Whether you’re running your site on shared infrastructure, a virtual machine or a dedicated server ,installing an SSL certificate enables both HTTP and HTTPS access. Only HTTPS encrypts the data exchanged between the server and your visitors. To ensure full security and SEO compliance, you should enforce HTTPS site-wide using .htaccess.

 Prerequisites

Before proceeding, make sure:

  • Your domain is properly connected to your hosting
  • An SSL certificate is already installed and working

To test this, open https://yourdomain.com. If you see a secure lock icon in the browser — you’re good to go.

 Redirect HTTP to HTTPS via .htaccess

Add the following code to the top of your .htaccess file, located in the root folder of your site (usually /public_html):

RewriteEngine On  
RewriteCond %{HTTPS} off  
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

What this does:

  • RewriteEngine On — enables the rewrite engine
  • RewriteCond %{HTTPS} off — checks if HTTPS is off
  • RewriteRule — redirects all traffic to the HTTPS version, preserving path and query parameters
  • 301 — permanent redirect for SEO benefit

Troubleshooting

If the redirect doesn’t work:

  • Ensure .htaccess is enabled in your Apache config
  • Check that mod_rewrite is enabled on your server
  • Make sure no conflicting redirects exist lower in the file

Test Your HTTPS Redirect

After saving the changes:

  • Visit http://yourdomain.com
  • You should be redirected to https://yourdomain.com

Notes for WordPress Users

If you’re using WordPress, forcing HTTPS in .htaccess is not always enough. Update the WordPress Address (URL) and Site Address (URL) under:

Settings → General → change both to https://yourdomain.com.

Also, consider a plugin like Really Simple SSL for automatic handling of mixed content.

Summary

Forcing HTTPS with .htaccess is a simple but crucial step to securing your site. It protects data, builds user trust, and supports your SEO efforts. If you’re using shared hosting, VPS, or a dedicated server — the .htaccess method is universal and effective.