How to Force HTTPS using .htaccess

Updated: Author: David W Reading Time: 3 minutes

Need to redirect http:// traffic to https:// to force a secure connection? If you have access to a web hosting service that uses .htaccess files, you can add a snippet to the top of the file to redirect insecure traffic to a secure connection.

Here are our recommended steps for forcing the https:// protocol for all website traffic, parked domains, or a specific folder.

Force HTTPS for all website traffic

Here are the steps to forcing all website traffic to be on a secure connection.

  1. Find and open your .htaccess file. This might be in /home/username/public_html or /var/www/html folder.
  2. Add the following code snippet to the top of the file, then save.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Now refresh your website. You should see http:// requests get forwarded to https:// right away.

Forcing HTTPS on parked domains

Here are the steps to forcing parked domains (also known as “aliases”) to use a secure connection.

  1. Find and open your .htaccess file. This might be in /home/username/public_html or /var/www/html folder.
  2. Add the following code snippet to the top of the file.
  3. Change “yourdomain2.com” to be your parked domain, then save.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain2.com [NC]RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Forcing HTTPS on specific folders

Here are the steps to forcing a secure connection on a specific folder. This is common for legacy websites that only work on http://, but have a sensitive landing page within a directory.

  1. Find and open your .htaccess file. This might be in /home/username/public_html or /var/www/html folder.
  2. Add the following code snippet to the top of the file.
  3. Change “folder1|folder2|folder3” to be the names of your desired folder(s), then save.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Troubleshooting .htaccess Redirect Issues

If you’ve edited the .htaccess file properly, but the connection remains insecure, try clearing your browser cache, testing in a different browser, or checking from a different device.

If you’re still unable to force HTTPS, maybe check if you are using a service like Cloudflare or Sucuri that might have a separate cache to clear.

If all else continues to fail, open a support ticket with your web hosting company for assistance.

Disclaimer: WebCitz, LLC does not warrant or make any representations concerning the accuracy, likely results, or reliability of the information found on this page or on any web sites linked to from this page. This blog article was written by David W in his or her personal capacity. The opinion(s) expressed in this article are the author's own and may not reflect the opinion(s) of WebCitz, LLC.

Close

1981 Midway Road, Suite E
Menasha, WI 54952
Toll-Free: 800-796-8263

Copyright © 2004-2026 WebCitz, LLC. All Rights Reserved.