Currently, it has become a required guideline to make your website use a secure connection. There are two ways to do this for your existing website. You can either do this using a WordPress plugin or use .htaccess to force an HTTPS connection.
Usually, an HTTP connection is highly insecure and can make your website vulnerable to attacks. Therefore, it is important to use an HTTPS connection.
Why do You need an HTTPS Connection?
An HTTPS connection is the secure version of an HTTP connection. Usually, data is sent to an HTTP website in a clear text format. Thus, this makes it highly vulnerable to online attacks by hackers and crackers.
As a result, the information can easily be intercepted by such attackers. This information can be edited and tampered for their own personal gains. This is why most websites are required to run through an HTTPS connection.
Let us now discuss where you can find .htaccess to force HTTPS on your website.
How to Locate .htaccess File?
Usually, the .htaccess file is located on the website’s main folder. Therefore, you can access it using an FTP client. There are many FTP clients to choose from. In addition, you can use the one provided by WordPress as well.
You can easily locate your website’s root folder by following the steps below.
- Login to your WordPress admin page. Here, find and go to the ‘Manage Domains’ sections.
- Next, you will see an option for Edit under Web Hosting. This is located on the current page’s right side. Just click on it.
- Here, you will see your website’s directory.
- Open an FTP client and go to this directory. Make sure that you’ve allowed the client to see hidden files.
- You will find the .htaccess file in this directory.
How to Force HTTPS with .htaccess
For this, you will need a text editor. You can use a plain notepad as well. This is needed to edit .htaccess to force HTTPS connection on your website. There are different lines of code depending on which page you want to load with HTTPS.
However, we will focus on forcing HTTPS on your whole website. This will be easier and more secure for you. Furthermore, you can do this in a number of ways. You can try either one of the following options.
Option 1
- Open .htaccess file with a text editor. Next, add the following lines at the beginning of the file.
- RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301, NE]
- Save this file and exit the text editor.
Option 2
- Likewise, open the .htaccess file with your preferred text editor. Similarly, you need to add the following lines as before.
- RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R=301,L,NE]
- Here, ‘yourwebsite’ will be replaced with the domain name of your site.
- Close the text editor after saving your changes.
Option 3
- Similarly, open .htaccess file using a text editor and enter the following.
- RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- Again, save your changes and exit the file.
Redirect Old Path to the Current One
Furthermore, you may need to redirect old HTTP connection requests to the current HTTPS one. Thus, you need to add the following lines after the above lines.
- RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourwebsite\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
This will make sure that your users will be redirected to an HTTPS connection when they try to enter the HTTP site. You can simply copy and paste these files to minimize errors.
Do not forget to replace ‘yourwebsite.com’ with your actual domain name.
Conclusion
In summary, you should now be able to use the .htaccess file to force HTTPS connection on your website. You may need to clear your cache if it doesn’t seem to be working. In addition, you can use plugins like Really Simple SSL to automatically do it for you.
However, such plugins may be buggy and cause other errors. Therefore, you should always try to manually use .htaccess to force an HTTPS connection.
