It is very important for websites to use SSL certificates to secure traffic. This ensures that your users won't receive warnings about visiting an insecure site. However, visitors may not remember to use https:// when trying to access your site. You can take matters in your own hands, and redirect them to the https:// version automatically. How you do that varies, depending on your platform.
Important!
Before you make any changes to your website, we strongly recommend you back up your site completely. If you make a mistake or if things don't work the way you expect, you can roll back to the unmodified version.
Also, if you have a development version of your website, you may want to try out these changes there before changing your live site.
Finally, these directions assume that you already have an SSL certificate installed and working on your website already. If you need help with the installation, see our documentation for WHM and Plesk. If you still need help and have service with WebGo, contact us and we'll be happy to assist.
Redirect to HTTPS in Common Content Management Systems
Select the tab for the CMS you are using below to find out how to redirect people to the secure version of your site.
WordPress
Drupal
Joomla
Other CMS
To switch WordPress from http to https completely, follow these steps:
Edit the wp-config.php file for your site and add the following on its own line before the end of the file.
Add to wp-config.php
define('FORCE_SSL_ADMIN', true);
Log into WordPress as an administrator and go to the Settings → General section.
Adjust the WordPress Address (URL) and Site Addresses (URL) so that they use https:// instead of http://
Change http:// to https:// in WordPress General Settings.
If have existing content in your WordPress site, you'll want to check to make sure all references to http:// are replaced with https://. There are plugins like Velvet Blues that can help automate this process.
Generally, so long as you converted all references of http to https, you probably don't need to do anything else, but to be safe, follow the directions below for a Apache or IIS web server redirect to https.
Now test your site to make sure everything works the way you expect.
Redirect to HTTPS in Apache
If your website is running on Apache, then you can try using an .htaccess file to automatically redirect all http links to https.
For the process below to work, Apache requires that you have the mod_rewrite module enabled and allow overrides on for at least for the site you want to redirect to https.
Decide how widespread you want the http to https redirect to be.
If you want to have your changes apply to all pages for the secured domain, add or edit the .htaccess file in the web root for the domain.
The web root is the directory where all of your web site files are served from. For example, that might be something like /home/USERNAME/public_html/. If you are unsure where your web root is located, discuss the matter with your web host.
If you have service with WebGo, feel free to contact us any time for assistance.
If you want to just redirect parts of your website, navigate to the directory where you'd like the redirect to happen. For example, that might be something like /home/USERNAME/subdomain or /home/USERNAME/public_html/cms/
Now add or edit the .htaccess file in that location. You'll want to add the following code somewhere in that file (typically at the very top of the file) and then save changes.
Add to .htaccess
1
2
3
4
5
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
If there is already an .htaccess file in the location you're trying to redirect, you should be careful that you don't break or disrupt any other directives that appear in that file.
Also, in some cases the exact location of the code above will matter. If adding the code to the top of the file doesn't work, try moving it down or putting it at the end of the file.
After you save changes, test your site to ensure that the https redirection is working the way you expect.
Don't forget to adjust any URLs in your site files that use http.
If any URLs in a web page are loaded via http://, your users will not see a padlock icon in their web browsers.
Redirect to HTTPS in IIS
If the web server your site is running on is IIS, then you can try using a web.config file to automatically redirect all http links to https.
In order for the directions below to work, IIS needs to have the URL Rewrite module enabled and you must be able to write to your site's web.config file.
Find the proper location for web.config file for your website. This is usually found in the web root (the place you put your website files). If you are uncertain where this is, discuss the matter with your web host.
Your site may or may not already have a web.config file. If it doesn't, you can create a text file with the content below and rename it to web.config. If one already exists, edit the file carefully and add the following to it:
Add to web.config file
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTPS force" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Test your website to make sure the https redirect works.
