Skip to main content

Redirect Visitors to the SSL/TLS Secure Version of Your Website

It is very important for websites to use SSL certificates to secure traffic. This ensures that your users won't receive warnings about visiting an insecure site. However, visitors may not remember to use https:// when trying to access your site. You can take matters in your own hands, and redirect them to the https:// version automatically. How you do that varies, depending on your platform.

⚠️ Important!

Before you make any changes to your website, we strongly recommend you back up your site completely. If you make a mistake or if things don't work the way you expect, you can roll back to the unmodified version.

Also, if you have a development version of your website, you may want to try out these changes there before changing your live site.

Finally, these directions assume that you already have an SSL certificate installed and working on your website already. If you need help with the installation, see our documentation for WHM and Plesk. If you still need help and have service with HostDime, contact us and we'll be happy to assist.

Redirect to HTTPS in Common Content Management Systems

Select the expandable option below for the CMS you are using below to find out how to redirect people to the secure version of your site.

WordPress

To switch WordPress from http to https completely, follow these steps:

  1. Edit the wp-config.php file for your site and add  the following on its own line before the end of the file.

    Add to wp-config.php

    define('FORCE_SSL_ADMIN', true);

  2. Log into WordPress as an administrator and go to the Settings → General section.

  3. Adjust the WordPress Address (URL) and Site Addresses (URL) so that they use https:// instead of http://

  4. If have existing content in your WordPress site, you'll want to check to make sure all references to http:// are replaced with https://. There are plugins like Velvet Blues that can help automate this process.

  5. Generally, so long as you converted all references of http to https, you probably don't need to do anything else, but to be safe, follow the directions below for a Apache or IIS web server redirect to https.

  6. Now test your site to make sure everything works the way you expect.

Drupal

Generally in most versions of Drupal, if you want to make sure people go to https, you'll want to set up a redirect for the site. See the directions below for how to do this sort of thing on Apache or IIS.

Installing the plugin Secure Login will ensure that logins are secure even if other content is accessible via http://.

To learn more about the process, you can read Drupal's directions here.

Joomla

Joomla 3

  1. Log into your Joomla site as an administrator.
  2. Navigate to System → Global ConfigurationServer.
  3. Look for Force HTTPS and select Entire Site from the drop-down menu and click either the Save or Save and Close button at the top of the screen.
  4. If you have any URLs saved in your database, you should modify them so they all point to https. There are plugins to help with this process if it is needed.
  5. You can also set a redirect for Apache or IIS using the directions below.

Joomla 1 or 2

Older versions of Joomla typically require a bit more configuration.

  1. Edit the Joomla configuration.php file and look for a line containing "$live_site" and adjust the URL there to so it starts with https:// instead of http://.
  2. Log into your Joomla site as an administrator.
  3. Navigate to System → Global ConfigurationServer.
  4. Look for Force HTTPS and select Entire Site from the drop-down menu and click either the Save or Save and Close button at the top of the screen.
  5. If you have any URLs saved in your database, you should modify them so they all point to https. There are plugins to help with this process if it is needed.
  6. You can also set a redirect for Apache or IIS using the directions below.
Other CMS

If you have a different CMS we cannot provide directions for all of them in this article, but here are a few things to look for:

  • Check your CMS administration configuration section. See if there are any configuration items listed that specify your website URL. If there are any there, change the URL so that it starts with https:// instead of http://.
  • Locate your CMS main configuration file which is typically located somewhere in the directory where your CMS is installed on your server. It may be in the main directory or inside a conf, config or includes directory. When you find it, see if the main site URL is specified anywhere. If it is, adjust the URL so it starts with https:// instead of http://.
  • In some cases you may need to edit the database for your CMS to adjust any URLs stored there. Just be sure you only change the site configuration or file location URLs and not user content links to other sites.
  • You should try the Apache or IIS web server redirection method listed below as well.

Redirect to HTTPS in Apache

If your website is running on Apache, then you can try using an .htaccess file to automatically redirect all http links to https.

ℹ️ For the process below to work, Apache requires that you have the mod_rewrite module enabled and allow overrides on for at least for the site you want to redirect to https.

  1. Decide how widespread you want the http to https redirect to be.

    1. If you want to have your changes apply to all pages for the secured domain, add or edit the .htaccess file in the web root for the domain.

      1. The web root is the directory where all of your web site files are served from. For example, that might be something like /home/USERNAME/public_html/. If you are unsure where your web root is located, discuss the matter with your web host.

        ℹ️ If you have service with HostDime, feel free to contact us any time for assistance.

    2. If you want to just redirect parts of your website, navigate to the directory where you'd like the redirect to happen. For example, that might be something like /home/USERNAME/subdomain or /home/USERNAME/public_html/cms/

  2. Now add or edit the .htaccess file in that location. You'll want to add the following code somewhere in that file (typically at the very top of the file) and then save changes.

    Add to .htaccess

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    </IfModule>

    ⚠️ If there is already an .htaccess file in the location you're trying to redirect, you should be careful that you don't break or disrupt any other directives that appear in that file.

    Also, in some cases the exact location of the code above will matter. If adding the code to the top of the file doesn't work, try moving it down or putting it at the end of the file.

    After you save changes, test your site to ensure that the https redirection is working the way you expect.

    ⚠️ Don't forget to adjust any URLs in your site files that use http.

    If any URLs in a web page are loaded via http://, your users will not see a padlock icon in their web browsers.

Redirect to HTTPS in IIS

If the web server your site is running on is IIS, then you can try using a web.config file to automatically redirect all http links to https.

ℹ️ In order for the directions below to work, IIS needs to have the URL Rewrite module enabled and you must be able to write to your site's web.config file.

  1. Find the proper location for web.config file for your website. This is usually found in the web root (the place you put your website files). If you are uncertain where this is, discuss the matter with your web host.

  2. Your site may or may not already have a web.config file. If it doesn't, you can create a text file with the content below and rename it to web.config. If one already exists, edit the file carefully and add the following to it:

    Add to web.config file

    <configuration>
     <system.webServer>
     <rewrite>
     <rules>
     <rule name="HTTPS force" enabled="true" stopProcessing="true">
     <match url="(.*)" />
     <conditions>
     <add input="{HTTPS}" pattern="^OFF$" />
     </conditions>
     <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
     </rule>
     </rules>
     </rewrite>
     </system.webServer>
    </configuration>

  3. Test your website to make sure the https redirect works.