Redirect Visitors to the SSL/TLS Secure Version of Your Website

It is very important for websites to use SSL certificates to secure traffic. This ensures that your users won't receive warnings about visiting an insecure site. However, visitors may not remember to use https:// when trying to access your site. You can take matters in your own hands, and redirect them to the https:// version automatically. How you do that varies, depending on your platform.


Before you make any changes to your website, we strongly recommend you back up your site completely. If you make a mistake or if things don't work the way you expect, you can roll back to the unmodified version.

Also, if you have a development version of your website, you may want to try out these changes there before changing your live site.

Finally, these directions assume that you already have an SSL certificate installed and working on your website already. If you need help with the installation, see our documentation for WHM and Plesk. If you still need help and have service with HostDime, contact us and we'll be happy to assist.

Redirect to HTTPS in Common Content Management Systems

Select the tab for the CMS you are using below to find out how to redirect people to the secure version of your site.

WordPress Drupal Joomla Other CMS

Redirect to HTTPS in Apache

If your website is running on Apache, then you can try using an .htaccess file to automatically redirect all http links to https.

For the process below to work, Apache requires that you have the mod_rewrite module enabled and allow overrides on for at least for the site you want to redirect to https.

  1. Decide how widespread you want the http to https redirect to be.
    1. If you want to have your changes apply to all pages for the secured domain, add or edit the .htaccess file in the web root for the domain.
      1. The web root is the directory where all of your web site files are served from. For example, that might be something like /home/USERNAME/public_html/. If you are unsure where your web root is located, discuss the matter with your web host.

        If you have service with HostDime, feel free to contact us any time for assistance.
    2. If you want to just redirect parts of your website, navigate to the directory where you'd like the redirect to happen. For example, that might be something like /home/USERNAME/subdomain or /home/USERNAME/public_html/cms/
  2. Now add or edit the .htaccess file in that location. You'll want to add the following code somewhere in that file (typically at the very top of the file) and then save changes.
Add to .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If there is already an .htaccess file in the location you're trying to redirect, you should be careful that you don't break or disrupt any other directives that appear in that file.

Also, in some cases the exact location of the code above will matter. If adding the code to the top of the file doesn't work, try moving it down or putting it at the end of the file.

After you save changes, test your site to ensure that the https redirection is working the way you expect.

Don't forget to adjust any URLs in your site files that use http.

If any URLs in a web page are loaded via http://, your users will not see a padlock icon in their web browsers.

Redirect to HTTPS in IIS

If the web server your site is running on is IIS, then you can try using a web.config file to automatically redirect all http links to https.

In order for the directions below to work, IIS needs to have the URL Rewrite module enabled and you must be able to write to your site's web.config file.

  1. Find the proper location for web.config file for your website. This is usually found in the web root (the place you put your website files). If you are uncertain where this is, discuss the matter with your web host.
  2. Your site may or may not already have a web.config file. If it doesn't, you can create a text file with the content below and rename it to web.config. If one already exists, edit the file carefully and add the following to it:

    Add to web.config file
     <rule name="HTTPS force" enabled="true" stopProcessing="true">
     <match url="(.*)" />
     <add input="{HTTPS}" pattern="^OFF$" />
     <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
  3. Test your website to make sure the https redirect works.