You have developed your website, purchased the domain name and a hosting service.
You uploaded your website files unto the server via ftp or some other means, you visited your domain name with your browser and everything works fine.
Congratulations!!!
You are already jubilating that your website is now live, then you got a call from a close friend that you sent your website link to. They informed you about the warning they got while visiting your website:
Your connection to this site is not secure
and you’re like “But I had installed and activated an SSL certificate for my domain, what could be wrong?”
One thing to note after installing an SSL certificate for a domain is that, the website files are ready to be served over HTTP and HTTPS.
However, it’s better to use only HTTPS because it encrypts and secures your website’s data.
So, How do you force your website data to be served via HTTPS?
One of the solutions is to force HTTPS on all your website traffic via your website’s .htaccess file, such that when a user visits your website, it automatically redirects from HTTP to HTTPS.
How do we do that?
Follow these simple steps below;
- Log in to your hosting account, (I will be using cPanel as an example)
- Click on File Manager
3. Inside the website directory in the public_html folder in your File Manager, try and locate .htaccess file.
Jump to step 6 if you can find the file or you think it is hidden, but If you can’t find it, it is possible that it does not exist, this means you will have to create the file, follow the next step to create it.
4. To create a File or Folder in your File Manager, click the File or Folder text at the top left corner.
5. You will see a pop up, enter the New File Name of the file you are creating and in our case it is .htaccess.
Confirm the directory and click on Create New File.
6. In case you have created the file, or the file is in existence but you could not find it in the directory, it is possible that it is hidden, to unhide all hidden files, at the top right corner of the File Manager, Click Settings.
7. Tick the “Show Hidden Files (dotfiles)” and click “Save”
8. After this, you should be able to see your .htaccess file in your directory.
9. To edit the file, right click on the file, and click “Edit” from the options
10. You will get a pop-up screen, click on “Edit” and this will open a new tab where you can input some texts (codes) into the file.
11. If you have an existing .htaccess, it is possible that your file is not empty, there might be some texts inside of it, Scroll down to find RewriteEngine On and insert the following lines of code below it:
12. Save the changes.
13. Revisit and reload your website in your browser and you’d see that you now have your website secure. Hurray!!!
Please, make sure that the line “RewriteEngine On” does not appear twice in that file. In case the line already exists, simply copy the rest of the code in Step 11 leaving behind the “RewriteEngine On”.
Another question you might have is “What if I have more than one domain and both domains access the same website and I want to force HTTPS only on one of the domains?”
Let’s say that you have more than one domain; http://myfirstdomain.com and http://myseconddomain.com. but you only want the first domain to be redirected to the HTTPS version. In this case, you need to use the following code:
Your connection to this site is not secure
NB: be sure to replace myfirstdomain.com with the domain name you’re trying to force HTTPS on.
Your next question might be “What if I just want to force HTTPS on some specific folders, how do I do that?”
Well, that is not difficult, you can use the .htaccess file to force https on some specific folders, let’s assume the name of the folders are “folder1, folder2, folder3”, you just have to make sure the file is in the same folder that will have the HTTPS connection.
Your connection to this site is not secure
Once you are done making the changes, save the file and reload your website to see the changes and you will notice that all HTTP traffic are redirected to HTTPS.
Incase you can see any changes, try and clear your browser cache or Click down on “CTRL” key on your keyboard, then click on reload, this will request for fresh files from your server.
I hope this helps.
Feel free to drop your comments.