If you have a general idea about Google and how it ranks websites in search results, you must have heard about SSL certificates. Google has been testing websites to evaluate whether they use SSL certificates or not. Those that don’t have HTTPS are dropped down in rankings and labelled as “Not secure.” In this post we will explain how to redirect HTTP to HTTPS so your site does not suffer this fate.
Let's assume you have your SSL certificate, what’s the next step? To apply this certificate in your website URL, you need to redirect HTTP to HTTPS to ensure optimum safety, accessibility and compliance.
Editing the .htaccess file for redirection
First of all, redirection from HTTP to HTTPS involves editing the .htaccess file. (If you know how to do this or have already done it, you can skip this step.)
Let's explain all the steps involved in editing the .htaccess file.
Within the .htaccess file, you have all the particular guidelines that tell the server how to react in various cases. Two key directives that you need to focus upon in a .htaccess file are respectively, Redirects and Rewriting URLs.
When it comes to editing .htaccess file, you can use multiple methods. Let us mention a few of them here:
- Do the editing of the file on a computer and then use FTP to upload the file to the server
- Use the Edit option within the FTP to access and edit the .htaccess file remotely
- Use a text editor for .htaccess file editing
- Another widely used method to edit the .htaccess file is to utilize the File Manager in cPanel
Make sure to set the proper permissions to the .htaccess file after uploading. For example, if the web server runs as user "www," an unprivileged user, you must make sure the file permissions are set such that any normal user can read it.
How to redirect HTTP to HTTPS in Apache?
Now let us guide you about redirecting HTTP to HTTPS in Apache. Here are the steps:
Step 1: Redirecting the traffic
With the code of the edited .htaccess you need to add the following lines:
RewriteEngine On
RewriteCond % 80
RewriteRule ^(.*)$ HTTPS://www.yourdomain.com/$1 [R,L]
Step 2: Redirecting a particular domain
To redirect a particular domain using HTTPS, you have to add the following lines:
RewriteEngine On
RewriteCond % ^yourdomain.com [NC]
RewriteCond % 80
RewriteRule ^(.*)$ HTTPS://www.yourdomain.com/$1 [R,L]
Step 3: Redirecting a particular folder
When you need to redirect HTTPS to a particular folder, just add the following lines.
RewriteEngine On
RewriteCond % 80
RewriteCond % folder
RewriteRule ^(.*)$ HTTPS://www.yourdomain.com/folder/$1 [R,L]
Remember that in all cases you need to replace the "yourdomain" with your actual domain name, and you need to replace /folder with the actual folder name.
How to redirect HTTP to HTTPS in Nginx?
Before carrying out HTTPS redirection in Nginx server, make a backup of crucial files like nginx.conf and default.conf file. Then follow these steps:
- Sign in to the Nginx server
- Just attach return 301 HTTPS://$server_name$request_uri within the directives of the server
- Save this edited file
Once you’ve done this, restart the Nginx server and it’s done.
HTTP redirection in CloudFlare
For all websites and web services using the CloudFlare platform for performance and security, redirecting HTTP to HTTPS is very easy.
CloudFare offers free SSL certificates for its users.
You can easily opt for redirection by following these key steps:
- Sign in to CloudFlare and choose the site for redirection
- Navigate to the respective Page Rules
- Now, tap on "Create Page Rule"
- Provide the URL
- Now, from the "Add a Setting" option, choose the "Always Use HTTPS" option
Lastly, just tap on "Save and Deploy" and you are done.
HTTPS redirection in cPanel
Using redirection in cPanel is equally easy and involves just a few steps. The only prerequisite for shared hosting users is that their hosting provider must provide SSL certificates and enable the certificates for the respective website.
Make sure your shared hosting provider offers cPanel and allows you to edit and modify the .htaccess file. Once you have this option, you can simply use the following code lines to edit the file and redirect to HTTPS. Here are the code lines you need to add:
RewriteEngine On
RewriteCond % off
RewriteRule (.*) HTTPS://%%
In case your .htaccess file already has the "RewriteEngine On,” the duplication of the file is not necessary.
HTTPS redirection in SUCURI servers
If you are using SUCURI servers, you already get a free SSL certificate with their WAF plan.
All you need to do for enabling this file is to navigate to the HTTPS/SSL tab. Here are the key steps:
- First of all, select "Full HTTPS" in SSL mode
- Then, select the "HTTPS only site" option in protocol redirection.
- Now, save this configuration
Within a few seconds, your site becomes accessible through HTTPS.
Final step for all options
After adding the SSL Certificate to your site, you should go back and edit your links on your pages to point to HTTPS:// version of your site. This will tell the search engines they should be indexing that version of your site.
In WordPress this can easily be done by updating the WordPress Address (URL) in General Settings.
Why get an SSL certificate?
If you are considering boosting the security of your website with SSL Certificate only now, you are taking the right step that benefits you in numerous ways in the long run. Some of the key reasons to opt for SSL certificates include the following:
- Securing the network connectivity through an SSL certificate will help you establish trust with your users and visitors.
- As Google and leading search engine algorithms are increasingly focusing on security ensured by SSL certificates, this will definitely have a positive impact on your search engine ranking.
- Over a period of time, a secure website with the least vulnerabilities and threats can actually save a lot of costs for fixing security issues.
There’s one more reason to have an SSL certificate on every site you manage: if your website has a form collecting information including email address, login information, credit cards you must use SSL on your website. Browsers will start blocking these fields if you are not using SSL.
Learn how to do HTTPs redirection
HTTPS redirection is something every website owner needs to adopt for security reasons and to get the best of search engine rankings. In the time to come, HTTPS protocol may occur as part of the hosting package with default redirection.
Editor's Note: This article was first published on Oct 21, 2019 and updated on Oct 2, 2024.