Forcing HTTPS with htaccess file

Web security SSL

Force SSL HTTPS with htaccess file

In a post blog I published on securing your site with SSL, I described why websites should and must use SSL (HTTPS). I was at a networking meeting last week and asked a group of business owners if they were using SSL for their website. I was quite surprised to see that almost one third of the group raised their hand.

So after the meeting, I checked out some of their websites and wasn’t too surprised to see that, even though the HTTPS is installed and enabled, they or their developer(s) did not turn off HTTP. If you have both HTTP and HTTPS enabled, it’s likely that the site visitors will go to the HTTP version of your site. The reason is that when people type URL in their browser, they usually leave off the protocol (HTTP/HTTPS) which takes them to the HTTP version of the site by default. And once it gets cached in their browser, the subsequent visits to the site will always use HTTP.

if you enable HTTPS on your website, you must disable HTTP so that HTTPS is the only protocol used.

Also, if your site was initially on HTTP and HTTPS was added later, it’s likely that Google has indexed the HTTP version of your site and sends users there. So yes, most of the business owners who raised their hand above had HTTPS on their site, but it was not being used! So remember this and talk to your web developer – if you enable HTTPS on your website, you must disable HTTP so that HTTPS is the only protocol used.

You can disable HTTP by redirecting any traffic to HTTP to HTTPS. You can set up this redirect on the server and it will not impact the end-user experience.

What you need to do is edit the .htacceess file on the server and add following piece of code. If it’s too technical, reach out to your web developer and he/she will be able to update for you.

As I mentioned before, you can get SSL certificates for free with LetsEcrypt. Talk to your web developer today!

Leave a Reply

Your email address will not be published. Required fields are marked *