hostgnome

How to force your website to load securely with HTTPS SSL

You are here:
< All Topics

First of all you will need to be able to edit your .htaccess file or create one. Follow this guide to get started https://www.hostgnome.com/guides/how-to-create-modify-htaccess/

 

After you have the file open and ready to be edited we have a few different options

 

Option #1 – This will work on any type of website

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

WordPress sites example:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

NOTE: Never put this code inside of the WordPress section

# BEGIN WordPress # END WordPress tags

Option #2

Be sure to replace example.com with your domain

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

WordPress sites example:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

You also have an option with WordPress to choose from various plugins that do this automatically for you. We recommend https://en-gb.wordpress.org/plugins/wp-force-ssl/

Table of Contents