How to Force HTTPS Using .htaccess

htaccess force https

By now, you are well aware of the importance of using SSL certificates and the penalties you can incur for not having one. You have conducted thorough research and have chosen an SSL certificate suitable for your needs. But somehow, your website still reads ‘HTTP’. Why is that? No need to panic. It is easily solvable. Usually, you already have the tools needed to solve most challenges you will encounter in website development. And today, you will learn how to force .htaccess to get your website to switch over to HTTPS.

What Is Forcing HTTPS

When you install an SSL certificate, you will need to create 301 redirects to transfer your link equity. But more importantly, this process also tells your servers where to look for the improved site. Usually, it is a smooth process but sometimes can require manual input.

The process of manually telling your server to use ‘HTTPS’ instead of ‘HTTP’ is called forcing. And you can use .htaccess to force ‘HTTPS’.

Locating .htaccess

Follow the steps below to locate your .htaccess to force ‘HTTPS’:

  1. Open ‘File Manager’ in cPanel
  2. Locate and open the ‘public_html’ folder
  3. Select .htaccess, and press ‘Edit’ located in the toolbar at top OR by right-clicking and selecting ‘Open
  • You may receive a prompt here; respond according to your preferences.

You are now in your .htaccess file.

If the file cannot be found in ‘public_html’, it is hidden (as it usually is). To reveal it:

  1. Click ‘Settings’ within ‘File Manager’ (usually located top right of screen)
  2. Check the option marked ‘Show Hidden Files (dotfiles)
  3. Click ‘Save

All files that were previously hidden, should now be showing.

Still, there will be times when you may need to create an .htaccess file. To do this, use a text editor, such as NotePad, to enter the lines of codes you will learn below. Save the file to your ‘public_html’ folder.

Using .htaccess to force ‘HTTPS’

Now that the .htaccess file is open, you will need to enter some lines of code telling the server what to do.

STOP! Before making any permanent changes to your website, backup your files and even your website to guard against irreversible or inadvertent errors.

1. Forcing .htaccess across all traffic:

  1. Locate the line of code that says ‘RewriteEngine On’
  2. In the next line, enter the following lines of code:
RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ HTTPS://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  1. Save your changes

You have now successfully used .htaccess to force ‘HTTPS’ to load each time your website is opened.

2. Forcing .htaccess for a specific domain:

If you have multiple domains, but only wish to use .htaccess to force ‘HTTPS’ on one (, enter the following lines of code beneath ‘RewriteEngine On’

Option 1:

RewriteCond %{HTTP_HOST} ^ [NC]

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ HTTPS://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


Option 2:

RewriteCond %{HTTP_HOST} ^specificdomain\.com [NC]

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ HTTPS://$1 [R,L]

Port 80 refers to packets being transmitted using HTTP, while port 443 is used for HTTPS. Knowing this, you can see that line two of both options are saying the same thing: do not use HTTPS for other domains.

Therefore, a combination is possible creating a third option:

RewriteCond %{HTTP_HOST} ^example\.com [NC]

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ HTTPS://$1 [R=301,L]




3. Forcing .htaccess for a specific folder:

In the event you want to .htaccess to force ‘HTTPS’ on a folder, there are two things to bear in mind:

  • Ensure your .htaccess file is included in the folder to get the HTTPS connection
  • The following lines of code are to be entered below ‘RewriteEngine On’

Option 1

RewriteCond %{HTTPS} off

RewriteRule ^(folder1|folder2) HTTPS://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Option 2

RewriteCond %{SERVER_PORT} 80

RewriteCond %{REQUEST_URI} nameoffolder

RewriteRule ^(.*)$ HTTPS://$1 [R,L]

STOP! It is important to remember to insert the actual names of your website and folders where appropriate for these lines of code to be successful.

Next Steps

To ensure that your changes are being reflected as desired, clear your browser cache to force your computer to load the website from the source. You should now be seeing the ‘HTTPS’ in your address bar.

Another test you can carry out is to enter the full URL into the address bar, including ‘HTTP’. If the website loads using ‘HTTPS’ instead, you will know that your changes were successful.


You try to do everything correctly as a responsible website developer. You carefully chose your website host, installed an SSL certificate when building your website and keep ahead of trends to earn you top SEO rankings. However, sometimes things go differently from the way we plant them.

As we proved today, not only do you usually already have the tools, but, there are simple solutions to problems that can seem overwhelming. For example, your website refusing to switch over to HTTPS after installing the SSL certificate. If this happens again, you will know how to use .htaccess to force ‘HTTPS’.