How to Redirect HTTP to HTTPS in htaccess

1. How to Redirect HTTP to HTTPS in htaccess? Introduction: SSL stands for “Secure Sockets Layer.” The SSL certificate is a digital certificate necessary to validate your website’s identity and authenticity. SSL is a security protocol having the power to create and establish an encrypted connection between a web server and a web browser. As a standard practice, SSL must be installed on your website to safeguard and secure any sensitive data exchanged between the two systems. With SSL installed, you can keep cyber criminals at bay and prevent them from reading and modifying the transferred data. Why must I encrypt my website with an SSL certificate? Most website owners would have this question. You must install an SSL certificate if your site visitors are paramount to your business. Installing an SSL certificate will let the search engines know that your site establishes a secured connection when accessed. Hence, they will not mistake your website for scams or phishing. As a business owner, your company’s brand image, online reputation, and customers’ trust depend on the authenticity of your website. Web browsers often show unsecured connection warnings if your website doesn't have an SSL certificate. So it becomes extremely important to redirect your website from (unsecured) HTTP to (secured) HTTPS. If you also have plans to migrate your website to HTTPS, this blog is for you. Also Read: How To Upload Website Files and Database Using cPanel What is HTTPS?

2. Let’s begin by understanding HTTP before knowing HTTPS. HTTP stands for Hypertext Transfer Protocol which is the base of the World Wide Web (WWW). HTTP is an application layer protocol that transfers information between the server and the client machines. Unfortunately, HTTP is not a secure protocol that can establish a safe connection between the client and the server. So the experts developed a secured version of HTTP and named it HTTPS - Hypertext Transfer Protocol Secure. HTTPS is the primary protocol for exchanging information between a web browser (client) and a website (server). HTTPS establishes an encrypted connection which improves your security during data transfer. Also Read: Best Practices To Secure Your Website Why Must I Use HTTPS on My Website? When you see a Padlock icon followed by HTTPS in the address bar of a web browser, it means that SSL Certificate has been installed on the website you are accessing. It also means that the SSL protocol will be used during the data exchange between the website (server) and the web browser (client) accessing that website. The following images will give you an idea:

3. HTTP to HTTPS redirection - The Complete Process.

4. We will connect with 5 variations of redirecting HTTP to HTTPS. During this discussion, we will consider the following 2 aspects: Use mydomain.com as an example. Use the .htaccess file in the cPanel for redirection purposes.   Also Read: How to Add a New Domain To Cpanel? Let us first find the .htaccess file in the cPanel.

5. Log in to your cPanel  Go to Files and click on the File Manager from the group of icons.  You should select the option - ‘Document Root for.’ You can either select the domain name from the available drop-down menu OR click on the ‘Settings’ at the top right-hand side of the page. Click on Settings if you have only 1 website. 

6. Now locate the .htaccess file.  As the .htaccess file remains hidden, you must click on the “Show Hidden Files (dotfiles)” checkbox.  Once the .htaccess file becomes visible, right-click on it and select Edit. 

7. In the next pop-up, again click on Edit.  Also Read: How to Take Backup of Emails from cPanel Important Notes: Before editing the code in the .htaccess file, here are a few important points to remember. You must store your .htaccess file in the Root Folder OR in the same folder where your website is present. In the .htaccess file, search for the phrase 'RewriteEngine On.' If it already exists, add the following relevant code(s) right after it. Do not repeat RewriteEngine ON. You must type your domain name instead of the example - mydomain.com.    Types of Website Redirection Before we dive deep into knowing the different variations of migrating HTTP to HTTPS, let us first understand the types of website redirections. There are 2 types of redirections: Permanent Redirection: With Status Code 301. Temporary Redirection: With Status Code 302.   Search Engines and web browsers deal with each of these redirection types differently. Permanent Redirection: With Status Code 301.

8. As the name suggests, Status Code 301 directs the search engine that the website has permanently moved to a new location. Hence, it must consider only the new location for crawling and indexation purposes. Similarly, Status Code 301 will direct the web browser to cache (store) the new URL and prioritize it over the older URL. This will help access the webpage faster. Temporary Redirection: With Status Code 302. Contrary to Permanent Redirection, Status Code 302 tells the search engine that the website has temporarily moved to a new location. Hence, it must consider both the locations parallelly while crawling and indexing the web pages. It also suggests that the older URL, in any case, will stand valid. Status Code 302 will direct the web browser to cache (store) only the old URL. The redirection will happen every time the old URL receives an access request. This is a time-consuming process, and experts don’t recommend it. The Drawback of Status Code 302: Continuing with a 302 redirection for a longer period can significantly impact search engine rankings. Since both http://mydomain.com and https://mydomain.com are indexed individually by search engines, all site requests get divided between URLs during the HTTP to HTTPS redirection process. Hence, we suggest Status Code 301 in major cases. Also Read: How to upload Laravel Project on Shared Hosting With cPanel? .htaccess Code for migrating HTTP to HTTPS. Variation 1 - without WWW Code for a non-www type of website: Start below “RewriteEngine On” RewriteCond %{HTTPS} off RewriteRule ^(.*)$ HTTPS://mydomain.com%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Variation 2 - with WWW Code for a www type of website:

9. Start below “RewriteEngine On” RewriteCond %{HTTP_HOST} !^www.mydomain.com [NC] RewriteRule ^ HTTPS://www.mydomain.com %{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTP:X-Forwarded-Proto} !HTTPS RewriteCond %{HTTPS} off RewriteRule ^ HTTPS://mydomain.com %{HTTP_HOST}%{REQUEST_URI} [L,R=301] Variation 3 - Redirecting all your web traffic Code for all web traffic redirection: Start below “RewriteEngine On” RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ HTTPS://www.yoursite.com/$1 [R,L] Variation 4 - Redirecting a selected Domain Code for specific Domain (from multiple domains) redirection: Start below “RewriteEngine On” RewriteCond %{HTTP_HOST} ^mydomain\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ HTTPS://www.mydomain.com/$1 [R,L] Variation 5 - Redirecting a selected Folder or a Webpage Code for a specific Folder redirection: Start below “RewriteEngine On” RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} folder RewriteRule ^(.*)$ HTTPS://www.mydomain.com/folder/$1 [R,L] Also Read: What is FTP & How to Create an FTP Account In cPanel? Conclusion After reading through this informative blog, you will have a fair idea about using the .htaccess file in your cPanel to redirect your unsecured HTTP website to a secured HTTPS.

10. Implementing one of the migration processes will help you establish your website's authenticity with the search engines and develop trust within your users when they perform sensitive data transactions on your website. On the whole, having the right SSL certificate installed on your website places your brand in a better position than your competitors, who still spend sleepless nights dealing with the issues of unsecured websites. So go ahead and buy yourself an SSL certificate from Host IT Smart and begin migrating to a secured HTTPS environment today. Source https://www.hostitsmart.com/manage/knowledgebase/238/How-to- Redirect-HTTP-to-HTTPS-in-htaccess.html