Forcing SSL for website visitors through .htaccess

This article explains on forcing SSL for all visitors through the .htaccess file.

If you are not with Arch, you will need a stable version of Apache running on your server or if you use cPanel on your server/host, you can directly edit the .htaccess file in your public_html/www (Web Root) directory. Once you follow the requirements, you can follow the below steps mentioned. (If you're with us, you can also follow the below steps!)

You can force all of your pages with SSL if you add this code in your .htaccess file (using mod_rewrite, for the curious geeks). Go to public_html/www (Web Root with 'Show Hidden Files (dotfile).' ticked) and search for .htaccess file. If it is there, edit it. If not, create a new file with the same name (.htaccess). If you think the file is hidden, re-open the file manager with the option to show hidden files.

Note: If there's already some other code in your .htaccess file, do not delete it. Add the code shown below at the very top of the .htaccess file.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$$1 [R,L]
Important: Make sure to change to your primary domain address!

That's it! Keep in mind, this only enforces 'https://' for all your site pages and does not grant you a valid SSL certificate. You need to have a dedicated SSL configured correctly (or through Cloudflare if you use it), or else this will not work as expected.

If you are using any Content Management Systems (CMS) like WordPress, Joomla, etc. then we highly recommend you not to follow aforementioned steps! Contact your CMS developer for the correct way on forcing SSL on all pages.

Was this answer helpful?

 Print this Article