recommend having Redirect with or without www. selected, so that the user will be forced to use SSL whether they use domain.com or www.domain.com
  6. Ensure Wild Card Redirect is selected
  7. Click Add

When testing, we were redirecting whhsupport.com to https://secure21.webhostinghub.com/~whhsup5/

You can see below how the rewrite was setup before we clicked "Add"

force_https_cpanel

When you save this redirect, cPanel actually sets up the redirect by editing your .htaccess file. You don't need to do anything further from here (other than test). If you were actually looking for the .htaccess code to perform this type of redirect, cPanel added the following code to the .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^whhsupport.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.whhsupport.com$
RewriteRule ^(.*)$ "https\:\/\/secure21\.webhostinghub\.com\/\~whhsup5\/$1" [R=301,L]

How to force your visitors to use your Dedicated SSL certificate

If you try to setup a Dedicated SSL redirect using the same steps above, cPanel will fail with an error message, similar to:

Redirecting to https://www.whhsupport.com/ will cause a redirection loop because 'http://whhsupport.com/'

which is located at /home/whhsup5/public_html/

is above 'https://www.whhsupport.com/'

which is located at /home/whhsup5/public_html/

Because of this, we'll need to edit the .htaccess file manually. Using File Manager (or your editor of choice), edit public_html/.htaccess and add the following code:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]

Be sure to replace www.domain.com with your actual domain name. For example, if your domain name is whhsupport.com and you want to force redirection to https://www.whhsupport.com

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.whhsupport.com/$1 [R,L]
Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Help Center:
Email Address
Optional, but our team may contact you for more information.
Did you find this article helpful?

Comments

n/a Points
2014-03-22 11:51 am

I tried the redirect as above but instead it make the site not visible at all with too many redirects. I need to figure out how to change in the htaccess file. Are you able to help me? I know nothing about this. Please help?

7,075 Points
2014-03-24 9:55 am
Hello Sabrina,

If you are getting a redirect error, most likely your existing .htaccess file has a rule that is interfering with the redirect you are adding.

There may be another way to accomplish this within your CMS; for example with a plugin. What CMS are you using? Wordpress, joomla, Concrete5?

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul
n/a Points
2014-03-24 2:25 pm

Thank you so much. I am using Wordpress and have compared the htaccess file from the not working site to a properly working site and they are the same. I don''t know enough to go beyond that.

9,313 Points
2014-03-24 2:49 pm
arnelc
Staff
Hello Sabrina,

Thanks for the question. If you are trying to use a shared SSL with WordPress, you can find a published article on this issue here.

WordPress is URL-centric in that it uses the URL that you designated during installation and generates the links that a user will see BASED on that URL. So, the main problem with using a shared SSL is that it is totally dissimilar from your original URL. There is a plugin that resolves this issue: Wordpress HTTPS. It's free and is the solution we recommend for you, since it makes it much easier to manage. Make sure to review the plugin page for notes and troubleshooting information should you run into any problems.

NOTE: This plugin will also work with normal SSL links.

I hope this solves the problem for you! Please let us know if you require any further assistance!

Regards,
Arnel C.
2,247 Points
2014-03-24 3:20 pm
JacobN
Staff
Hello Sabrina,

When using WordPress, if you want to have the entire site secured over HTTPS then you would just want to login to your WordPress dashboard, then under the Settings > General section you'd want to change your WordPress Address (URL) and Site Address (URL) to begin with https://.

Another alternative you have if you didn't want to secure the entire site, would be using a plugin like WordPress HTTPS to only protect certain pages.

Please let us know if you're still having any issues.

- Jacob
n/a Points
2014-03-24 3:44 pm

It is not a shared ssl. It is a multi site ssl. I checked the general settings and it is set to https://www.luxuriouslashesbillings.com

8,823 Points
2014-03-24 5:23 pm
ScottM
Staff
Hello Sabrina,

I am seeing the site fine with the https however there is a warning regarding the SSL stating there are portions of the site that are insecure. This typically means there are hardcoded URLs in the code somewhere that are using http:. In checking the code on your site the only issue I saw was with the CSS. The background image is defined as http://.

This can be found by entering your domain name at www.whynopadlock.com

You can correct the issue by using a plugin such as the WordPress HTTPS. Alternatively, you can edit the CSS file itslef in your theme editor and remove the http: portion there. That way it will use whichever protocol is being called at the time (http: or https:)

Kindest Regards,
Scott M

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

Update to SSL Certificates - Certificate Warnings
1969-12-31 11:00 am EST
Hits: 628
What is the Heartbleed bug?
1969-12-31 11:00 am EST
Hits: 255

Related Questions

Here are a few questions related to this article that our customers have asked:
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.