Forcing SSL on a website

From Arch Hosting Wiki
Jump to: navigation, search

If you have a valid SSL certificate, you may want to force your website to always run with SSL (https:// instead of http://)

There are a few ways you can do this, but the easiest way is by using your .htaccess file.

Perform the following steps:

  • Log in to your cPanel
  • Open the File Manager, and enable hidden files (click the "Settings" button in the uppermost top right corner in your File Manager)
  • Visit the folder that contains your website, usually this will be /public_html. If you've installed your website into a specific folder, like /wp, then visit that folder. For example, /public_html/wp/
  • Open the .htaccess file for editing. If this file does not exist, create it and open it for editing. Make sure it is spelled exactly: ".htaccess" (no quotations)


Then, add the following code to your .htaccess file.   

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R,L]

Note: If there's already some other code in your .htaccess file, do not delete it. Add the code shown below at the very top of the .htaccess file, and leave some blank lines between this code and the existing code.  

Note: You will want to change "www.mydomain" to your actual website domain - don't let it literally say "mydomain". You do not need to include the "www" part, that's only if you want your website to have the "www." prefix. For example, you could write "https://mydomain.com". 


That's it! Keep in mind, this only enforces 'https://' for all your site pages and does not grant you a valid SSL certificate. You need to have a signed SSL certificate configured correctly, or your website will show a security error. Arch Hosting offers free SSL certificates, and you can learn more by visiting the SSL certificate wiki page.

Wordpress: 1 Extra Step

If you are using a content-management system (like Wordpress), it is highly recommended that you make one more additional change. You will want to log in to your Wordpress (or other CMS) admin area, and visit your website settings and change your website's URL to include the "https://". For example, on default non-SSL configurations it will say "http://mydomain.com" - you will want to update that and add the "s" after "http". This will ensure that all files (images, style sheets, etc.) are also loaded over SSL.