HTTP To HTTPS Using htaccess – How To Do A 301 Redirect

Having an SSL certificate is crucial in today’s time. All websites should be served over a secured connection. We live in times where data security is the talk of the day and one must strive to ensure that it is not breached. In this post, we’ll look into what steps one needs to take to do a 301 redirect – i.e. redirect http to https using htaccess file.

We won’t go into the details as to why having an SSL certificate is so important. In this post, we’ll stick to the question we get asked frequently i.e. how to redirect http to https using htaccess file.

Redirect HTTP to HTTPS using htaccess file

Here are the simple steps you need to take to do a 301 redirect http to https using htaccess file, so let’s get started:

1. We’re assuming that you have already installed an SSL certificate on your website. If you have not, then most of the respectable web hosting providers offer a free SSL certificate and also install it for you. Take a look at our pick of the top 10 web hosting providers who will offer great features at affordable pricing (along with free SSL certificate too).

2. Once the SSL certificate is installed, you will need to insert a small snippet of code in your .htaccess file. Don’t feel overwhelmed – we know that feeling, we have been there! We will walk you through the entire process step by step.

3. For the purpose of this blog post, we will use cPanel as an example as we think that is what the majority of the people use currently.

Log in to your cPanel account and locate the section that says ‘Files’. It will look something like this:

Files Section

Then click on the ‘File Manager’ to open it.

It will open the public_html folder

Locate a file called .htaccess (the files are sequenced alphabetically so it should be easy to find) and click edit.

Edit .htaccess file, How to edit .htaccess file, How to edit htaccess file

It may throw a pop-up warning you if you really want to edit the file:

Htaccess Edit 1

Click on 'Edit' and affirm.

4. Once the .htaccess file is open, it should look something like the following:

Htaccess File

5. Insert the following code at the top of the .htaccess file (choose one from below) :

a) If your website has ‘www’ in its URL (such as – http://www.yourwebsite.com), then use the following code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

b) If your website has a naked URL – which means that it does not have ‘www’ in the URL (such as – http://yourwebsite.com), then use the following snippet of code:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*) http://%1/$1 [R=301,L]

RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

6) The above codes will work usually for almost all the cases, however at times, some web hosting companies have their own codes. For instance, if you are using FastComet or SiteGround, you can do the following:

If you’re using FastComet, they provide you with their version of the code that goes in the .htaccess file. The code provided by them is the following:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]

Simply replace ‘domain.com’ in the code above, with your domain name (keeping the https as it is).

If you’re using SiteGround, you only need to turn on a switch which will take care of injecting the code (so you don’t have to worry about messing up the file at all – hurray!) This is how it looks like:

SiteGround htaccess file

7) Once you have this small snippet of code inserted in the .htaccess file, log in to your WordPress dashboard. Go to Settings, then click on ‘General’. Change the WordPress Address (URL) and Site Address (URL) from http to https version. See the image below:

301 Redirect HTTP to HTTPS - WP URL

8) Next, install a plugin called ‘Better Search Replace’ by Delicious Brain (find the link below).

Link: https://wordpress.org/plugins/better-search-replace/

Once activated, search for your website’s name with http and then replace it with the https. So for instance, it will look like this:

Better Search Replace

Keep in mind that you should only change the http to https – do not add or remove ‘www’ from the URL as you could end up losing all your SEO efforts and see a marked decline in site’s traffic. So, if your website was http://www.yourwebsite.com just change it to https://www.yourwebsite.com

Then, click on the Run Search/Replace button and it will replace all instances of your website using the http protocol with the https protocol in the database.

9) You could perchance run into an instance wherein some files (especially media files like images) are still being served over the http protocol. If so, your browser will display this warning:

Your connection to this site is not fully secure

Your connection to this site is not secure warning

This is known as the mixed content problem – wherein some contents are served over https and some over plain http. So your website is still trying its best to be completely secured but in your site’s source code there could be some images or CSS files or Javascript that are using the http link. If you see this warning message, head over to https://www.whynopadlock.com/

Type in your website URL and click on Test Page.

Why No Padlock

It will list down all the reason why your website is not able to serve fully on the https protocol. It will display all the possible files/images that are still served over http. Once you know which images those are, simply delete them from the WordPress backend and re-upload them. That should do the job just fine!

10) Next, do the usual – that is, updating URL from http to https in Google Analytics and Google Search Console.

Login to your Google Search Console, and create a brand new profile for your HTTPS website (besides the HTTP ones). Also re-submit your sitemap so that the webmasters are made aware of the change in the links and have them indexed.

11) Lastly go to your analytics account, whichever one you are using and update the required links there. We’ll just use Google Analytics here, as an example.

Login to your Google Analytics account and click on Admin in the bottom-left corner.

GA Admin

Once the admin window opens, we need to make changes to the URL at two places. One is in the 'Property Settings' and the other in the 'View Settings'.

GA Properties

Then click on ‘Property Settings’ and change the ‘Default URL’ to HTTPS.

GAProperty Setting

Once this is done, head over to the ‘View Settings’ and change the ‘Website’s URL’ to HTTPS.

GAView Settings

12) Really Simple SSL Plugin

Really Simple SSL

If you’re still getting cold feet about opening the .htaccess file and possibly messing it up, you can accomplish most of the steps mentioned above by using a plugin from the WordPress repository. It’s called Really Simple SSL by Rogier Lankhorst, and will help you accomplish a 301 redirect from http to https. It is a very popular plugin with close to 2 million installs and great ratings as well.

All you need to do is to install the plugin and it’ll do the work for you, such as:

a) Changing your WordPress Address URL and Site Address URL to HTTPS
b) Fixing any mixed content issue that are being served over HTTP to HTTPS.
c) Changing all incoming HTTP requests to HTTPS

Keep in mind though that unlike the previous manual method that we looked at, the plugin will not change anything in the database.

That's it folks! That's all there is to do a 301 redirect from http to https using htaccess file. Happy redirecting!

Liked what you read? Share and show some love!

Get in touch with us today.

Speak your heart out.

We're all on an adventure!

2nd Floor, Building No. 150, Z. M. Street, Mumbai - 400 009, India.

+91-9167664243

Web design

Web development

WordPress development

SEO services

Ecommerce SEO services

Local SEO services

Social media marketing

Digital marketing

Internet marketing

Pay per click (PPC)

Content writing

Mobile app development

Website SEO Audit

Blog

About Us

Contact

Refer and Earn

Privacy Policy

Scroll to Top